German law distinguishes between criminal offences (Straftaten) and administrative offences (Ordnungswidrigkeiten). Administrative offences do not incur criminal liability, but as they constitute breaches of regulatory law, can be sanctioned with a fine.

Felonies and Misdemeanours

Criminal offences can be classified as either felonies or misdemeanours. A felony is punishable by at least one year’s imprisonment, while a misdemeanour is punishable by imprisonment or a fine. For example, violating an arms embargo under Section 17(1) Foreign Trade and Payments Act (Außenwirtschaftsgesetz – AWG) is a felony. The most “common” white-collar offences are, however, in most cases misdemeanours (eg, fraud, tax evasion, bribery, embezzlement, money laundering).

Constituent Elements of a Criminal Offence

For an act or omission (ie, a failure to act in a situation where the law imposes a duty to act) to constitute a criminal offence, the following three conditions must be met:

• the perpetrator’s conduct must satisfy the objective and subjective elements of a criminal statute. The offence may either require intent or, to the extent provided by law, negligence may suffice (eg, negligent breach of accounting obligations, Section 283b(2) German Criminal Code (Strafgesetzbuch – StGB)). “Intent” usually entails mere so-called conditional intent. Certain offences may require an additional subjective motive to be fulfilled (eg, fraud requires the perpetrator to act with the intent of obtaining an unlawful benefit for himself or a third party);
• the act or omission must also be considered unlawful – ie, no justification (eg, self-defence) applies; and
• the perpetrator must have acted with culpability.

Attempted Criminal and Administrative Offences

Liability for an attempted criminal offence can be incurred if the offence in question is a felony. Attempted misdemeanours and administrative offences are not criminal offences unless expressly provided for by law.

For administrative offences this is rarely the case. An example is the imposition of a fine for attempting to import or export market regulation goods without authorisation (Section 36(5) Market Organisation Act).

Although many white-collar offences are misdemeanours, in most cases criminal liability for attempt may be incurred – eg, attempted fraud or tax evasion.

The statute of limitations for criminal offences varies depending on the severity of the penalty. For example, the statute of limitations for offences punishable by a maximum term of imprisonment of more than one year but less than five years is five years (eg, fraud), while the statute of limitations for offences punishable by a maximum term of imprisonment of less than one year or a fine is three years (eg, a negligent breach of accounting obligations, Section 283b(2) StGB).

Criminal Offences

Generally, the duration of the statute of limitations does not depend on the severity of the criminal offence in question. For example, the limitation period for both simple and severe cases of fraud is five years, albeit the maximum term of imprisonment differs respectively. Exceptions may apply, if provided for by law. A notable exception in the area of white-collar crime relates to aggravated tax evasion, for which the statute of limitations has been significantly extended in recent years.

The limitation period commences only once the offence is “completed”. In cases of white-collar offences committed by omission, this may take a long time. Omissions are not considered “completed” until the perpetrator’s duty to act has ceased.

The statute of limitations can be suspended or interrupted. For instance, the statute of limitations in cases of tax evasion can be suspended, following an adjournment of the criminal investigation by the public prosecutor or an adjournment of the criminal proceedings by the criminal court for the duration of the conclusion of a taxation procedure by the tax authorities (Section 396 AO). The statute of limitations is interrupted by measures taken by the public prosecutor’s office (eg, raids). For each measure, the limitation period begins to run anew. However, at some point in time (eg, once twice the statutory limitation period has elapsed) the prosecution of an offence is irrevocably barred (absolute limitation).

Administrative Offences

The statute of limitations for administrative offences ranges from six months to three years, depending on the fine to be incurred. The calculation of its start, suspension or interruption generally runs parallel to the rules governing criminal offences.

The territorial scope of German criminal law is governed by the principle of territoriality; ie, the offence in question must have been committed on German territory.

Territorial Scope of German Criminal Law

Certain white-collar offences may fall within the territorial scope of German criminal law even if committed abroad.

