Excerpt
Table of contents
List of illustrations
Table of abbreviations
1 Introduction to Risk Management
1.1 Definition of Risk and Risk Management
1.2 The necessity of Risk Management
1.3 Functions of Risk Management
2 Legal Requirement of Risk Management
2.1 Corporate rules
2.1.1 Corporate Sector Supervision and Transparency Act
2.1.2 German Accounting Standards Committee
2.1.3 Risk management in accordance with IDW PS
2.1.4 Corporate governance rules
2.1.5 German Corporate Governance Code
2.2 Requirements for banks
2.2.1 Capital Accord - Basel II
2.2.2 The German Banking Act
2.2.3 Minimum Requirements on Risk Management
2.2.4 Solvency regulation
2.3 Requirements for insurance
2.3.1 Insurance Supervision Law (VAG)
3 The scope of KonTraG to other legal forms
4 Practical example of Risk Management at Daimler AG
5 Conclusion
List of literature
List of illustrations
Illustration 1: Risk management process
Illustration 2: Three pillars of Basel II
Table of abbreviations
illustration not visible in this excerpt
1 Introduction to Risk Management
The aim of this seminar paper is to illustrate the topic “Legal requirements of risk management in Germany”. An insight into the legal requirements of risk management in a company, e.g. banks and insurances will be provided. Furthermore, a practical example of risk management at Daimler AG will be described in the following section. Finally, is assessed with a personal conclusion.
1.1 Definition of Risk and Risk Management
The term “risk” is described in literature in many different ways (cf. Wolf/Runzheimer 2003: pp. 29). Risk is being described as a possible deterioration compared to an ex- pected result (loss or damage risk). According to the law “Corporate Sector Supervi- sion and Transparency Act” it means, that a company aspires to fulfil their goals (cf. GLP Unternehmensberatung: www.glp-gmbh.com). On the way there are several fac- tors of risk that should be taken into account. The purpose of risk management is to identify, estimate and avert possible risks during a process (cf. AQ4Business 2015: www.aq4business.de). Originally, big American companies created risk management out of their insurance policy. Their goal was to significantly reduce insurance premium (cf. Bitz 2000: pp. 16).
1.2 The necessity of Risk Management
Because of external and internal factors business goals may not be achieved as planned. Unexpected natural disasters, terrorist attacks and increased competition from other companies or intensification of competition are examples for external factors. Internal factors could be complex business processes, it infrastructure, or complex system solutions. Companies were often not able to spot possible risks or eliminate existing risks on time. Due to a missing risk management, many companies went bankrupt. Basically, an effective risk management is necessary for a company in order to reduce risks and avoid bankruptcy. By using risk management risks can be avoided in the future (cf. Schneck 2010: pp. 16-18).
1.3 Functions of Risk Management
Every process in a company is connected to risks of different types. The main goal of a risk management system is not to avoid all risks, since there is a connection between success and risk, which means the higher the risk the higher the possible rate of return.
Therefore, the task of a company is to actively balance the level of risk by control and management measures (cf. Stader 2009: www.stader.de) and furthermore, to achieve the best possible balance between opportunities and risks (cf. reimus.NET GmbH 2014: www.controllingportal.de). Furthermore, risk management has to identify and control the existing risks of operating activities on time. In that case can identify and control existing risks. Also helps the company to be more aware of risk during business (cf. Stader 2009: www.stader.de).
2 Legal Requirement of Risk Management
2.1 Corporate rules
2.1.1 Corporate Sector Supervision and Transparency Act
In the 90s there were numerous corporate crises that led to impose additional require- ments by the legislator to the management board members, CEO and supervisory bodies (cf. Schneck 2010: pp. 33). The law “Kontrolle und Transparenz von Unterneh- men (KonTraG)” (Control and Transparency in Business act) was passed by the Ger- man Parliament on 5th March 1998 (cf. Springer Gabler 2015: www.wirtschaftslex- ikon.gabler.de).
The Act was validated in May 1998. KonTraG is not an independent law, it is rather complementary to other laws. Additionally to the KonTraG the “German Stock Corporation Act”, the “German Commercial Code”, “Disclosure Act” and the “Cooperatives Act” have been changed. Since the introduction of KonTraG, several goals were defined such as the observation of a risk situation or the recognition of undesirable developments in processes at an early stage. As a result of these goals, the cooperation between the Supervisory Boards, Management Boards and the chartered accountants should be increased. With the merger of regulations, trust will be strengthened and protected within the company (cf. Schneck 2010: pp. 33).
