ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

VerSanG – New German Law to Strengthen Business Integrity

blog
5 min read

Introduction

COVID-19 pandemic notwithstanding, German legislative authorities are introducing a new law, touted to be more efficient than earlier versions, in handling white-collar crime. Detailed discussions spanning five years led to the draft bill titled Gesetz zur Stärkung der Integrität in der Wirtschaft (Law to Strengthen Integrity in Business). With a bid for approval that began in 2020, the government is looking at its implementation in two years.

What is the new regulation and how does it differ from the current law?

Currently all German white collar crimes are examined under the Gesetz über Ordundgswidrigkeiten (OWiG). However, this law has always examined white collar crime from an administrative viewpoint. Investigations are based on discretionary principles rather than on legality. This means that the concerned administrative authority is not obligated to initiate any legal proceedings if there is a law violation. Sanctions are limited to paltry fines, not commensurate with the fallout of large fraud cases. Additionally, the current law is also not applicable to frauds committed by German companies abroad.

With the introduction of VerSanG:

  • Violations will now be titled as corporate offences as against the earlier corporate criminal offence. Exclusions will be offences against the corporation from within – such as embezzlement.
  • The new law will be applicable only to those corporations with economic business operations. Among sanctions, dissolution of corporations is no longer an option.
  • As opposed to the earlier provisions, an internal investigation will now result in monetary sanctions being reduced by half.
  • Any corporation conviction will be made public.

VerSanG will be implemented to achieve the following objectives:

  • To eliminate the principle of discretion and bring in the principle of legality. Prosecutors will now be obligated to initiate investigations based on the principle of legality. This will have to be done when it is established that legal limits have been crossed.
  • Varied approaches to sanctions will come into force. A range of sanctions can be imposed and fines payable will go up. The court may also choose to warn and place a company under monitoring to ensure it can manage ideal compliance management systems (CMS). Monetary sanctions can be as high as 10 million euros for intentional offences; 5 million euros for negligent offences. Companies with average turnovers of more than 100 million euros will have to pay up to 10 percent of their average turnovers for intentional offences or 5 percent for negligent offences.
  • Providing several incentives to companies to encourage efficient and precise CMS. This will bring down the number of corporate crimes that are committed or eliminate them completely. The objective is to get CMS to be preventive and where needed, repressive. An example – a company being investigated may be able to gain some benefit by showing their utmost cooperation with prosecutors.
  • Crimes committed internationally will now be brought under the purview of the act’s sanctions, based on specific conditions.

There are Some Red Flags Though…

As with every bill, there are some red flags that have been raised by the committee looking into the bill in the Federal Assembly. The concerns raised can be summarised as below:

  • In its current form, the VerSanG says that associations are required to meet specific compliance measures to stave off specific deeds. But, these measures have not been defined, leading to a non-transparent policy that can be problematic.
  • The VerSanG excludes external advisors from defence proceedings if they are part of the internal investigation. This, the committee believes, will affect the association’s standing negatively and will increase the legal costs of the company.
  • The move to calculate financial sanctions based on international company revenues prior to conviction has come under heavy criticism. The committee feels that the sanctions may be disproportionate to its current financial capabilities.
  • There is opposition to the fact that the VerSanG looks at time of conviction rather than that of offense. This, combined with the financial sanctions imposed can have dire consequences on mergers and acquisitions transactions. It would also require complex examination of historical criminal liability risks.

What Should Companies Do Now?

Once the draft bill is published, it will take two more years before it is implemented. That is, after the two year period, it will come into force from the first day of the next quarter. This gives companies enough of time to ensure they are compliant with the new regulations.

Here is what companies will need to do:

  • Legal and compliance departments of businesses will have to familiarise themselves with the new provisions of the law. While most of the provisions are applicable only in the case of a misconduct, the legal department will need to know what compliance regulations have to be in place, if the company is investigated internally. This will help provide full cooperation to any investigating authority.
  • Besides ensuring the appropriate conduct when necessary, companies will have to test the efficacy of their current compliance programs. Considering how sanctions are much higher than they were, having a robust compliance program can prove invaluable in protecting the company from such sanctions. Ensuring that the documentation of these compliance programs is in place, is critical.
  • To ensure compliance with the new provisions, companies will need to put a range of internal provisions in place to deal with situations of suspected misconduct. The draft bill indicates that larger companies specifically have to create, implement and maintain an internal risk compliance program. Any suspicious activity has to be immediately investigated and the loopholes removed in a systematic manner. The benefit is that all compliance investments currently made and those of the future will ensure better returns.

There is intense work on to ensure that the process to the publication of the VerSanG is done quickly. The two year period before it is brought into force pegs its implementation at the end of 2022 and the beginning of 2023. It is uncertain currently whether the ongoing pandemic may have any effect on these timelines. An explanatory memorandum to this draft act says that the two-year period is to ensure that organizations have the necessary time to implement measures mandated by the courts, agencies of law enforcement as well as the registry authority. Companies can also utilize the time to understand where they are most at risk in terms of compliance. One thing is certain, VerSanG will come into effect with minimal changes expected to the current draft. Being prepared is key.

 

 

How MetricStream Can Help

The MetricStream Regulatory Compliance Solution provides a common framework and an integrated approach to meet cross-industry regulations, such as the VerSanG. The solution enables a sustainable and repeatable compliance program with the help of a centralized library of compliance obligations, as well as capabilities for compliance risk management, control testing and certifications, regulatory change management, policy management, regulatory engagement management, and case management.

Admin_avatar_1498731489

BLOG ADMIN

Read more about the latest happenings in the GRC universe. MetricStream experts share their valuable insights on how organizations can turn risk into a strategic advantage and thrive on risk.

 

Related Resources

Blog
Blog
6 mins
Sumith Sagar
Building Compliance Resilience in the Changing Regulatory Landscape
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk