Drivers and Trends
(1)
Ernst & Young, Cologne, Germany
The deal appeared quite simple when the “1st Amendment to the German Stock Corporation Law” (1. Aktienrechtsnovelle) was adopted on June 11, 1870: The state would, at the King’s mercy, forgo their existing right to monitor every incorporated company personally. At this point in history, the state was still the North German Confederation—the country of Germany did not yet exist. In return, commercial enterprises promised that they would independently ensure that everything was being conducted in the correct manner. And the institution responsible for doing so was a newly created body called a “supervisory board.” In order to demonstrate that they were taking this due diligence seriously, the members of a supervisory board were also made personally liable at the time, in addition to the entrepreneurs themselves. For example, anybody who was aware of false statements concerning the “assets of the company,” yet did not report them, was threatened with 3 months’ imprisonment (see Endemann et al. 1870, Article 206).
The King’s representatives could not have known at the time that this legal innovation would take on a life of its own over the coming years and instill anxiety and fear into future generations of businessmen and women. As early as the 2nd legal amendment in the form of the “Law dealing with companies limited by shares and incorporated companies” (Gesetz, betreffend die Kommanditgesellschaften auf Aktien und die Aktiengesellschaften) in 1884—this time issued at the mercy of the Kaiser—the liability of the supervisory board and their shareholders was increased for the first time. The law contained a total of seven paragraphs dedicated to the duties of due diligence and supervision. The next legislative reform in 1937 contained 14 paragraphs relevant to this subject. In the Stock Corporation Law (Aktiengesetz) of 1965, which is still valid today, there are approx. 55 paragraphs dedicated to the management, control, indemnity, and personal liability of management personnel and supervisory board members for incorporated companies. These articles nearly always deal with white-collar crime and corruption. In order to be held technically liable, it is not even necessary for CEOs, managing directors, and supervisory boards to perpetrate any crime themselves, or hand over a proverbial briefcase full of cash. It is merely sufficient for them to have failed to take sufficient care for protecting the company’s assets against fraud, manipulation, corruption, and the many other existing forms of white-collar crime.
Naturally, there are similar liability regulations dealing with every other form of business under German commercial law. These are supplemented by numerous other regulatory interventions into the world of business that govern the personal liability of those individuals actively involved. These regulations are mostly hidden behind unwieldy abbreviations. Here is a just a small selection: AnSVG, BilReG, BilKoG, APAG, VorstOG, KapMuG, BilMoG, ARUG, UMAG, and KonTraG. In addition, there are other non-legislative or quasi-legislative regulations to which companies submit themselves, such as UN conventions, corporate governance codes, or OECD ethical standards. If a company also conducts business transactions abroad or holds branches in the USA or Great Britain, the regulations dealing with liability can be multiplied many times over.
It is thus safe to say that those management boards, managing directors, and supervisory boards with only an average grasp of the legal regulations no longer have a sufficient overview of the situation. And as an example of the current level of complexity found in modern liability regulations, the “Handbook on Manager Liability” (Handbuch Managerhaftung: Risikobereiche und Haftungsfolgen für Vorstand, Geschäftsführer, Aufsichtsrat) by Gerd Krieger and Uwe Schneider (see Krieger and Schneider 2007) comprises over 1,000 densely printed pages. It is not for nothing that the management and supervisory bodies of incorporated companies today employ whole legions of lawyers, auditors, compliance consultants, and self-styled governance experts in order to master the highly complex issues surrounding personal liability for their own or third-party misconduct. This is because the risk is real, and the possible consequences can prove fatal. A series of recent cases have demonstrated this point. As a result of the bankruptcy of the Austrian bank HGAA, BayernLB—the regional bank of Bavaria—is demanding 200 million euros from each one of the eight members of the company’s old management board. The reason being that they are liable in the legal sense for losses totaling billions of euros. Håkan Samuelsson, the former CEO of MAN AG, and five former colleagues on the management board are being sued for damages totaling 237 million euros as the result of a corruption scandal. In truth, it is now barely possible to calculate the potential judgments for damages against CEOs who are found responsible for antitrust infringements linked to billions of euros in fines. The possible consequences of this liability include personal bankruptcy and the end of a career. However, the consequences are even worse when viewed objectively. If it can be proven that those at the helm were aware of the risk (for example, based on the minutes of management board meetings) but nevertheless negligently, or to a greater or lesser extent intentionally, ignored the possible damages, they could face criminal prosecution and, in the worst-case scenario, end up in jail due to complicity or a breach of trust. This scenario is not impossible based on German and international law, but is now a fact of life and an everyday reality.
