GERMANY Law and Practice Contributed by: Rainer Wilke, Ingo Theusinger and Ralph Schilha, Noerr
3.3 Crisis Committees: Composition and Attributes Larger companies or those in high-risk indus- tries tend to have permanent crisis committees to evaluate risks and prepare for potential crises, while others convene them on an ad hoc basis as required. Their formation and structure can vary by industry, company size and the respec- tive crisis. Common features of crisis commit- tees are a clear structure with defined roles and responsibilities, regular meetings to update cri- sis plans and the organisation of crisis exercises. In terms of the degree of independence, a crisis committee usually has limited autonomy and works closely with the company management. 3.4 Crisis Management Team A crisis management team typically consists of members from various key departments to ensure a comprehensive response. These mem- bers usually include the following: • head of crisis management – often a senior executive or a person in a high-level manage- ment position such as the Chief Operations Officer or Chief Risk Officer, who oversees the overall crisis management efforts; • legal and compliance officer – responsible for assessing legal implications and ensuring compliance with relevant regulations; • public/investor relations officer – manages internal and external communications, drafts messages for stakeholders (including capital markets communication) and maintains the company’s public image; • HR representative – looks after employee matters during a crisis, manages internal communications and oversees any necessary changes related to staffing levels; • IT and security expert – deals with data security issues and ensures the integrity and resilience of IT systems;
(b) preparing for cyber-attacks with incident response plans and back-up solutions; and (c) conducting penetration testing and con- tinuous monitoring. • Regular testing and exercises – conducting exercises to test incident response. • Post-crisis evaluation and adaption: (a) conducting “lessons learned” analysis after a crisis; (b) updating policies; and (c) engaging in stakeholder feedback. 3.2 Internal Governance In Germany, various legal provisions require the establishment of a risk management system (eg, Section 91 paragraph 2 of the AktG). However, the specific design of this system is not man- dated by law; companies are allowed to design this system according to their individual needs. Therefore, the organisation of companies’ inter- nal governance depends on multiple factors, such as size of the company, risk proneness of the services provided and previous points of contact with critical issues. Companies typi- cally organise their internal governance for cri- sis prevention and response through different structures that sometimes also include special crisis committees dealing specifically with the preparation and management of crisis situa- tions. However, there is no obligation to estab- lish a crisis committee; whether this is neces- sary depends on the impact of the crisis. While a crisis with a low impact might be handled by a sole crisis manager, crises with a higher impact might need to be handled by a dedicated risk management committee.
87
CHAMBERS.COM
Powered by FlippingBook