• IE
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Cornerstones of the current draft law to increase integrity in business (VerSanG-E) – An untimely proposal

21 August 2020
In June 2020, the German Federal Government put forward a draft law to strengthen integrity in business. The draft substantially broadens the scope for potential penalties to be imposed on corporate bodies and partnerships where criminal acts are committed within their sphere.

Example: A is a manager at C-GmbH, a German chemical com-pany, which together with the entire group generates annual sales of around EUR 1.2 billion. As a result of a serious breach of the Occupational Health and Safety Act in A’s department, an accident occurs in which 2 employees lose their lives. A receives a sus-pended sentence of 10 months imprisonment. What are the potential penalties that could be imposed on C-GmbH?

Under current law: C-GmbH could receive a fine of up to EUR 10 million. In practice, it is however rare for legal entities to be fined in Germany; prosecution is left to the discretion of the authorities (principle of discretionary prosecution [Opportunitätsprinzip]).

Under the new law (VerSanG-E): C-GmbH could receive a fine of up to 10% of its average annual revenues, in our case, up to EUR 120 million (= 10% of EUR 1.2 billion). Under the draft, the question of “whether” to prosecute a legal entity is not left to the discretion of the authority (principle of mandatory prosecution [Le-galitätsprinzip]).

The draft is highly controversial. In the present situation, it is felt that neither the substantial sanction (up to 10% of group sales revenues) nor the de facto widening of the number of relevant persons whose actions might trigger responsibility on the part of the corporate body involved are acceptable (considered in greater depth hereinafter). The Foundation for Family Businesses in Germany and Europe [Stiftung Familienunternehmen], for example, commented as follows: "It was not without good reason that the Grand Coalition agreed a moratorium on further impositions on businesses for the duration of the coronavirus crisis. The law is not compatible with this decision.” There is also a long list of other points subject to criticism.

In the following we take a look at some of the key points of the draft – parts of which still seem somewhat patchy – and compare these with the current legal situation. This Legal Update is intended for information purposes; for this reason, we at this point refrain from making a critical assessment of the individual provisions of the draft. 

The key points of the draft law

Under VerSanG –E

To date

Introduction: The draft law permits the imposition of substantial financial penalties on corporate bodies and partnerships ("associations” [Verbände]) for criminal acts committed by persons acting for them and/or attributable to corresponding failures on the part of company management. The sanction can amount to up to 10% of Æ annual group revenues.

Offences covered: The threat of punitive sanctions extends to all criminal acts as a result of which duties incumbent on the association have been infringed or which are intended to enrich the association in some way. This could for example include: Punishable breaches of the Occupational Health and Safety Act [Arbeitsschutzgesetz], the Carriage of Hazardous Goods Act [Gefahrgutbeförderungsgesetz], the Product Safety Act [Produktsicherheitsgesetz], the Unfair Competition Act [Gesetz gegen unlauteren Wettbewerb], the Trade Secrets Act [Geschäftsgeheimnisgesetz], the Patents Act [Patentgesetz], the Banking Act [Kreditwesengesetz], relevant provisions of the Criminal Code [StGB] and the ancillary criminal law statutes to protect the environment etc. Clearly, the list of potentially covered offences is very long and heavily dependent on the individual business focus and risk exposure of the company concerned.


Specifically and only in cases of breaches of Anti-trust Law, the German Act Against Restraints on Competition [GWB] allows for the imposition of a penalty of up to 10% of annual group revenues.


Specifically for breaches of the data protection regulation, the EU regulation allows for the imposition of a penalty of up to 4% of annual group revenues.


For all other criminal acts the Regulatory Offences Act [OWiG] allows for a penalty to be imposed on legal entities in the amount of “only” up to EUR 10 million.

Persons covered: Two alternatives could trigger responsibility on the part of an association: (i) In the event that a criminal act is committed by a company manager [Leitungsperson], punitive action will be taken directly against the association. Company managers include e.g. authorized representatives and operations managers or persons exercising controlling authority in a management capacity. (ii) If criminal offences are committed by “non-managers” [Nicht-Leitungspersonen], punitive action will be taken against the association only if company managers could have prevented the criminal act or made this more difficult by taking reasonable precautions to prevent it. To that end, it is irrelevant whether the manager intentionally or negligently failed to exercise supervisory obligations; an objective breach of duty is sufficient to trigger responsibility on the part of the association. Non-managers might include both employees as well as non-employees, temporarily assigned with a task relevant for the association. In any event, the persons concerned need to be subject to direction or instruction by company managers.


The various guises in which persons in management positions may appear are similar to the ones covered by the Regulatory Offences Act.

Avoidance of liability through compliance: Being able to demonstrate "reasonable precautions" is key if non-managers commit the relevant criminal act. Such precautions may for example relate to the organization, selection, instruction and supervision of the employees concerned. The draft does not however include any more specific definition of “reasonable precautions”.

The reasoning expressly recognizes the fact that individual criminal acts may present as “outliers”: “It must be borne in mind that it will not be possible to guarantee total protection against criminal acts and there are limits to compliance measures particularly where the offender is firmly resolved to commit the act, with the result that even far-reaching compliance would be ineffective." This also means, however, that it should be possible to furnish “exonerating evidence”. In other words, it should not be presupposed that an offence attributable to an association has occurred as a result of a (supposedly) inadequate compliance management system (CMS) and punitive action therefore initiated against the association. On the contrary, the adequacy of the existing CMS to avoid criminal acts becomes the crux of the matter. The ability to prove the existence of a "suitable" CMS across the entire business would be essential for the avoidance of substantial sanctions against the association.