The financial crisis in 2009 has greatly increased the pace at which regulations dealing with manager liability are being tightened—this is also evident at a statutory level. The German Bundestag passed a comprehensive package of laws in May 2013 (see Federal Press Office 2013) that, alongside the introduction of a so-called “separate banking system,” greatly increased the criminal liability faced by company managers, and explicitly prescribed imprisonment for breaches of duty in the area of risk management, as well as fines of up to 10.8 million euros.
The radical reaction of politicians towards credit institutions is not least due to the fact that it was in the banking sector that primarily tax payers had to pay for the losses resulting from fraud, manipulation, or the lack of risk awareness. This catapulted the issue of manager liability once and for all into the public eye.
The consequence of this public pressure is that existing laws are now being more strictly interpreted and implemented. Naturally, only very few managers can afford to pay hundreds of millions of euros in damages from their own coffers, or are able to settle the fines issued by international antitrust divisions. The fact that companies issue these demands for damages in the first instance, and the speed with which they act, indicates a clear change in mentality—which should provide every corporate player holding a position of responsibility in an organization with food for thought.
This change in mentality is evident in two recent quotes from prominent German supervisory boards—which were actually not issued that far apart. In connection with the corruption scandal at Siemens, the Chairman of the Supervisory Board Gerhard Cromme spoke of “not taking the last shirt off the back” of the responsible CEO. Yet only a few years later with regards to the recently announced corruption case in their HGV Division, the MAN Supervisory Board and top manager Ferdinand Piëch commented that the CEO should face the “full force of the law” (see Ott 2011).
This fits into the overall picture. There is increasingly less scope for negligence, supervisory boards are becoming more stringent, and criminal investigations ever more professional. It is simply no longer possible to ignore the areas of corporate governance and compliance. Only concrete and credible action ensures that liability risks can be excluded. This book describes how this can be precisely achieved.
In this context, the focus will be placed initially on the basic features of manager liability.
What needs to be done in terms of white-collar crime and corruption in order to exclude the risk of liability? Which legal regulations make company managers liable and in what form? How did these laws originate and how will they develop in the future?
1.1 Basic Features of Manager Liability
Anybody who purchases a food truck and sets it up in a pedestrian zone finds themselves—at least in terms of liability law—in a simple and clear situation. Ownership of the company and control over it lie in the same hands, and while the owner pockets the profits made from their activities, they are also personally liable for the consequences of any legal violations, or the failure of the business. However, if we are dealing with 100 food trucks that are operated by a GmbH (a company with limited liability in Germany) with an employed managing director, or with a stock corporation that serves the whole of Europe with hot dogs and aims to conquer the world in the medium term, the situation is far more complicated. This is because ownership and control lie in different hands. Accordingly, errors made by managing directors, management boards, and supervisory boards do not directly impact on these corporate players, but rather diminish the profits made by members or shareholders of the company and, in the worst-case scenario, wipe out their assets. The same is naturally also true if managers manipulate balance sheets, misappropriate funds, consciously disregard business risks, or bring ruin to their employers in other ways.
For a long time it was not necessary for executives, managers, or management boards to give much thought to the idea of personal liability. In the worst-case scenario, they lost their job or generously made their positions “available” by stepping down, often, where possible, combined with lavish severance packages—or a “golden handshake.” The legal hurdles that needed to be overcome to make somebody liable for their misconduct were high. This was despite the fact that the obligation for “proper corporate governance” in the case of incorporated companies had long been part of German commercial law [see Article 93 of the German Stock Corporation Law (Aktiengesetz) and Article 43 of the Limited Liability Companies Act (GmbHG)]. However, it is very difficult in practice to provide clear evidence of misconduct or a violation of the duty of supervision. Questions such as what is actually classified as corporate error, and whether and in what circumstances a manager can find protection under the scope of “general corporate risk,” are such complex issues that in reality they are almost impossible to answer. “Could he really have prevented it?” “Nobody could have seen it coming.” “The fraudsters managed to deceive us all.”
