GERMANY Law and Practice Contributed by: Eva Nase and Kay-Uwe Neumann, POELLATH
6. Audit, Risk and Internal Controls 6.1 External Auditors A company has to appoint an external auditor unless it is a small company (based on the criteria set out in 3.10 Payments to Directors/Officers ). The key requirements governing the relationship between the company and the auditor are set out in the HGB. The auditor is appointed by the general or sharehold - ers’ meeting. In an AG and two-tier system SE, the supervisory board is responsible for issuing the actual audit mandate, while in a single-tier system SE it is the administrative board, and in a GmbH it is the manag - ing directors. 6.2 Risk Management and Internal Controls In an AG, SE and KGaA, the management board must install a system to detect and monitor risks to the continued existence of the company. However, it is best practice to maintain several systems and refined rules (for example, through reporting lines and codes of conduct) to ensure internal compliance and effec - tive risk management. Specifically, the management board of a listed company is required by law to estab - lish an internal control and risk management system. The supervisory board will review the existence and effectiveness of such measures. Managing directors of a GmbH are also expressly obliged to take meas - ures for the early detection of a crisis. According to German case law, effective compliance management systems are also required in order to fulfil the duty of care owed to the company.
• subsequent amendments to the above-mentioned points. Those filings are publicly available at www.handelsreg - ister.de, which contains all entries in the commercial register filed since 2007. The entry in the commercial register is constitutive in certain cases (eg, foundation, mergers or changes of legal form of the company), which means the measure will only become effective upon its entry in the com - mercial register. In other cases, failures to make filings may result in a fine from the registry court. 5.4 Global Anti-Money Laundering Businesses covered by anti-money laundering reg - ulations must file a Suspicious Transaction Report (STR) with the Financial Intelligence Unit (FIU) when - ever they have reasonable grounds to suspect money laundering or terrorist financing, and are strictly pro - hibited from tipping off the subject of that report. In addition, cash transactions above certain thresholds (eg, EUR10,000 in the EU or USD10,000 in the USA) must be reported regardless of whether any suspi - cion exists, and more than EUR10,000 in cash carried across EU borders must be declared under EU Cash Controls Regulation No 2018/1672. In the financial sector, BaFin is the key AML supervi - sory authority. Board oversight follows the general management and supervision framework, overlaid by applicable AML rules. A member of the management shall be desig - nated as being responsible for risk management and for compliance with AML provisions. More generally, boards are expected to ensure an appropriate AML organisation and oversight framework. Personal expo - sure for the members of the management arises pri - marily through ordinary duty of care liability, adminis - trative fines and supervisory measures and, in serious cases, criminal liability.
7. Environmental, Social and Governance 7.1 ESG Requirements
The topics of sustainability and social and environmen - tal responsibility have become increasingly significant in both German and global corporate governance, resulting in more specific and extensive expectations and legislation on this matter, at both national and EU level. In particular, the EU Corporate Sustainability Reporting Directive (CSRD) and the German Supply Chain Act came into force in January 2023. The Act on Corporate Due Diligence Obligations in Supply Chains
264 CHAMBERS.COM
Powered by FlippingBook