What is lacking in the German compliance regime for internal financial controls – in comparison to the U.S. approach – and what has to be changed in terms of legal and practical compliance regulations regarding internal controls over financial reporting?
This paper is organized as follows. Part II explores the Wirecard scandal, with special emphasis on the failures in internal financial controls. Part III then examines the U.S. legal framework in this domain, most importantly the Sarbanes Oxley Act of 2002 but also the Sentencing Guidelines, the Caremark Decision, the doctrine of respondeat superior, and the use of deferred- and non-prosecution agreements (DPAs and NPAs) to support enforcement of compliance obligations. The aim of this analysis is to illustrate how a healthy and effective compliance system regarding internal control over financial reporting is organized and enforced. Part IV then examines the current legal framework in Germany to implement a compliance system, finding, in effect, that there is none, at least as compared to the US model. Part V then turns to the question of reform in the German legal and regulatory landscape, analyzed from the perspective of the US model, with a special focus on the potential impact of the proposed Act to Strengthen Business Integrity (Verbandssanktionengesetz).
Table of Contents
I. Introduction
II. Background and research focus: What happened at Wirecard?
III. Key Elements of an effective compliance system in the U.S. regarding internal controls over financial reporting
A. Sarbanes-Oxley Act of 2002
B. Aspects of the US Compliance Landscape that Reinforce SOX
1. The Sentencing Guidelines and the “Seven Elements of an Effective Compliance Program”
2. Caremark
3. Respondeat Superior
4. DPA/NPA
IV. The German approach to implement an effective compliance System regarding internal controls over financial reporting
A. Branch-specific regulation
B. German corporate Governance Codex
C. § 91 (2) of the Stock Exchange Act [AktG]
D. Duty of care, §§ 76 (1), 93 (1) of the Stock Exchange Act [AktG]
E. § 130(1) of the Act on Regulatory Offences [OWiG]
F. Requirements to implement a compliance program
V. Practical implications and measures
A. Implementation of Deferred Prosecution Agreement and Non-Prosecution Agreements
B. Monitoring
C. Company liability
D. New legislation: Act to Strengthen Business Integrity (Verbandssanktionengesetz)
E. Guidelines on how to implement a compliance program
VI. Conclusion
VII. References
Objectives and Topics
This paper examines the fundamental deficiencies in the German compliance framework for internal financial controls by comparing it to the robust regulatory model in the United States, utilizing the Wirecard scandal as a primary case study to highlight the risks of absent legal enforcement and the necessity for a shift in corporate culture.
- Analysis of the Wirecard scandal and internal control failures
- Evaluation of U.S. compliance pillars: Sarbanes-Oxley, Sentencing Guidelines, and Caremark
- Critique of the current German legal framework regarding corporate compliance
- Discussion of potential reforms, including the Act to Strengthen Business Integrity
- Strategic implementation of compliance programs and liability principles
Excerpt from the Book
A. Sarbanes-Oxley Act of 2002
“Compliance is the process by which an organization seeks to ensure that employees and other constituents conform to applicable norms – norms that can include either the requirements of laws and regulations or the internal rules of the organization”. To achieve this goal the Committee of Sponsoring Organizations of the Treadway Commission (COSO) promotes the idea of “internal controls” - a process, implemented by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance” - to capture the essence of the compliance process. This helps an organization to ensure compliance with the applicable laws and regulations and also to achieve its objectives and profitable goals while reducing risk.
The SOX imposes a mandatory legal obligation to establish a compliance program in regard to internal control over financial reporting.
The company’s management, respectively the CEO and Chief Financial Officer (CFO) are directly responsible for the accuracy, documentation, and submission of all financial reports as well as establishing and maintaining adequate internal control over financial reporting for the company. Section 404(a) SOX that applies only to publicly held companies, complements the managements responsibility under § 302 SOX by requiring all annual financial reports to include an Internal Control Report stating that management is responsible for an "adequate" internal control structure, and an assessment by management of the effectiveness of the control structure in accordance with 17 CFR § 240.13a-15(a).
Summary of Chapters
I. Introduction: Introduces the Wirecard scandal as a failure of internal financial controls and poses the central research question regarding what Germany can learn from the U.S. approach to compliance regulation.
II. Background and research focus: What happened at Wirecard?: Details the mechanics of the Wirecard fraud, focusing on its role as a payment processor and the subsequent collapse following audits that could not verify significant assets.
III. Key Elements of an effective compliance system in the U.S. regarding internal controls over financial reporting: Examines the American legal framework, emphasizing the role of the Sarbanes-Oxley Act, federal sentencing guidelines, and the Caremark doctrine in enforcing corporate accountability.
IV. The German approach to implement an effective compliance System regarding internal controls over financial reporting: Analyzes the existing, albeit fragmented, German regulations and court decisions, noting the lack of a unified legal mandate for compliance programs compared to the U.S.
V. Practical implications and measures: Discusses necessary reforms for Germany, specifically the adoption of corporate liability, monitorships, and the potential impact of new legislation such as the Act to Strengthen Business Integrity.
VI. Conclusion: Synthesizes the comparative analysis and reiterates that Germany must adopt a clearer legal framework similar to the U.S. to foster a healthy corporate compliance culture.
Keywords
Compliance, Wirecard, Sarbanes-Oxley Act, Internal Controls, Corporate Governance, Financial Reporting, Caremark Doctrine, Respondeat Superior, Deferred Prosecution Agreement, Act to Strengthen Business Integrity, Corporate Culture, Regulatory Offence, Risk Management, Fraud Prevention, German Law
Frequently Asked Questions
What is the core focus of this research paper?
The paper focuses on the deficiencies in Germany’s compliance regime regarding internal financial controls, using the Wirecard scandal as a case study to argue for the adoption of a more rigorous regulatory framework inspired by the U.S. model.
What are the primary themes discussed in the work?
The central themes include the comparison of U.S. and German corporate law, the role of mandatory internal controls, the importance of "tone from the top" in corporate culture, and the legal consequences of corporate misconduct.
What is the primary objective or research question?
The objective is to identify what is lacking in the German compliance regime compared to the U.S. and to propose legal and practical changes to ensure effective internal controls over financial reporting.
Which scientific methodology is employed?
The paper utilizes a comparative legal analysis, evaluating statutory regimes, case law, and pending legislation in both the U.S. and Germany to draw conclusions about enforcement efficacy.
What is covered in the main body of the text?
The main body covers the detailed anatomy of the Wirecard collapse, a comprehensive breakdown of U.S. compliance mandates (SOX, Caremark), and an assessment of current German regulations alongside potential improvements through new legislation.
Which keywords best characterize this work?
Key terms include Compliance, Wirecard, Sarbanes-Oxley, Internal Controls, Corporate Liability, and the Act to Strengthen Business Integrity.
How does the Caremark doctrine influence corporate responsibility?
The Caremark doctrine establishes that directors have a fiduciary duty to implement and monitor an adequate corporate information and reporting system; failure to do so can result in personal liability for the directors.
What are the potential benefits of Deferred Prosecution Agreements (DPAs)?
DPAs allow prosecutors to influence corporate culture directly by mandating remedial measures and oversight, providing an alternative to trial while ensuring the company adopts necessary compliance standards.
How does the principle of "respondeat superior" affect corporations?
This principle holds corporations strictly liable for the crimes committed by their employees in the scope of their employment, creating a strong incentive for companies to enforce robust compliance programs.
- Arbeit zitieren
- Joel Ziv (Autor:in), 2021, Germany's compliance system for internal financial controls after Wirecard. What can be learned from the United States?, München, GRIN Verlag, https://www.grin.com/document/1133634
