OLG Nürnberg: Management obligated to establish a compliance management system - what does this mean for M&A transactions?

The decision of the OLG Nürnberg leaves no doubt that the management is responsible for establishing and monitoring appropriate compliance structures:

"From the duty of legality follows the obligation of the managing director to establish a compliance management system, i.e. organizational precautions that prevent the company or its employees from committing legal violations." (OLG Nürnberg of 30. 3. 2022; 12 U 1520/19)

This obligation also includes the review of compliance structures in the context of corporate transactions.

In this regard, you will find a brief consideration of the OLG Nürnberg judgment and recommendations in the following:

What does the OLG Nürnberg say in its judgment?

No or insufficient compliance measures can lead to personal liability of the management of a GmbH according to § 43 para. 2 GmbHG in case of legal violations by employees. Here are some of the key findings of the OLG Nürnberg:

• The due diligence of a managing director "requires creating an internal organizational structure that ensures the legality and efficiency of the company's actions."
• "This requires a monitoring system by which risks are detected and controlled."
•  "The obligation to monitor includes adequate control, which must not start only when wrongdoing is discovered."
• "Occasional reviews" are not sufficient.
• Delegation is possible, but "overall supervision remains with the managing director."

What does this mean for transactions?

• After this judgment at the latest, no managing director can be indifferent to whether his company has a (sufficient) compliance management system. A violation can lead to high fines for managing directors.
• The managing director is personally liable. If a D&O exists at all, it must be clarified in each individual case whether it is generally covering the damage. In the worst case, the managing director bears the damage out of his own pocket.
• For transactions, it is therefore essential to check the compliance structures of the target company(ies) as part of the due diligence process. At the latest from closing, the buyer bears the responsibility for a suitable compliance management system and the managing director(s) appointed by the buyer in the target company at closing assume personal liability for this. In addition, there is the potential damage to the reputation of the target company and the buyer, as well as any liability under the German Administrative Offences Act.
• In some matters (e.g. social security and taxes) there is even the risk of buying into personal criminal liability risks. For example, a possibly newly appointed managing director without appropriate compliance measures is also criminally liable for social security contributions or taxes not paid before the transaction.

How can we support?

• Before signing until closing: Review of the existence of compliance structures as part of the due diligence and identification of deficits.
• After closing: Implementation of the results of the due diligence and, if necessary, additional comprehensive risk analysis - i.e.,
  (i) immediate examination of which particular compliance risks exist and/or
  (ii) implementation of compliance structures or individual missing compliance measures and/or
  (iii) adaptation of compliance structures to the Buyer Compliance Management System (if any).

Implementation of a suitable compliance management system at the buyer, if it is concluded in the course of the transaction advice that there is also a need for action at the buyer.

Designing compliance structures in line with requirements

• We offer various solutions: from starter kits to premium solutions with risk analysis.
• Together with the client, we determine what is desired and required based on the client's industry, size and economic possibilities.
  
  Please do not hesitate to contact us if you have any questions!