Up to now, experience has shown that a manager must have acted extremely negligently and demonstrated their incompetence or negligence multiple times in order to be made liable for the resulting damages to any notable extent. Although the situation was, to some degree, otherwise if criminal offenses in the area of white-collar crime or corruption had been committed, this did not change the high legal hurdles that had to be overcome to prove manager liability in general for quite some time. And the legal processes against white-collar crime and corruption themselves were certainly not noted for their lack of clemency in the past. The case of Thomas Middelhoff and the Arcandor bankruptcy is symbolic of a series of legal processes in which managers escaped leniently from cases of liability. Klaus Lederer, who as Group Manager of Babcock Borsig covered up the disastrous predicament of the group for many months, was only handed a suspended sentence, a 250,000 € fine, and 1,000 h of community service for delaying insolvency proceedings. In comparison to his salary at the time, the fine amounted to nothing more than pocket money and he was even permitted to carry out some of his community service in sunny Florida.
But, to be absolutely clear from the very start, the days when management boards, members of the company, fully authorized representatives, managing directors, authorized signatories, trade representatives, departmental managers, managers, and other executives of companies had nothing to fear in the area of personal liability are well and truly over. At the latest since the events surrounding the banking and financial crises in 2009, much stricter rules have been introduced for the many existing business regulations on the international stage. The processes of law enforcement and the assertion of liability claims are rapidly becoming more professional.
And what applies to those “executive bodies” responsible for the operative business of the company is also true at the level of the supervisory board. The liability of members of the supervisory board or members of the audit committee in relation to the company has also been tightened. For example, in the form of extended reporting obligations according to Article 107 of the German Accounting Law Modernization Act (Bilanzrechtsmodernisierungsgesetz—BilMoG). The obligation of the supervisory board to provide advice and monitor the management of the company as stipulated in the German Stock Corporation Law (Aktiengesetz) is currently being scrutinized ever more critically in criminal investigations. The supervisory board can be found guilty of so-called “negligent supervision” (see Habersack et al. 2010, Articles 76–117) if, for example, it does not critically challenge and check unusual or frivolous payments. In such cases, the supervisory board would be considered personally liable—and face compensation claims against their own private assets—or deemed to be guilty of a breach of trust. The “minimum standard” expected of the supervisory board in terms of how consciously and actively they scrutinize the subjects of compliance and corporate governance is also rising. However, it remains much more difficult in practice to hold the supervisory board liable than is the case with an executive body actually involved in the operative business of the company. It still remains to be seen what effects the change in the law in the form of Article 107 of BilMoG will have in reality.
The changes in the legal and liability-related evaluation of misconduct, negligence, and malicious intent are also causing a shift in our understanding of white-collar crime in general. Because the administration of justice in the area of white-collar crime has long since ceased to merely focus on cases of fraud, but now also treats non-observance or underestimation of risk as an almost equivalent offense. Using corresponding compliance management systems, this transforms the battle against white-collar crime and corruption from being the duty of individuals to being an obligation for all.
1.1.1 Basic Principles of Compliance Obligations
The rules relating to white-collar crime and corruption for the purpose of protecting a company’s assets have thus multiplied, and this trend is set to continue. Criminal investigations and cases of liability are becoming less and less constrained by national boundaries and probe ever deeper into both the digital and analog inner workings of companies. Even a small review of the relevant cases such as that found at the start of this chapter clearly demonstrates this trend.
One of the core tasks of the management of a company is to ensure that corporate activities are carried out in accordance with existing laws. This type of conformity with relevant regulations has become commonly known as “compliance,” which has become a dominant management buzzword in recent times. Therefore, compliance management is actually nothing more than a systematic attempt by the management of a company to implement legal regulations in the company for the purpose of excluding their own liability in the event of loss. This is supplemented in many cases by their own, internal “quasi regulations” that go above and beyond the requirements set by the legislators. In a purely legal sense, the responsibility of the management of the company for ensuring compliance results from the legally stipulated duty of supervision and due diligence, as well as the correspondingly defined sanctions in the event of misconduct. The following legal principle is valid: It is possible to delegate the compliance tasks themselves but not the legal duty of supervision and due diligence (see Moosmayer 2012, p. 5 ff.).
