I read two provocative posts on the FCPA Blog recently. One was headlined “At Large: In Germany, a weird tolerance for corporate crime,” (here), and the other carried the banner “Yes, Germany has a compliance and enforcement problem” (here). I grew up in Germany and continue to live and work there, and I’d like to respond to both posts.
In the German corporate culture, the principle of the “honorable businessman” has been the most important guideline for corporate managers and employees in order to comply with law and internal company rules. Around ten years ago, a real compliance trend spilled over to Germany — primarily driven by reputational violations of the law by some large companies and the reach of U.S. law.
Compliance as an element of corporate governance and conduct has certainly developed and progressed over the last decade. In its June 2020 update to the Evaluation of Corporate Compliance Programs, the DOJ made one significant change, in my view, which is to focus not only on the actual implementation effectiveness of a compliance management system (CMS), but also to question the effectiveness of a CMS through asking if the program is “resourced and empowered to function effectively?”
Another process that the DOJ addressed relates to how companies should pay attention to a root cause analysis. And here I strongly agree. Wherever misconduct occurs we do need an in-depth root cause analysis that goes well beyond a “country cause analysis.” Personally, and professionally, I do not find finger pointing on single countries or single companies or organizations, in my understanding fraud, bribery and corruption, as productive in a root cause analysis. Fraud and corruption are like pandemics such as Covid-19 — they travel without passport and cross borders. We live in an interconnected world, with managers working outside their own home country. For example, there are American managers serving in German boards as well as German managers working abroad. We see C-suites and boards from all over the world working together.
I think the German, and even more important the European authorities, are on a future-oriented path. But like the FCPA, it’s a journey not a destination. A new Corporate Criminal Law is going through the political decision-making process in Germany right now and is named “Act to Strengthen Business Integrity.” In addition, the action plan on Human Rights Due Diligence will be mandatory for larger German companies and is now being considered to become a law. It would require companies to identify human rights risks not only in their own business but also in their supply chain and to take measures to reduce those risks. I think we all appreciate that robust compliance needs to be a partner to robust enforcement.
The Volkswagen Group, under the very helpful guidance of its U.S. monitor Larry Dean Thompson, and in discussion with the U.S. Department of Justice, has developed and installed a state-of-the-art compliance and integrity environment as we prepare for those new challenges. As part of the Volkswagen Group journey, we have installed a human rights officer and subjected our entire supply chain and partners to due diligence, which also includes human rights issues, which is particularly important in the fields of sourcing of raw materials as we enter the age of e-mobility.
As one of our new practices, we also spread the conclusions of our intensive root cause analysis with respect to our misconduct with regard to exhaust emissions from diesel engines in employee training. One lesson from that root cause analysis, for example, is that employees should not stay in the same function or the same department for too long, as this might create too high a dependency on the respective supervisor or external partner.
We also understood that a pronounced speak-up culture is necessary, in which every employee can freely and openly address topics and question matters. While the introduction of those measures is important, so is “tone from the top.” Compliance in the company can only function properly if the board and other top management levels set a good example.
In the United States, compliance in many ways works conceptually as an incentive system to inspire the workforce to “do what’s right,” even beyond the law. This is what I wish for Germany as well: With the new Corporate Criminal Law, we must manage at the legal level to move from purely repressive to incentive-based compliance regulation, with clear rules that include prevention, but also in ethical education.
Similar to the processes that have developed in the United States and other countries, the German Federal Court of Justice recently ruled that the existence of an efficient CMS can influence the scope and amount of fines for bribery and corruption offenses. The court stated that for the assessment of the fine will be dependent on what extent the convicted legal entity has fulfilled its obligation to prevent violations within the company and to install an efficient compliance management system. Once again, for Germany, this is a journey for the regulators and corporations alike.
The more we see business ethics as a global challenge, the more we can learn from one another. The leadership at the Volkswagen Group continues to set the right tone for future manager generations in this sense. Integrity is not only about ethics and moralism — it’s about professionalism. Like the quality of a company’s products and services: we can get better every day by learning from each other and from our own root causes, and by improving our skills to act when a dilemma inevitably occurs.