Nuremberg Higher Regional Court Confirms Compliance Obligation of Managing Directors
In its judgment of March 30, 2022, the Nuremberg Higher Regional Court expressly confirms for the first time that the general duty of legality results in a duty of the company’s management to establish a compliance management system. Management members may be held liable for the resulting loss, if they violate this duty.
Introduction – Compliance Duties after Siemens/Neubürger
In “Siemens/Neubürger” (Judgment of December 10, 2013 – 5 HK O 1387/10) in 2013, the Munich Regional Court (LG Munich) held that a member of the management board must ensure that a company is organized and supervised in such a way that no violations of the law occur. Accordingly, adherence to the principle of legality and, consequently, the duty to establish a functioning compliance system are part of the overall responsibility of the management board. In Siemens/Neubürger, the LG Munich ordered the defendant, a former member of the Siemens management board, to pay damages on the grounds that he had violated his organizational and supervisory duties.
The LG Munich has left open many things in 2013. The judgment now published by the Higher Regional Court Nuremberg (OLG Nuremberg; judgment of March 30, 2022 – 12 U 1520/19) further develops the case law once established by the LG Munich and provides more clarity in the interpretation of the compliance duties of managing directors.
The Case before the OLG Nuremberg
In the case decided by the OLG Nuremberg, a limited partnership operating in the mineral oil trade had sued the managing director for damages. The plaintiff had issued fuel cards to its major customers with which they could fill up with fuel at the plaintiff’s service stations on credit and without cash. A long-time employee had enabled some major customers to overdraw the credit they had been granted with the fuel cards. The employee veiled these transactions by interfering with internal company processes. He manipulated the accounting software, re-addressed invoices and reminder letters, and pulled complaint processes to himself. All this was not noticed by the defendant’s managing director, in part because the four-eyes principle was not observed in the issuing and administration of fuel cards, contrary to previous resolutions of the company’s advisory board. When the employee’s acts of embezzlement finally came to light, the plaintiff had suffered damages amounting to several hundred thousand euros. The limited partnership finally sued the managing director for these costs to be reimbursed.
The initial court, Nuremberg-Fürth Regional Court (LG Nuremberg-Fürth), had essentially granted the action brought by the limited partnership. On appeal by the managing director, the OLG Nuremberg confirmed the decision of the LG Nuremberg-Fürth in all relevant points.
Argumentation of the OLG Nuremberg
Duty to Implement a Compliance Management System
The judgment of the OLG Nuremberg confirms and substantiates the duty to set up a compliance management system that was originally postulated in the Siemens/Neubürger decision. It states that a managing director must be measured against the “diligence of a prudent businessman“. This measuring disregards personal characteristics of the managing director such as age, inexperience, or ignorance. Sec. 43 para. 1 of the Act on Limited Liability Companies (GmbHG) establishes an objective standard which every managing director must comply with as part of his or her primary duties as a corporate body.
The OLG Nuremberg concludes that a managing director generally has discretionary powers in the sense of the “Business Judgment Rule“. However, these powers were exceeded in any case where “from the point of view of a prudent and conscientious businessman, the high risk of damage is unavoidable and there are no reasonable business reasons for taking this risk nevertheless“.
A managing director must create an internal organizational structure of the company that ensures the legality and efficiency of its actions. “From the duty of legality follows the obligation of the managing director to establish a compliance management system, i.e. organizational arrangements that prevent the commission of violations of law by the company or its employees.” According to the court, a violation of this duty occurs if – by way of inadequate organization, instruction, or control – company employees are enabled or facilitated to commit wrongful acts.
This is the first time that a German court has expressly confirmed that the obligation to set up a compliance management system follows from the general duty of legality. In Siemens/Neubürger, the LG Munich had left open the question of whether a detour via a manager’s statutory organizational duty was needed. As an expression of the duty of legality, however, the generalizability of the duty to establish a compliance management system can no longer be in doubt.
Duty to Monitor the Company
According to the OLG Nuremberg, the duty of the managing director also includes sufficient monitoring of the company, the intensity of which may not be limited to occasional checks, depending on the risk-prone nature of the work and the weight of the regulations to be observed. There is an increased duty of supervision if irregularities have already occurred in the company in the past.
The OLG Nuremberg clarifies that an effective compliance management system does not require a complete and seamless monitoring. Rather, random checks should generally be sufficient if they demonstrate to employees a certain level of control and a corresponding probability of detection. According to the OLG Nuremberg, the natural limit for all supervisory measures lies in their objective reasonableness.
Supervision of the Supervisors
In this context, the court also deals with the possibilities of delegation of the monitoring tasks. In doing so, it makes clear that the managing director may by no means sit back and relax if he has delegated his compliance duties to subordinate employees. Rather, his monitoring duty in this case is reduced to his direct subordinates only and their management and monitoring behavior, i.e. to a duty to “supervise the supervisors“. The OLG Nuremberg uses the term “meta-supervision“, in which the so-called overall supervision and ultimate responsibility remain with the managing director at all times.
Established Control Procedures
Furthermore, the OLG Nuremberg takes the special features of the case as an opportunity to make more detailed comments on the four-eyes principle. In the opinion of the OLG, the four-eyes principle can be found across all industries in many critical internal company work processes. In this context, processes are critical “if they can result in personal injury or considerable financial consequences if they are not carried out properly“. The OLG Nuremberg expressly recognizes the four-eyes principle as an organizational standard within the scope of business processes. However, unlike in the case before the OLG, such an organizational standard must not only be written down internally but also be enforced and monitored in practice.
Burden of Proof on the Management
Finally, the OLG expressly clarifies that the managing director must demonstrate and, if necessary, prove that he has fulfilled his duties of care, that he is not at fault, or that the damage would also have occurred in the event of lawful alternative conduct. This deviation from the principle of the claimant’s burden of proof for all circumstances giving rise to a claim had been discussed for years in the context of the basis of claims according to Sec. 93 para. 1 AktG. The OLG Nuremberg confirmed this view on the grounds that only the managing director himself knows the circumstances of his conduct. He alone can have an overview of the facts necessary to assess whether his conduct is in accordance with his duties, whereas the company he manages would always be in a shortage of evidence on this point.
Conclusion – No Excuses for Missing or Faulty Compliance Management System
The judgment of the OLG Nuremberg, which is well worth reading, does not represent a revolution in compliance jurisprudence. It does specify in many respects the basic lines of managing directors’ liability for breach of duty to establish and monitor a compliance management system which have been known since Siemens/Neubürger. The ruling makes it unmistakably clear, however, that compliance forms part of a managing director’s core duties and that best practice standards are increasingly deemed established. In their own interest, company managers would be well advised to pay close attention to the design, monitoring and further development of their own compliance organizations. Otherwise – as the ruling of the OLG Nuremberg shows – it can get very expensive.