If you consider German legislature and the corresponding legal judgments, which will be examined in more detail later in the book, it is possible to identify fundamental compliance obligations that no management board, manager, managing director, or supervisory board can avoid any longer.1 If a company is internationally active or represented by subsidiaries in the USA or Great Britain, the legal framework dealing with cases of liability is also extended to include the laws valid in these countries. How operative solutions can be developed and implemented to meet these obligations in the form of an effective management system for the prevention of white-collar crime, corruption, and other deviant behavior is discussed in Chap. 4. However, the management of a company is also legally responsible in general terms for the following compliance obligations (see here Kreft et al. 2011, p. 14):
Identifying and evaluating corporate risks.
Setting up a compliance organization with an internal control system and developing a compliance program to counteract these risks.
Integrating compliance measures into day-to-day business operations.2
Even though it is never possible to provide complete protection against fraud and misconduct by individuals, the liability of members of company management is evaluated based on the effectiveness of the systems they have introduced to prevent these offenses. Today, their personal commitment also plays a role in assessing responsibility. The criteria according to which personal liability is evaluated by the judiciary in serious cases are by no means set in stone. Instead, the legal interpretations remain fluid and are based on the experience of the judges or public prosecutors and comparable cases. Moosmayer—Compliance Officer at Siemens AG—is quite right, for example, to speak of a “minimum standard” (see Moosmayer 2012, p. 5) in the implementation of compliance measures, whose fundamental conditions are the exclusion of liability risks in a variety of different dimensions. These currently comprise:
Duty of organization3: Preventative measures need to be organized and backed up by clear responsibilities and processes. This also applies to an increasing extent to the institutionalization of anonymous whistle-blowing systems.
Duty of control4: In terms of internal control systems (ICS), regular organizational controls must be carried out, for example, in the form of forensic data analysis.
Duty of investigation5: Serious indications of misconduct must be investigated—whether it is by an internal auditing department or, for example, by commissioning an external auditing company or law firm. It is important in this process to comprehensively resolve these cases—above and beyond the clarification requirements set by the state—measure and limit the losses, and recover any lost assets as far as possible.
A special duty of supervision also exists after the identification of any confirmed cases. The management in those companies where corruption or white-collar crime has already been identified is also obligated to permanently maintain corresponding preventative measures in a transparent and believable manner. If any subsequent cases are discovered, management boards are faced with immediate criminal liability, and already make themselves guilty of complicity and a breach of trust if the judiciary is of the opinion that more could have been undertaken to prevent the losses.6
How precisely can supervisory boards be made liable for their negligence according to German law? What consequences must managers take into consideration? A detailed examination of this area demonstrates that managers are at risk on a multi-dimensional scale, not only for their own misconduct, but also for the misconduct of third parties—and are increasingly faced with the loss of their private assets, the threat of imprisonment, and damage to their own reputation that could last practically a lifetime.
1.1.2 Liability Based on the Regulatory Offenses Act and Stock Corporation Law
In Germany, the liability of managers is historically anchored in laws dealing with regulatory offenses. This situation provides much cause for irritation. When you think of regulatory offenses, you primarily think of driving too fast in a car, illegal parking, or disturbing the peace. Despite this, the size of the fines possible for regulatory offenses already corresponds to the levels of damage associated with white-collar crime: According to the German Regulatory Offenses Act (Ordnungswidrigkeitengesetz—OWiG), fines of up to one million euros are possible for malicious acts. When it comes to the disgorgement of profits gained from criminal offenses, these fines can reach significantly higher levels.
