Compliance Law and Guidelines

Compliance: Legal Foundations

In the course of their business activities, companies must not only observe national compliance legislation; in international transactions, the rules of the other countries involved are also binding. It is advisable for companies to hire a risk and compliance analyst, a compliance officer internally or employ a law firm to ensure regulatory risk and compliance. There are numerous international regulations: we have summarized the most important ones for you.

Act within the framework of compliance law and guidelines

UK Bribery Act

Foreign Corrupt Practices Act (FCPA)

Financial Action Task Force on Money Laundering (FATF)

3rd EU Money Laundering Directive

4th EU Money Laundering Directive

5th EU Money Laundering Directive

Section 6 of the Act to improve the Prevention of Money Laundering

The EU Directive on Terrorism and the German Foreign Trade Act (AWG)

USA Patriot Act

ISO 19600 “Compliance management systems – Guidelines”

ISO 37001 “Anti-bribery management systems”

Download due diligence checklist

• The UK Bribery Act imposes penalties for a variety of bribery-related offences. It creates a new corporate offence of failing to prevent bribery: companies can be prosecuted for failing to have adequate anti-bribery procedures in place.
  German companies also fall within the jurisdiction of this statutory compliance requirement if they have direct or indirect business contacts in the United Kingdom. The mere fact of a subcontractor or a subsidiary within the supply chain being headquartered in the UK means that the UK Bribery Act applies to the business relationship in question.
  Non-compliance can result in fines of an unlimited amount for companies and prison sentences of up to ten years for individuals. However, a company accused of business crime under the UK Bribery Act will be treated more leniently by prosecutors if it can demonstrate that it has incorporated effective due diligence measures into its compliance program in addition to hiring a compliance officer or a law firm to ensure adherence to statutory and regulatory compliance.

• The USA’s Foreign Corrupt Practices Act (FCPA) entered into force in 1977. Since 1998 the FCPA also applies to foreign companies in connection with business activities that involve direct or indirect links with the USA. Like the UK Bribery Act, the FCPA takes into account the existence and efficiency of compliance programs within a company. Like the UK Bribery Act, too, the FCPA affects both individuals and companies and includes foreign companies. The US and UK laws can thus be regarded as counterparts of each other.

• The Financial Action Task Force on Money Laundering (FATF) is a working group set up to tackle money laundering and terrorism financing internationally. Its risk-based approach is based on the principle that measures to be taken must always be adapted to particular risk classes. This means that customers should be classified on the basis of institute-specific criteria.

• Acknowledging FATF, the 3rd EU Money Laundering Directive (Directive 2005/60/EC) calls for risk-based prevention measures to tackle money laundering and terrorism financing. The Directive was published in December 2005; EU Member States were required to transpose it into national law within two years. Eight months late, the provisions came into force in Germany with enactment of the German Anti-Money-Laundering Act and the Act to Improve the Prevention of Money Laundering. The new rules extended the scope of the financial sector to all companies and sectors.  The 3rd EU Money Laundering Directive is intended to prevent the origin of money from criminal activities such as corruption or tax evasion being concealed. It therefore requires enhanced due diligence, creates a central point for the reporting of suspected criminal activity and considers terrorism financing as an aspect of the prevention of money laundering.

• The 4th EU Money Laundering Directive (Directive (EU) 2015/849) requires EU Member States to maintain a central register containing details of beneficial owners. The data that is collected provides precise information on the beneficial ownership of companies and records its type and extent. The Compliance Directive entered into force in June 2015. As with the 3rd Directive, Member States had two years – that is, until 27 June 2017 – to transpose the new rules into national legislation.
  The risk-based approach of this Money Laundering Directive requires all partners in a business relationship to be screened to prevent money laundering. Find out more about your responsibilities in our white paper “The 4th EU Money Laundering Directive – Targeting unlawfully obtained gains”.

• The 5th EU Money Laundering Directive followed hard on the heels of the 4th. The deadline for transposition of the 4th EU Money Laundering Directive into the national law of EU Member States has already passed and the deadline for transposition of the 5th Directive, which is 10 January 2020, is looming. The 5th EU Money Laundering Directive extends the scope of obligations to tackle money laundering and terrorism financing (for example, to include providers of virtual currencies); other key changes relate to transparency, access to information on beneficial ownership, and lowered thresholds for due diligence on customers. For a summary of the requirements of the Directive and its relevance to companies, see our white paper “Targeting unlawfully obtained gains – How the 5th EU Money Laundering Directive will affect banks and large companies”.

• As a result of the amendments to Section 6 of the Act to Improve the Prevention of Money Laundering, providers of financial services have since the start of 2012 been required to check whether domestic contract partners and beneficial owners are classed as politically exposed persons (PEPs).

• Under the EU Directive on Combating Terrorism and the German Foreign Trade Act, all companies must verify that their business contacts are not on any sanctions list.

• The USA Patriot Act was enacted in response to the attacks of 11 September 2001. It contains wide-ranging provisions to curb money laundering and terrorism financing. Some parts of the US Patriot Act were replaced in 2015 by provisions of the USA Freedom Act.

• The ISO 19600 “Compliance management systems – Guidelines” were published by the International Organization for Standardization in December 2014. The guidelines cover the development, implementation and maintenance of a compliance management system for organizations of all sizes and types. ISO 19600 certification enables companies to provide independent evidence that they have implemented a CMS.

• ISO 37001 on Anti-Bribery Management Systems was published in 2016 after consultations that lasted some three years. ISO 37001 certification enables organizations of any size and type and in any country to demonstrate their commitment to tackling corruption.

• Various circulars from the Federal Financial Supervisory Authority (BaFin) contain advice on interpreting the statutory requirements.

To reduce risks such as tax evasion and money laundering, work is currently under way on central registers that will enable the true beneficial owners of companies or monies to be identified. In order to comply with the above-mentioned laws and regulations and others, companies should implement robust due diligence measures, governance risk and compliance checks and screen their business partners using Know Your Customer (KYC) risk and compliance check tools.

Only by researching detailed background information on customers and suppliers can companies reduce the risk of becoming involved in economic crime.