Compliance due diligence 
in Germany

The assessment of compliance risks in connection with legal due diligence upon the acquisition of a company is increasingly becoming market standard in Germany. Proceeding without a compliance check is hardly conceivable – not only in larger corporate transactions but also in small and mid-size transactions. One of the reasons for this trend is that, in accordance with the business judgment rule which is also applicable to companies in Germany, the purchaser’s management is obliged to evaluate all available information and to exploit sources of information in all important managerial decisions within reasonable limits. Due to the complex nature of corporate transactions as well as the economic significance of compliance risks for the target group and the purchaser, it is in almost all cases necessary to address compliance issues in the course of due diligence assessments.

This article seeks to provide an overview of the standards which have evolved over time as well as new trends and developments in connection with compliance due diligence processes in Germany.

When acquiring a company, the purchaser faces a number of different compliance risks. These include, in particular, corruption and bribery by management or employees of the target group as well as breaches of the following regulations

• Competition and antitrust law
• Procurement law
• Data protection law
• Customs and foreign trade regulations.

Nevertheless, there is a tendency in Germany not to devote the same amount of attention to all potential breaches when checking such breaches against the aforementioned legal provisions in the course of compliance due diligence procedures. In many cases, risk assessment is limited to corruption and breaches of antitrust law, as sanctions for misconduct in these areas are often the most severe. Furthermore, companies are mindful that they can be excluded from public procurement and tenders due to corruption offences and thus will additionally suffer considerable reputational damage.

Whilst the scope of assessment is often focused on corruption and breaches of antitrust law, the extent of assessment of these areas have increased significantly. This is particularly relevant for dealing with corruption risks. The trend is triggered by the increasingly strict prosecution and sanctions practice implemented by German authorities, which not only targets large company groups but also extends to medium-sized companies, as is clear from recent enforcement patterns.

In Germany, there are two concepts for the organization of compliance due diligence: there is a three step approach in which the compliance due diligence is carried out in three phases: pre-signing, post-signing and post-closing. Alternatively, there is a two-step approach in which the assessment is limited to the pre-signing and post-closing phases.

The two step approach seems to have gained a foothold on the market.

The three step approach is only applied in exceptional cases and is usually limited to those in which possible compliance risks have been identified during the pre-signing due diligence which need to be clarified further before closing. At the same time, the identified compliance risks must not be so severe as to be a deal breaker to the signing. Thus, the scope of application for a three step approach is conceivably narrow.

With regard to the pre-signing phase, the compliance due diligence process is usually limited to a desktop review and risk analysis. In this context, the target group’s existing compliance management system as well as the respective report and control lines are checked with regard to key measures, e.g. code of conduct, policies, organization chart of compliance structure, identification and competence of compliance officers, etc. This enables the purchaser to make a preliminary assessment of whether compliance is an unknown concept for the target group or if management and employees have at least a general awareness of compliance.

Furthermore, there is an increasing trend in which the purchaser tries to use compliance expert sessions with the seller’s (or target group’s) compliance officers to help the purchaser develop an increased sensitivity for identifying possible compliance risks in the target group.

During the post-closing phase, the purchaser is mainly confronted with two challenges

First, the target group has to be integrated into the purchaser’s compliance management system by adapting the report and control lines and by transferring the purchaser’s compliance standards to the target group.

Secondly, possible compliance risk issues, which are substantially based on the results of pre-signing compliance due diligence, have to be clarified further. In this case, a more extensive post-closing compliance due diligence is required if it transpires during the pre-signing due diligence that the target group does not have a functioning compliance management system or that there are specific indications of compliance breaches. In practice, the trend focuses on the areas of corruption and antitrust law.

In case of continuation of possible corruptive practices after closing, German law provides not only for a continued liability on the part of the target group and its management but also for administrative offence law liability on the part of the purchaser.

Compliance risks are usually incorporated into the sale and purchase agreement in two ways: an indemnification clause between seller and purchaser is agreed with regard to known risks, or, for unknown risks, the seller gives a guarantee.

Thus, with regard to the liability regime in a sale and purchase agreement, the purchaser benefits from pre-signing compliance due diligence. Where specific risks have been clearly identified by way of a pre-signing assessment, the seller will agree to issue an indemnity for such risks. Otherwise, the seller will only provide the purchaser with a compliance guarantee. From the purchaser’s perspective, the clear benefit of an indemnity over a guarantee is that an indemnity is usually not subject to the same restrictive limitations as a guarantee (e.g. de minimis, threshold, cap, limitation period). As a rule, an indemnity is granted on the basis of a 1-to-1 Euro compensation for occurred damages, hence no de minimis or threshold, and normally with a deviating cap and a longer limitation period than the guarantee claims.

Further, a guarantee has a narrower scope than an indemnification. In the currently prevailing seller-friendly market environment in Germany, the seller will not be prepared to assure that the target group is not in breach of any and all material regulations and laws. The market trend rather suggests that the seller will only guarantee compliance with the German anti-corruption laws (and, if applicable, with the FCPA and UK Bribery Act) in the framework of a compliance guarantee.

One of the outstanding issues with regard to contract implementation is the legal consequence of an infringement of a compliance guarantee. Compensation for lost profits (e.g. exclusion from public tenders) as well as for internal administrative costs and external advisers’ fees (e.g. legal advice and court costs regarding internal investigations) are often excluded in the sale and purchase agreement. Furthermore, any reputational damage incurred is hard to measure in numbers which means that, due to strict legal consequences, the compliance guarantee is only of limited value when it comes to effectively protecting the purchaser. However, it remains to be seen whether there will be changes to this trend in the current market standard in Germany.

There is an increasing trend among W&I insurers – depending on the thoroughness of the due diligence and the scope of the compliance guarantee – to insure compliance guarantees, especially in connection with corruption and bribery. Concluding a W&I insurance often constitutes a sensible possibility for reaching an agreement, although the seller is not prepared or only prepared to cover compliance risks up to a certain amount- an option with which the purchaser may not accept.

Compliance due diligence procedures have become market standard in Germany for every large transaction. In the case of medium-sized and smaller transactions, compliance due diligence is becoming more common, depending on the target group’s industry. The criteria regarding the scope of assessment, the procedure and the depth of assessment are becoming increasingly standardised. Such criteria are

• Content-based focus on corruption and anti-trust risks.
• Implementation of compliance due diligence in two phases: pre-signing and post-closing.
• The pre-signing compliance due diligence is limited to a desktop review, risk analysis and (increasingly becoming more common) compliance expert sessions.
• The post-closing compliance due diligence has the aim of an in-depth analysis of possible compliance risks identified in the course of the pre-signing due diligence.
• Taking on guarantees and indemnities for compliance/corruption risks in SPAs.
• Hedging compliance/corruption risks by W&I insurance.