The main change by the KonTraG is the paragraph § 91 para. 2 AktG. The German law describes: “The management board shall take suitable measures, in particular surveillance measures, to ensure that developments threatening the continuation of the company are detected early”1 (§ 91 para 2 AktG)
This section regulates that the management board is obligated to set up a risk man- agement system in their company. Furthermore, it prescribes to introduce a monitoring system to ensure that the potential risks can be recognized at an early stage (cf. § 91 para 2 AktG).
According to paragraph 91 AktG states that the “organization and accounting” records of the Management Board are bound to follow an appropriate risk management and an “adequate internal auditing in the company”. In this way, the “internal operational processes and organizational structures” are meant to be controlled by the section on risks. The stated actions are supposed to identify existing risks at an early stage, thus at a time when they can respond quickly to risks and therefore the company can safely continue business. Risks i.e. could be risky transactions that can be devastating to the company's financial situation (cf. Schneck 2010: pp. 34).
An installation of a risk management system is necessary and required by law. Fur- thermore, KonTraG mentions that the members of the board have a due diligence (reg- ulated in paragraph 93 AktG), which they have to prove during a business crisis. By using and carefully documenting the use of an effective risk management system, the board of a company is able to prove that they took all measures necessary to avoid risks and that all employees and other parties involved act accordingly (cf. Schneck 2010: pp. 34).
The paragraph is written in the companies act as follows:
“(1) In conducting business, the members of the management board shall employ the care of a diligent and conscientious manager. They shall not be deemed to have violated the aforementioned duty if, at the time of taking the entrepreneurial decision, they had good reason to assume that they were acting on the basis of adequate information for the benefit of the company[…].” (§ 93 para 1 AktG)
In § 93 para. 2 AktG mentions that if there is a violation of the duty of care, management has to pay compensation (for damages) (cf. § 93 para 2 AktG). The board members must fulfil their obligations (cf. Schneck 2010: pp. 34).
To evaluate and estimate potential risks a risk management report is necessary. This is described in § 289 para. 1 sentence 4 HGB. The risk management report shall inform the board of management and supervisory boards about the potential risk development on time (cf. Schneck 2010: pp. 34-35).
Furthermore by KonTraG, the tasks of an auditor are extended and linked to risk man- agement. The regulations of risk management are checked annually by an external annual audit. According to § 317 para. 4 HGB it must be examined at the end of the year, if the prescribed risk management has been properly set up by the Executive Board. According to § 321 para. 4 HGB, the results of the audit must represent in an audit report. Furthermore, the auditor is required to elaborate weaknesses of the risk management (cf. Schneck 2010: pp. 35-36).
The Board of Management has to fulfil another obligation. According to § 90 para. 1 no. 1 AktG the management is required to inform the supervisory board about its company policy and company governance, so that they have the opportunity to complete an advance monitoring. In addition, the Supervisory Board is obliged to increase their annual meeting to two meetings. By that, cooperation between auditors and the Supervisory Board will be strengthened (cf. Schneck 2010: pp. 36).
2.1.2 German Accounting Standards Committee
The German Accounting Standards Committee is a private accounting body that was founded in 1998. The tasks of the German Accounting Standards Committee are writ- ten in the German Commercial Code. (cf. Springer Gabler 2015: www.wirtschaftslex- ikon.gabler.de).
The tasks are:
- To develop and recommend the principles of the financial reporting. To advice the accounting regulations.
- The representation of the German state in international committees.
- Elaboration of international accounting standards (cf. § 342 para 1 HGB).
The German Accounting Standard has, because of the tasks mentioned above, a ma- jor impact on the risk management of a company. A concrete creation of risk reporting is not regulated by the legislature. However, the non-fulfilment of the regulations has to be decided by the German Accounting Standard (DRS 5). All principles of risk re- porting are controlled by the DRS 5. According to § 315 HGB, the companies are obliged to inform everybody about their risks. In addition, the DRS 5 wants the man- agement to receive conscientious information to be able to make a fair view of the potential risks. Furthermore, the DRS 15 is also an important part of risk management (cf. Klein 2011: pp. 90-91).
[...]
1 Translation by Norton Rose 2013, www.nortonrosefulbright.com (18.09.2013), p. 40ff