Get to Know BDO Consulting - May 2017

May 2017

A Q&A with Markus Brinkmann, BDO Germany Partner and Forensics Practice Leader 

Download PDF Version

What are the biggest regulatory challenges in Germany and the broader European market?

Many German companies are international in scope, with operations heavily concentrated in the BRIC (Brazil, Russia, India and China) countries, as well as other emerging markets. While these markets provide ample opportunities for growth, they also pose cultural challenges that can sometimes make compliance with both local and international laws difficult.

For example, the business culture in these countries is often more personal or relationship-based than the culture in Germany and Western Europe. Building trust between individuals is a critical part of doing business—and as a result, gift-giving, invitations and personal favors are common gestures. When these practices are a routine part of doing business in certain markets, it can be difficult to ensure leaders of local subsidiaries behave in a manner that is in line with both German and international anti-corruption laws. This is especially true when employees feel that abstaining from local practices puts them at a significant disadvantage to meeting company financial goals. Learning how to navigate this delicate balance is a challenge companies must be aware of when deciding to enter or expand into an emerging market.

Besides anti-corruption laws in European jurisdictions, there is a variety of other relevant laws and regulations companies must comply with, such as anti-trust laws and the E.U. Data Protection Directive. The Data Protection Directive is designed to guard the privacy of all personal data collected for, or about, E.U. citizens, and member states must codify the regulation into national law. Moreover, there are several laws and regulations concerning the financial services sector, such as European legislation prohibiting money laundering, terrorist financing and other criminal offenses.

How does the German Law Against Corruption differ from anti-corruption laws in other countries?

In addition to existing anti-corruption legislation, the November 2015 German Law Against Corruption—among others—extends the rules concerning bribery in the private sector and follows EU regulations. The law significantly expanded the country’s ability to prosecute corruption by making self-money laundering punishable by law, extending the scope of anti-corruption laws to include foreign public officials in addition to German officials, expanding anti-corruption laws within the private sector, and extending the jurisdiction of the German Criminal Code to include offenses committed by German nationals abroad or by European public officials with offices in Germany.

In other words, comparable to the U.K. Bribery Act, Germany’s law treats European officials the same way it does German officials, and allows for the prosecution of foreign officials for bribery in Germany. For example, if a German citizen bribes someone in Poland, he or she can be prosecuted for that offense in Germany.

Germany’s law also extends to private sector bribes between individual employees in addition to bribery by employers. For example, if a procurement department’s decision was influenced by a bribe in Germany, or a supplier gave a gift to an employee of a potential client, this would constitute bribery involving its employees. Senior management and the company itself can be subject to fines, too. “Building trust between individuals is a critical part of doing business—and as a result, gift-giving, invitations, and personal favors are common gestures. When these practices are a routine part of doing business in certain markets, it can be difficult to ensure leaders of local subsidiaries behave in a manner that is in line with both German and international anticorruption laws.”

How do you anticipate Germany’s anti-corruption laws will evolve?

Using the 2015 law as a springboard, a new corporate anti-corruption law is anticipated in the next two years—one likely to more precisely define compliance measures required at the corporate level and impose a higher penalty for non-compliance. Specifically, a new law clarifying the existing Administrative Offense Act may be added to the criminal code, requiring companies to have even tighter internal controls in place to mitigate the risk for fraud, including a proper compliance management system. The new law could also exact a much higher penalty for corporate entities, compared to the current maximum fine of €5 to €10 million per case.

What regulatory changes could be coming down the pike over the next few years?

The extension of the Administrative Offense Act or the implementation of a corporate anticorruption law will be a future challenge. Another notable change on the horizon is the statement of the Federal Ministry of Finance regarding Article 153 of the German Tax Code. This will require organizations to put in place stricter internal controls and compliance measures to combat tax fraud. Under this regulation, senior management may be liable for tax fraud committed by employees if they have not implemented adequate measures to deter such actions. Finally, like other jurisdictions around the world, cybercrimes are increasingly replacing traditional embezzlement and crime schemes. Cyber criminals, with their more advanced arsenal of tools, are now able to access larger amounts of money from corporations through sophisticated attacks.

As a result, we have seen many regulators increase their focus on compliance as it relates to cybersecurity controls. For example, in July 2015, Germany enacted the IT Security Act (ITSG), the nation’s first comprehensive cybersecurity legislation aimed at establishing a minimum level of cybersecurity in “critical infrastructure.” As part of the law’s requirements, critical infrastructure operators must: implement “appropriate technical and organizational measures” to protect their IT infrastructure; file biannual compliance reports to Germany’s national agency, the Federal Office for Information Security (BSI); report security incidents to the BSI; and designate a single point of contact to the BSI, among others. Entities subject to this act are also required to be compliant with the E.U.’s Network and Information Security (NIS) Directive, adopted on July 6, 2016, along with the new General Data Protection Regulation (GDPR) going into effect in May 2018. As technology continues to embed itself across all sectors, we can expect additional cybersecurity regulations to emerge in 2017 and beyond.

What political changes do you see on the horizon, and what business implications could they have?

The political environment in Germany—and Europe more broadly—has been tense since the 2008 economic downturn and the resulting euro crisis. As many economies in Europe still struggle to recover, the influx of refugees that began in 2015 added more strain to the situation. Now, Europe faces a rising populist movement, as underlined by the June 2016 U.K. referendum to leave the E.U. Issues around immigration continue to be a big challenge, particularly for Germany, which saw an inflow of more than 1 million refugees in 2015 alone. Germany’s leader, Angela Merkel, who led its open-door refugee policy and seeks re-election in September 2017, is now facing growing opposition from a right-wing political party, which heavily favors protectionist policies. Although November 2016 polls found the majority of Germans in favor of her serving a fourth term, her party faced notable losses in the March 2016 regional elections. Should the country’s right-wing party continue to make gains in parliament, Germany could see an increase in protectionist policies. This could translate to greater trade barriers and increased regulatory obstacles for organizations looking to enter the German market.

How can BDO help?

With an international network spanning 154 countries around the world, BDO’s forensics professionals work with multinational organizations to prevent, deter and detect fraud and corruption, and navigate multi-jurisdictional disputes. Organizations benefit from our deep knowledge of local customs and laws as well as our strong relationships with local regulators. We can help clients build a comprehensive compliance framework, internal controls testing, remediation, and monitoring, and provide them with the insights they need to make informed business decisions and reduce risk.
Markus Brinkmann
BDO Germany Partner and Forensics Practice Leader

Glenn Pomerantz
Partner and Global Forensics Practice Leader