In a recent interview with the  Financier Worldwide Magazine, Managing Directors Raphael Kiess and Christoph Hörauf gave their insights on Corporate Fraud & Corruption.

Q. To what extent have you seen a notable rise in the level of fraud, bribery and corruption uncovered in Germany?

A. We see an increasing number of issues with respect to financial crime in the financial services sector. On the one hand, financial institutions have heavily invested in resources and tools within their anti-financial crime departments, but on the other hand, regulatory authorities, such as the German Financial Intelligence Unit (FIU) and the Federal Financial Supervisory Authority (BaFIN) are showing increased momentum in strengthening oversight and enforcement. Whether the uplift in cases has been caused by an increase of financial crime per se or is rather the result of enhanced monitoring within institutions as well as on the regulators’ side, remains to be seen. We have recorded an influx of cross-border investigations as parties are increasingly challenging suspicious business practices within their subsidiaries as well as their business partners. The Supply Chain Act (Lieferkettensorgfaltspflichtengesetz) has triggered compliance departments to place business partners and related parties in foreign countries under greater scrutiny.

Q. Have there been any legal and regulatory changes implemented in Germany designed to combat fraud and corruption? What penalties do companies face for failure to comply?

A. In 2021, the German Ministry of Finance introduced new legislation with regard to strengthening the integrity of financial markets: the Financial Market Integrity Strengthening Act (Finanzmarktintegritätsstärkungsgesetz), which generally brought in new reforms, one of which is aimed at modernising BaFin. As a result, BaFin has been empowered, most notably concerning its supervision of financial reporting. Penalties companies face often differ depending on the type of fraud and misconduct in question. Where companies have been part of a cartel or in the case of data privacy breaches, companies are facing more severe fines, albeit these are set by the European Union (EU). Usually, the reputational harm inflicted on a company has a more substantial negative impact on various aspects of business, such as being excluded from public tenders, loss of customers, sales and profits, as well as organisational issues such as employees seeking employment elsewhere.

Q. In your opinion, do regulators in Germany have sufficient resources to enforce the law in this area? Are they making inroads?

A. German federal regulators, such as the Federal Cartel Authorities and BaFin, are gearing up their resources and technology. However, the publications provided by regulators are rather vague, lacking clear guidance and instruction for companies. Looking at the German Data Privacy Regulator, for example, capacity and resources vary between different states, which sometimes makes the outcome of proceedings initiated by regulators difficult or even impossible to predict. However, different regulators across the country are more willing to work together. Further, the general perception seems to be that information exchange between German regulators and foreign regulators has increased. However, there is still room for improvement.
 
Q. If a company finds itself subject to a government investigation or dawn raid, how should it respond?

A. Companies should implement policies and guidelines on how to react when subject to a government investigation. Relevant stakeholders and their roles, duties and responsibilities need to be defined and agreed. It is also helpful to practice and test processes. This includes different actors, from the people working at the reception desk, to general counsel, to C-suite executives. In particular, the necessary procedures strongly imply the involvement of the IT function, since authorities will be interested in electronically stored information. It is not only about knowing where relevant data is located and how to extract it; it is also key that the company continues to have access to copies of seized data to conduct its own internal investigation. Having a plan in place that can be executed accordingly will minimise the risk of unwanted errors and hopefully demonstrate the company’s willingness to cooperate with the authorities, which is always a desirable goal in dawn raid situations.

Q. What role are whistleblowers playing in the fight against corporate fraud and corruption? How important is it to train staff to identify and report potentially fraudulent activity?

 
A. A significant number of investigations originate from incidents reported by whistleblowers. It is key that awareness of compliance policies and procedures is assured at all employee levels and across all parts of the business. Larger corporations also typically deal with large volumes of reported incidents and must be able to prove they have been handled adequately, for which the use of state-of- the-art technology should be considered. The formal framework for whistleblowers in Germany is currently under reform. As such, it will be interesting to see how this plays out and how companies adapt. After the first chamber passed a law implementing EU legislation to protect whistleblowers, the second chamber did not consent, so we are keen to see what policymakers finally agree upon. However, it is important that every employee knows about the nature and accessibility of reporting channels available within the company.

Q. What advice can you offer to companies on conducting an internal investigation to follow up on suspicions of fraud or corruption?

A. Ideally, companies will have policies or guidelines in place setting out the procedures for conducting an internal investigation. This can be critical, as an investigation can quickly plunge companies into crisis mode, which typically does not allow time for due consideration and detailed planning. When it comes to evaluating investigations from a general forensic point of view, it is crucial that, beyond setting an appropriate scope for the investigation, minimum requirements for assessing resilience and traceability are met. Companies must uphold the independence of the investigation and ensure it is free of conflicts. Adequate project planning and effective management and structuring of the investigation must also occur. Companies must adopt a ‘need to know’ basis to guarantee confidentiality of information. They must also preserve and maintain the integrity of evidence. Finally, they must ensure that all documentation and reporting is reliable and appropriate. Companies that do not have adequate systems and procedures in place for conducting internal investigations are often criticised for their lack of cooperation and of internal clarification. This is something we frequently see in the financial services industry, where regulators have condemned institutions for limiting the scope of an investigation, for a lack of control and for insufficient and slow reporting, as well as for failing to prevent conflicts of interest.

Q. What general steps can companies take to proactively prevent corruption and fraud within their organisation?

A. We strongly believe that companies perform their best when they create awareness throughout the organisation that integrity is a key value which underpins the framework for all business conduct and collaboration. This must be promoted by senior management, by impressing on each employee that only ethical business is good business, independent of potentially large, short-term profits. Another important precondition is creating an atmosphere of fairness perceived by all employees. Finally, companies should have an adequate and capable compliance function, supported by senior management, which sanctions instances of non-compliance. Companies should also regularly assess the compliance-related risks throughout the business, for example by performing risk assessments internally or with support from external advisers.