• If a German national commits an offence outside of Germany, they can be prosecuted if the act is considered a criminal offence in the country where it was committed or if the foreign state lacks the requisite prosecutorial authority.
• If a foreign national commits an offence against a German national outside of Germany and the act is punishable under the respective local criminal law, but the foreign state lacks the requisite prosecutorial authority, German criminal law applies.
• Offences committed abroad that have a domestic link (eg, crimes that violate the trade secrets of a company physically located in Germany).
• Offences committed abroad against internationally protected legal interests (eg, subsidy fraud).

Bribery of Foreign Officials

In the area of anti-corruption, companies should be aware that bribing foreign public officials (eg, facilitation payments at border crossings) can incur criminal liability under Section 335a StGB. Criminalising bribery of both national/EU, as well as foreign officials, expands the territorial reach of Germany’s anti-bribery law enforcement.

Extraterritorial Reach of the EPPO

The European Public Prosecutor’s Office (EPPO) is charged with the prosecution of criminal offences affecting the financial interests of the EU (eg, misappropriation of EU funds). EPPO prosecutions are conducted by Member States’ national public prosecutors who simultaneously serve as “European Delegated Prosecutors”. Their investigations are decentralised, giving the EPPO a substantial extraterritorial reach across member states. German Delegated European Prosecutors do not have to rely on mutual legal assistance but may simply assign investigative measures to Delegated European Prosecutors in other member states.

Legal entities cannot be held criminally liable under German law. A draft Corporate Sanctions Act (Verbandssanktionengesetz – VerSanG), which sought to introduce a corporate criminal liability, did not enter into law.

Corporate Fines

Under Section 30 German Act on Regulatory Offences (Ordnungswidrigkeitengesetz – OWiG), companies may be subject to fines by way of attribution: if a representative of the company has committed a criminal or administrative offence, the respective offence may be attributed to the company and a corporate fine can be imposed.

The individual who commits the criminal or administrative offence must qualify as a “representative” of the company. This includes individuals who have supervisory functions, like members of the supervisory board or the company’s compliance officer. To attribute the offence to the company, it must have been committed in violation of duties that the company is bound to fulfil or the offence has enriched or was committed with the intent to enrich the company.

Breach of Supervisory Duties

A breach of supervisory duties by a member of management may suffice for the company to incur a corporate fine. Under Section 130 OWiG, it constitutes an administrative offence, which in turn may be attributed to the company, if the “owner” of the company – ie, the respective legal entity represented by its members of management, does not take sufficient care to ensure that its employees comply with the duties incumbent on the company and, as a result, an offence is committed which would have been prevented or significantly impeded by proper supervision. Ultimately, viewed from the perspective of a prosecutor or a regulatory authority, Section 130 OWiG serves as a key gateway for the imposition of corporate fines.

Level of Corporate Fines

In Germany, corporate fines have increased dramatically over the last decade. In some cases, companies have been fined hundreds of millions of euros.

Corporate fines are calculated as follows.

• Assuming a criminal offence is attributed to the company, the fine may amount to EUR5 million, if it was committed negligently, and EUR10 million, if it was committed intentionally.
• Assuming an administrative offence is attributed to the company, the fine is determined by the underlying regulatory statute (eg, the GDPR prescribes fines of up to 4% of worldwide annual turnover).
• If the attributable conduct in question qualifies as both a criminal and an administrative offence, the fine is calculated by relying on the level of fines prescribed for the administrative offence, if the latter are higher than the fines prescribed for criminal offences.

Corporate fines consist of two components:

• the extraction of profits resulting from the offence; and
• a penalty portion to be set as an appropriate sanction.

The extraction of profits aims at exceeding the level of profits incurred. As a result, the total sum of a fine may substantially exceed the legally prescribed maximum.

Offences Committed Prior to a Merger or Acquisition

Under German law, a successor entity may be fined for offences committed by the target entity prior to a merger or acquisition. Section 30(2)(a) OWiG allows for a fine to be imposed on the successor entity. However, the legal successor standard in most cases does not apply to spin-offs where the original legal entity continues to exist.