Articles 30, 130, and 9 of OWiG stipulate that a company is liable in the case of attributable misconduct by a supervisory body. These articles also define who these supervisory bodies may be. They include, among others, company bodies, fully authorized representatives or authorized signatories, and trade representatives in management positions, as well as those people charged with monitoring company management in an executive position. Furthermore, Articles 130 and 9 of OWiG stipulate that it is precisely these persons who are liable in the event of a legal violation. They carry the sole responsibility for the fulfillment of their duty of supervision and are solely accountable for this task. In view of the high level of complexity involved in this task, it is possible and normal to delegate the establishment and implementation of a compliance management system to a single managing director and, in the next step, to a single company department. However, as already described, it is important to note that only the task can be delegated and not the responsibility.
Infringements against the minimum requirements for compliance described above result in liability in accordance with OWiG. If legal violations are uncovered, this indicates the complete failure of the compliance management system without any further investigation into the individual circumstances and results in liability according to Article 130 of OWiG. If a compliance management system has been established, it must be monitored by the management of a company in the form of an institutionalized reporting and monitoring system. Should weaknesses in the system become apparent, the management of a company is itself required to intervene. When already identified compliance risks are not minimized, the management of a company can also be held liable in accordance with Article 130 of OWiG (see Moosmayer 2012, p. 17 ff.).
There are still managers even today who believe that they can avoid liability based on the regulations in OWiG if they involve intermediaries or “advisers,” who pay bribes in their place or undertake fraudulent manipulations. Naturally, it is not possible for them to avoid liability—even if they have been taken by surprise when a service provider has committed the offenses. An institutionalized prevention system—as prescribed by OWiG—also includes checking the integrity of third parties.
In the case of incorporated companies, such as stock corporations, the liability of corporate bodies is also anchored in other laws. The requirements placed on compliant corporate governance have become increasingly stricter as a result of the recent economic crisis. The management board of a stock corporation is thus expressly obligated to establish and implement a risk management system by the German Law on Corporate Governance and Transparency (Gesetz zur Kontrolle und Transparenz im Unternehmensbereich—KonTraG) 1998 and Article 91 Paragraph 2 of the German Stock Corporation Law (AktG). Article 116 of AktG also makes the supervisory board liable for the fulfillment of this obligation. If due diligence obligations are infringed in the management and supervision of a company, the company is entitled to make claims for damages. Although this right to claim damages is limited by the German Law on Corporate Integrity and Modernization of the Right of Rescission (Gesetz zur Unternehmensintegrität und Modernisierung des Anfechtungsrechts—UMAG), which supplements Article 93 Paragraph 1 of AktG 2005. In a similar way to the American Business Judgement Rule, there is no breach of duty if the member of the management board “could reasonably assume when making a business decision on the basis of appropriate information that he/she was acting in the interests of the company.” However, by using the term “reasonable information” in the wording of this limitation—which is even applicable in the event of objectively negligent behavior—it assumes that a functioning compliance management system exists.
KonTraG and UMAG further tighten the legal situation regarding liability by making it easier for shareholders to enforce their claims for damages. In accordance with KonTraG, even small shareholders owning 10 % of the share capital of a stock corporation can enforce their claims for damages. UMAG reduces this figure further to 1 % of the share capital, or a stock market value of 100,000 €.
1.1.3 Criminal Liability
If there is a case for liability in accordance with OWiG, it is possible that criminal proceedings may be faced. For this to happen, it is not necessary for a manager to have committed a criminal offense themselves, or to have directly benefited from the offense. Article 14 of the German Criminal Code (StGB—Acting as an Agent) stipulates that laws are also applicable to representative corporate bodies or members of the company, as well as to appointed managing directors or executive employees. Article 73 ff. of StGB states that benefits gained from the crime must be forfeited. In practice, this leads to disgorgement measures for significant sums of money, for which the manager may be liable to pay from their private assets. If antitrust violations come into play, the fines imposed can exceed hundreds of millions and even run into billions of euros.7
In the case of criminal liability by the management—just like with the laws dealing with regulatory offenses—the failure to apply risk minimizing measures within the framework of compliance management is particularly fatal because it represents willful intent, or at the very least tacit approval. This is all the more important because even existing D&O insurance provides no cover or only partial cover in the event of proven intent or “gross negligence.” In contrast to OWiG, the use of criminal law in liability cases for managers and supervisory boards also introduces the possibility of imprisonment.
