Compliance duties on German boards – 10 years on from the landmark decision in Siemens v. Neubürger

Introduction

Yesterday (10 December 2023) was the tenth anniversary of what must be the most cited decision when it comes to board-level compliance duties in Germany: Siemens v. Neubürger (Regional Court Munich I – 5 KH O 1387/10). Given how well the decision has stood the test of time, this is the perfect opportunity to revisit its principles and to review the case law and legislative developments of the past ten years.

Facts of the case

The claimant, German industrial giant Siemens, had been fined by both German and U.S. authorities following the discovery of bribery within the group.

The defendant had been the head of the Corporate Finance department and thus also an ordinary member of the claimant's Managing Board. In accordance with its rules of procedure, the Managing Board was responsible for ensuring adequate risk management and control. 

The claimant sued the defendant, seeking compensation for the administrative fines, on the grounds that the defendant had breached his duty to prevent bribery. The claim was based on section 93(3) of the German Stock Corporation Act (AktG). In essence, the claimant accused the defendant of inadequate organisation of the compliance management system (CMS) and insufficient monitoring of compliance within the company. According to the claimant, the defendant had failed to take sufficient measures to clarify, investigate and remedy violations and to punish the employees concerned, despite repeated indications of serious compliance breaches that had been brought to his attention.

Decision of the court

The court ruled in favour of the claimant and ordered the defendant to pay €15 million in damages. 

The judgment attracted a lot of attention as it was the first time a German court had provided specific details on compliance duties for board members. In its reasoning, the court outlined a number of different duties owed by individual board members, as well as the board as a whole. 

Regarding the duties of the whole board, the court held that:

• The obligation to establish a functioning CMS and to monitor its effectiveness rests with the entire board of management.
• The board is obliged to keep itself fully up to date on any compliance incidents.
• Full delegation of compliance duties to employees below board level constitutes a breach of duty if there is no supervision and assurance that the compliance duties are effectively fulfilled.
• Establishing an insufficient CMS and inadequate monitoring of the CMS constitute a breach of duty.
• The structure of the CMS depends on the type, size and organisation of the company, the regulations to be observed, the geographical presence, and past incidents.

Regarding the duties of individual board members, the court held that:

• As part of its duty to ensure legality, each individual board member must ensure that the company is organised and supervised in such a way as to prevent any violation of the law.
• As part of their supervisory duties, it is the responsibility of each individual board member to ensure that a functioning compliance management system is adopted within the board.
• The board member responsible for compliance is obliged to obtain regular information on the results of internal investigations, whether any disciplinary action has been taken and, above all, whether and how any underlying compliance violation is addressed.

Further developments

The defendant appealed the judgment. However, the German Federal Court of Justice (FCJ) did not rule on the matter because the parties then settled the case out of court. Nonetheless, this does not detract from the importance of the Siemens v. Neubürger decision, which has served as a yardstick in various respects over the past ten years, leading to further clarification of compliance duties by German courts and lawmakers alike: 

• In 2017 the FCJ ruled for the first time that the level of administrative fines imposed on companies under section 30(1) of the German Administrative Offences Act (OWiG) following criminal offences by board members or other managing personnel also depends on whether the company has installed an effective CMS. Furthermore, the court ruled that the administrative fine can be reduced if, prior to the criminal offence, the company had improved its internal rules and procedures in such a way as to significantly reduce the likelihood of comparable future violations.
• In 2021, following the insolvency of Wirecard, one of the duties of the board specified in the Siemens v. Neubürger decision has now found its way into codified German law. Since then, section 91(3) AktG explicitly stipulates that the board of a listed stock corporation must establish an appropriate and effective internal control and risk management system. However, no further detailed requirements are specified. Therefore, the principles set out in the Siemens v. Neubürger decision must continue to be applied in addition. With regard to all non-listed companies, only the guidelines set by the Siemens v. Neubürger decision apply, as section 91(3) AktG is only applicable to listed stock corporations.
• In 2022, the Higher Regional Court of Nuremberg held that the directors of a German limited liability company are also obliged to implement an effective CMS and monitor it. According to the court, directors are in breach of their duties if misconduct is enabled or even facilitated by inadequate organisation, management or control of the company's employees. The court further held that directors are obliged to preventatively monitor any risk-oriented actions and promptly investigate any potential compliance incidents. In addition, the court also acknowledged that – as with stock corporations – it is possible to delegate operational compliance obligations to a certain extent. However, the ultimate responsibility for the existence of an effective CMS always remains with the director.

Conclusion

Over the past ten years, the Siemens v. Neubürger decision has remained the most cited decision when it comes to board members' compliance duties. And for good reason. The decision was pioneering in giving board members a clear indication of how far-reaching compliance duties are and how they can be fulfilled. To this day, board members but also other management personnel, such as directors, are advised to follow the principles set out in this judgment:

• Ensure the establishment of an effective CMS that prevents compliance violations.
• Monitor the effectiveness of the CMS.
• Stay up to date on compliance incidents.
• Responsibility for compliance cannot be fully delegated: the ultimate responsibility will always rest with the company’s board of management (stock corporations) or directors (limited liability companies).