(“Non-conviction-Based”) Confiscation of Assets

German law also provides for the confiscation of assets the company has obtained from the crime (Section 73 et seq. StGB) or administrative offence (Section 29a OWiG) – eg, funds gained from contracts obtained through bribery.

German law also provides for a so-called “non-conviction based” confiscation of assets (Section 76a StGB, Section 29a (5) OWiG) – eg, if the criminal or regulatory investigation is discontinued (see 2.6 Prosecution).

Registration of Corporate Fines

The imposition of a corporate fine may be registered in:

• the Commercial Central Register;
• the Competition Register for Public Procurement, operated by the German Federal Cartel Office (FCO), which provides public contracting authorities with information on whether a company can be excluded from a procurement procedure for having received a corporate fine (eg, if the attributable offence is bribery); or
• the Corruption Registers maintained by some German states.

Compensation claims by victims of a criminal or administrative offence may typically arise under Section 826 or 823(2) German Civil Code in connection with the violation of a protective statute (ie, the criminal or regulatory statute that was violated).

Class Actions

Whether a white-collar criminal or administrative offence may also trigger a class action, depends on the applicability of the respective collective remedy. Generally, collective remedies are available under the Capital Markets Model Case Act and the Model Case Proceedings Act (Section 606 et seq. German Code of Civil Procedure). Moreover, Germany is currently transposing the EU’s Directive on Representative Actions for the Protection of the Collective Interests of Consumers into national law, which provides a collective action for redress.

Victim Compensation

German criminal law is based on the principle that “crimes should not pay”. Therefore, the law generally provides mechanisms for the state to confiscate the proceeds of crime and return them to the victim of the crime or forfeit them to the state.

In the area of white-collar crime, Section 153a(1) No 1 German Code of Criminal Procedure (StPO) is particularly relevant. The public prosecutor may discontinue a criminal investigation under the condition that the perpetrator compensates the victim for the damage caused.

In addition, assets that have been confiscated as proceeds of the crime (see 1.4 Corporate Liability and Personal Liability) can be returned to the victim (Section 459h StPO).

More generally, German law provides for a victim-offender mediation mechanism (Section 46a StGB) as well as a right to compensation for victims of violent crime under the Crime Victims Compensation Act.

Adhesion Procedure

Finally, German criminal procedural law provides for a so-called adhesion procedure: instead of pursuing a claim in civil proceedings, victims can claim civil damages before the criminal court. However, this is quite rarely used in white-collar cases.

Recent Case Law

Generally, Germany’s legal system is not based on case law, but has a statutory foundation. Nonetheless, court decisions play an important role in guiding the interpretation of white-collar criminal law. The following is a short selection of recent, noteworthy decisions.

• In a decision from 6 June 2022, the Federal Court of Justice clarified the requirements for board members to be found in breach of their fiduciary duties vis-à-vis the company, which may result in criminal liability for embezzlement (see 3.1 Criminal Company Law and Corporate Fraud). The court ruled that a board decision taken based on incomplete and inadequate factual information may constitute a breach of fiduciary duties. Under the business judgement rule, the board has a wide margin of discretion. However, a breach of fiduciary duties may occur when a board member’s actions exceed the limits of responsible conduct and are not based on a careful investigation of the underlying facts.
• In a decision from 27 April 2022, the Federal Court of Justice emphasised that the implementation of compliance measures and an internal reporting channel after discovering that a criminal offence had been committed, has a mitigating impact on the corporate fine.
• The Higher Regional Court of Dusseldorf ruled on 27 July 2023, that members of management may not be held liable for a corporate antitrust fine incurred by the company. The court emphasised that the instrument of a corporate fine aims at having a lasting impact on a company’s assets. It would not achieve this purpose if the company could seek recourse from its members of management. Note that the court may impose separate fines on management.

Latest Regulatory Developments

Companies should take note of the following key regulatory developments.