It may sound paradoxical, but if the management of the company does not even embrace the subject of compliance and fails to carry out a risk analysis, they only commit a violation of the regulations and trigger Article 130 of OWiG. The resulting punishment thus includes fines and sanctions. However, if it is apparent from protocols or internal documents that the management of the company was aware of existing risks but did not react to them in a reasonable manner in the form of compliance measures then it is possible that their misconduct will be investigated under the scope of criminal law. Therefore, this “tacit acceptance” due to the lack of preventative measures turns all management boards/managing directors into almost accomplices or accessories to the act without ever having committed a criminal offense themselves. Nevertheless, they remain 100 % liable and are faced, in the worst-case scenario, with a prison sentence.
1.1.4 Civil Liability
If a financial loss is experienced by a company due to an infringement of the duty of supervision, the management of the company could face a demand for compensation under civil law issued by the relevant supervisory board.8 In the case of an Aktiengesellschaft (AG—stock corporation) in Germany, the supervisory board is obligated to seek compensation in accordance with Article 53 Paragraph 2 of AktG, while in the case of a GmbH (a company with limited liability in Germany), the shareholder’s general meeting is obligated to seek compensation in accordance with Article 43 Paragraph 2 of GmbHG. These bodies are left with little freedom of action9 because, in accordance with the ARAG/Garmenbeck decision by the German Federal Court of Justice (BGH), in 1997, a failure to investigate and implement claims for compensation would correspond to a breach of trust, which could in turn also be prosecuted under criminal law.
If the infringement against the duty of supervision is interpreted as a case of complicity, this is considered as tortious liability in accordance with Articles 826 and 830 of the German Civil Code (Bürgerlichen Gesetzbuch—BGB).10 And if the manager is considered personally liable due to the infringement of a law for the protection of the company—for example, in the event of a breach of trust—there is scope for an additional claim for damages in accordance with Article 823 Paragraph 2 of the BGB. Fines issued in accordance with OWiG, lost profits, subsequent tax demands, legal fees, and, not least, lost profits from any exclusion from participation in public procurement contracts are all added together when assessing the level of damages and the corresponding claims for compensation can quickly run into tens of millions of euros. These claims for compensation are then directly issued to the manager or the management board responsible at the time of the offense and are made against their private assets.
1.1.5 Labor Law and “Political” Responsibility
It is perfectly conceivable, for example, that a banker could cause financial loss due to unauthorized market speculation but cannot be prosecuted under criminal law because they have not lined their own pockets. In this scenario, they have certainly violated their employment contract but have not committed any crime. In terms of the legally prescribed obligation to prevent losses being incurred by the company, only the departmental manager or the management board would have infringed the rules and would be responsible in this case. The handling of these types of cases under labor law incorporates very concrete liability-related elements. A company requires really good reasons not to dismiss the responsible employee—after all, the whole company becomes the focus of special attention following a case of loss—and both the management board and the supervisory board are liable for ensuring that there is no repeat occurrence.
Especially in the case of large companies, infringements against corporate governance are closely followed by the public. The media increasingly delight in reporting on these types of scandal, putting a company and its management personnel into the spotlight, and ensuring a long-term loss of reputation that could last for much longer than the actual case itself. This loss of reputation can be more serious to the company in question than the direct financial consequences of the infringement. One consequence of a failure to comply with corporate governance standards is the threat of exclusion from public contracts. Because corporate governance in a company is now also closely scrutinized, to an increasing extent, outside of the public procurement process, and is graded in ranking lists, it can also have competitive disadvantages for business with other companies—for example, even in the labor market. What high-potential employee would decide to work for a company in crisis?
One of the most common measures for rebuilding the company’s reputation is for the management of the company to assume responsibility. If it can be proven that a manager has committed a culpable act, or neglected to perform an action, then their dismissal is almost unavoidable. Even if they have behaved correctly, these types of scandal often result in the person in question taking “political responsibility”—meaning being dismissed or advised to voluntarily retire in order to facilitate a fresh start, or to satisfy political pressure from shareholders. Such a move satisfies the public need for somebody to be made personally culpable for the offense and impacts on newsworthy personalities who have already been forced into the media spotlight due to the scandal.