The draft makes criminal liability dependent on criteria, which are (more) common under civil law.


Thus far, the existence of compliance management systems has not constituted legally recognized grounds for reducing a criminal fine or civil penalty in Germany. However, the calls for reductions on such grounds have become louder.

Duty to prosecute: The criminal prosecution authorities will not have discretion whether or not to pursue the association (so-called principle of mandatory prosecution). If the conditions for imposing a penalty are met (e.g. if a person in a management position has committed an offence), a sanction must be imposed on the association.


Whether to impose penalties under the Act against Restraints on Competition or under the Regulatory Offences Act was at the discretion of the respective authority.

Possible level of the financial penalty imposed on an association: In terms of the level of penalty, the draft law draws a distinction based on the size of the company. For associations with Æ annual revenues of less than EUR 100 million the penalty is a maximum of EUR 10 million (in case of intent) or maximum EUR 5 million (in case of negligence). If on the other hand Æ annual revenues exceed EUR 100 million, the penalty is a maximum of 10% of Æ annual sales (in case of intent) or maximum 5% of the Æ annual sales (in case of negligence). The reasoning is that: "The introduction of a sales-based upper limit is intended to guarantee that an adequately serious financial penalty can be imposed even on associations with substantial revenues. It reflects the general sense of fairness that the penalty must impact on those responsible in like measure, and takes account of the criticism that the rigid upper limit placed on civil penalties … is often priced in by large companies in individual cases as an acceptable risk.


The Regulatory Offences Act allows for a penalty to be imposed on legal entities in the amount of “only” up to EUR 10 million (for violations of anti-trust and data protection law, see above).

Calculation of the specific financial penalty to be imposed on an association: The exact amount of the penalty is calculated on the basis of a series of criteria which relate to the crime itself (such as its severity, duration, motivation, etc.) as well as conduct after the crime (efforts to expose the crime, measures taken to avoid future criminal acts, etc.). Internal investigations play a pivotal role, as they may contribute to severely reducing the penalty imposed on the association. Preconditions for such reduction include among others that (i) the association makes a major contribution towards clarifying the crime and the responsibility on the part of the association, (ii) cooperation with the prosecuting authority is uninterrupted and unrestricted, (iii) a final report is made available, and (iv) certain principles of the rule of law are complied with in questioning company employees. Note: Persons involved in the internal investigation must not at the same time act as defence counsel for the association.


The high priority attached to cooperation with the authorities is (with some limitations) comparable to the leniency programme applied by the Federal Cartel Office [BKartA].

Warning with reserved penalty: According to the draft, crimes attributable to an association need not necessarily incur a financial penalty for the association. The court may also issue a warning to the association, determine a financial penalty and reserve imposition subject to certain conditions. This applies for example in cases in which the warning will likely be sufficient to prevent further criminal acts on the part of the association.



Relationship between offences: Insofar as an offence includes both a criminal act on the part of an association as well as a regulatory offence, the penalty as per the Regulatory Offences Act will prevail, provided that this offers the potential for a higher penalty.


The Regulatory Offences Act contains a comparable provision.

Consequences of disposals and restructuring: Internal restructuring and disposals will not generally have any effect on potential prosecutions.


Since recently, the Act on Restraints on Competition has almost identical rules for anti-trust offences; the Regulatory Offences Act makes similar provision for all other criminal and regulatory offences.


What might companies expect in future?

  • Companies and their employees must continue to abide by the applicable laws; nothing has changed in this respect. 
  • Under the terms of VerSanG-E, however, breaches of the law can trigger significantly harsher penalties than has previously been the case. The potential penalty of up to 5% or 10% of annual sales revenues no longer applies only in anti-trust law (and data protection law); instead it applies comprehensively to nearly all punishable breaches of the law concerning enterprises. 
  • The law de facto extends the range of persons whose wrongdoing might lead to corporate responsibility to non-managers, that is to say “simple employees”. Should they commit a criminal act, which might have been prevented by means of reasonable precautions, the company will incur a penalty under the harsh terms of the VerSanG-E. 
  • Companies should therefore ensure that they are in a position where necessary to provide specific evidence that they have taken the required reasonable precautions to prevent criminal acts or make these more difficult to commit. This means that their compliance activities must become more systematic and should where necessary be centralized and documented. 
  • This should in particular include the following: 

– Risk assessments should where appropriate be extended to include "non-typical" areas of consideration and the associated potential for criminal acts, insofar as the company’s individual risk exposure may so require, including for example

– Occupational health and safety and employment protection 
– Environmental protection, 
– Product safety, 
– Carriage of hazardous goods,  
– (Misleading) advertising,
– Trade secrets,
– Social security contributions, 
– Criminal law relating to business offences; 

– Implementation of a comprehensive compliance management system within the company which centrally amalgamates and oversees the various areas of relevance to the individual undertaking, carries out spot checks, supports regular training for (executive and new) employees and documents measures taken at all times, etc.

  • There is no such thing as total protection against crimes, but: Crimes committed by company employees should present (and be represented) as a one-off “outlier” which could not be prevented. 

Contact us for more information.

Further Reading