Compliance & Internal Investigations
Businesses are increasingly vulnerable to dramatic fines based on the behavior of their employees (§ 30 OWiG). If it comes to such a proceeding, managers must quickly determine whether there was a compliance infrastructure in the business and if so, why it did not prevent the misconduct. Compliance can be defined as organizational measures and structures which ensure compliance with legal regulations and internal procedures by the company and its employees.
Many see compliance as unnecessary and expensive. There are a few reasons for this. First, many consultants try to impose a ‘one-size-fits-all’ solution conceived for large firms onto small and mid-sized firms. Second, even when significant efforts have been made, misconduct may nevertheless take place, bringing the attention of agencies, courts, and the public. Nobody hears about the times when the compliance system worked.
Our approach is to tailor the compliance organization to the needs and budget of the individual firm – not the reverse. In many cases, it is possible to reduce costs by using existing structures within the firm. If this is not the case, some compliance functions can be efficiently outsourced.
Our experienced forensic specialists can evaluate potential risks in cases in which internal firm review cannot or should not be used. Such “internal investigations” are often conducted not only when the prosecutor is knocking on the door. Our firm uses a technical infrastructure which can safely and efficiently process very large quantities of data even without relying on external IT services.
When the internal review is started in time, it can allow sensitive matters to be handled internally, protected by attorney-client confidentiality. These inquiries often uncover valuable lessons for the future. If, despite everything, government investigations are started, attempts to investigate matters internally can often reduce or even eliminate liability for the firm.
One thing is clear: Managers, directors, and other responsible executives must protect themselves and the firm. But not every business requires a full panoply of compliance tools. Working on the basis of a careful risk assessment, we develop with our clients an appropriate program which can range from training to codes of conduct or industry-specific guidelines to the creation of a 24-hour helpdesk or ombudsman.
Good compliance does not restrict a company or rob it of business opportunities. It ensures security and safety even when dealing with questionable or critical situations. It helps the firm act with integrity, and in doing so reveals new opportunities.
Further, a successful compliance organization not only protects a firm from liability based on its own violations, it also protects it from external attacks. The opportunities presented by an efficient integration of compliance and corporate-security measures are, unfortunately, rarely exploited. In this area, we advise not only the legal aspects of security but, where necessary, bring experts on board to enhance our legal perspective with technical expertise, for example in the increasingly important area of IT security.