The company’s loss of reputation often, therefore, results in a loss of reputation for those actively involved and stretches far beyond the actual financial losses. In these times of increasingly comprehensive corporate governance obligations, there is a clear necessity to fill responsible positions only with people of proven integrity. Now, more than ever before, the reality is that becoming entangled in a fraud or corruption scandal will, without fail, result in the end of a person’s career. In view of the liability regulations (only partially) described above, what supervisory board wants to risk appointing a “rotten egg” to the management board? Even when it contradicts the legal philosophy of fines and social rehabilitation, involvement in a case of loss and the resulting political responsibility invariably continue to have an effect throughout a person’s entire working life.
1.1.6 Digression: Protection in the Form of D&O and Fidelity Insurance
In principle, it is possible to limit the liability of managers through contractually secured exemption. However, as described above, the legislation increasingly promotes the enforcement of liability claims against management personnel, meaning there are limits placed on this approach. Therefore, a common solution is to take out so-called “D&O insurance.” In the USA, this type of insurance is standard across the board, while in Germany it is used at least by large companies (see Paetzmann 2008, p. 181). So-called “fidelity insurance” is also, in the broadest sense, a credit insurance like a D&O policy. However, fidelity insurance provides significantly greater offense-related protection in the event of loss due to fraud, embezzlement, theft, a breach of trust, malicious damage, or sabotage—practically all actions that require a claim for damages in accordance with Article 823 of BGB. The term “fidelity insurance” is used here because it primarily provides insurance for those actions carried out by persons in the company who hold positions of trust with corresponding authorization—thus not necessarily the same client base as for D&O insurance.
D&O stands for Directors and Officers, meaning the company bodies and executive personnel, or precisely those people under threat from liability claims in accordance with Article 9 of OWiG. As a personal liability insurance for financial losses, D&O insurance provides cover for cases of internal liability to the company and also external liability, for example, to shareholders in the event of an infringement of obligations by the insured party. In contrast to the USA, the focus in Germany is placed primarily on internal liability to the company. The historical development of D&O insurance policies has not been without some controversy—because they could free managers from their responsibilities and, thus, potentially encourage a lax attitude to corporate governance. On the other hand, a disproportionately high risk of liability can, in turn, result in an equally undesirable preoccupation with risk avoidance. In addition, there is also the fact that the levels of compensation sought are often far in excess of the private assets held by the manager and, therefore, effectively unenforceable. Therefore, a consensus has been reached where taking out insurance has created an appropriate balance between risk and reward, while at the same time covering any possible claims for compensation (see Paetzmann 2008, p. 188). The German Corporate Governance Code recommends agreeing an excess for this type of insurance so that managers are not completely released from all liability.
D&O insurance has some special features in comparison to other types of liability insurance. One feature that should be mentioned, in particular, is the “claims-made” principle. While other personal liability insurance policies are based on the loss-occurrence principle, in which claims resulting from events during the insurance period are refunded, D&O insurance only covers claims that are asserted during the insurance period. In practice, this can result in serious problems. Therefore, it is sensible and normal to also negotiate subsequent insurance and, if required, extra cover for an earlier period within the insurance contract. Experience has shown that D&O insurers are highly unwilling to pay in serious cases. It is only in a rare number of cases that contractually stipulated claims are settled without any problems. A common occurrence in practice is that insurers cite incorrect information that the management board are supposed to have provided during the conclusion of the legal proceedings (see Werle 2006).
Yet even when a D&O insurance policy has been carefully drafted, it never offers complete protection against liability claims. Nobody should fall under this illusion.
The reason for this is that crimes committed through willful intent, gross negligence, or conscious neglect of duty are generally not covered by the insurance. Furthermore, compensation claims can also exceed the agreed insurance cover in extreme cases. As the level of compensation claims for antitrust infringements alone can reach into the hundreds of millions of euros, D&O insurance cover is quickly exhausted and supervisory boards have to make civil claims for the outstanding amount from (ex) members of the management board. After all, they would in turn make themselves liable and guilty of a breach of trust if they didn’t.