• On 1 January 2023, the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) entered into force. Companies falling within its scope will have to adhere to expansive due diligence obligations across their global supply chains. Non-compliance may be subject to fines of up to 2% of a company’s average annual turnover. In addition, the Corporate Sustainability Due Diligence Directive, which the EU is on course to adopt, will further broaden supply chain due diligence obligations for companies.
• On 2 July 2023, Germany adopted its first distinct legal framework on whistle-blower protection, the Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG, see 4.4 Whistle-Blower Protection).
• On 2 May 2023, the EU Commission (EC) introduced a draft EU Anti-corruption Directive, which will extend the maximum terms of imprisonment for bribery and will add a criminal offence of “trading in influence”.
• In July 2023, the German Federal Ministry of Finance introduced the Draft Combatting Financial Crimes Act, which will establish a new Federal Bureau of Financial Intelligence.

Criminal investigations are mainly conducted by the public prosecutor’s offices, of which there are a total of 116 in all German states. They are assisted by the police, which carries out investigative measures. Another investigatory authority to be reckoned with, especially in cases of alleged money laundering, is the Federal Criminal Police Office (Bundeskriminalamt – BKA).

For an alleged tax evasion, the tax authorities are also authorised to conduct criminal investigations under Section 386 Fiscal Code (Abgabenordnung – AO) and have the same rights as the public prosecutor’s office. However, the latter can take over at any point in time.

White-Collar Crime Divisions

There are specialised divisions within public prosecutor’s offices that focus exclusively on investigating white-collar crime. These divisions may also employ economic and accounting experts. Within the police there are also investigation units, which are specially trained for white-collar crime cases.

Moreover, there are specialised courts for white-collar crime. They have a distinct jurisdiction over certain white-collar offences (eg, embezzlement, if the case in question requires special knowledge of commercial practices).

Facing Multiple Fronts

Companies subjected to a white-collar investigation in Germany will find themselves facing multiple fronts. For example, an investigation into alleged social security fraud and a corresponding allegation of income tax evasion, will, at the outset, involve the tax authorities. They may then hand over the investigation to the public prosecutor’s office, which is in turn assisted by the customs authorities as well as the social security services. This could lead to a situation where, for example, when reaching a settlement with the tax authorities, companies also must consider the implications on a settlement with the social security services, and vice versa, while also considering the impact on the ongoing criminal investigation.

A criminal investigation is initiated by the public prosecutor’s office if there are factual indications (obtained through – eg, criminal complaints or whistle-blowers) that a criminal offence has been committed.

Initiating a Criminal Investigation

Certain criminal offences may only be prosecuted following a formal request by an eligible party, usually the victim. For some offences, a formal request for prosecution is an absolute prerequisite. For other offences, even if a formal application is required and was not filed, the prosecutor may still initiate an investigation if there is a significant public interest. For example, in cases of bribery in the private sector, either a competitor has filed a formal request, or the prosecutor establishes a significant public interest (eg, if substantial damage was caused).

Audits by Regulatory Authorities

In some cases, an audit may be the trigger for a regulatory authority to initiate an investigation into a regulatory offence. For example, data protection authorities regularly audit companies and subsequently take action.

Law enforcement authorities have a wide range of investigative measures at their disposal. This includes, inter alia, raids, seizures, questioning of witnesses or the interception of telecommunications and capture of usage data from telemedia services.

Production Orders

The public prosecutor or the police may, without requiring a court order, request documents or data from a company. When responding to a production order, companies must keep the following in mind.

• Non-compliance can result in a fine and, if the fine is not paid, imprisonment. There is the possibility of filing a complaint against the production order.
• It may be beneficial to co-operate and hand over documents to avert a raid of company premises.
• The transfer of personal data, even if the recipient is a law enforcement agency, must be in compliance with the GDPR. At the same time, however, law enforcement agencies often have little regard for companies’ efforts to ensure both compliance with their production order as well as the GDPR.
• Handing over documents/data risks disclosing evidence of potential misconduct the authorities did not have knowledge of yet.
• The German standard of protection for attorney-client communications and attorney-work products is relatively low, as legal privilege is limited under German law. It is advisable to mark relevant documents as legally privileged.

Raids and Seizures of Documents

A public prosecutor’s office may raid company premises and seize documents. Both measures require substantial factual indications that a criminal offence was committed. To conduct a raid, law enforcement must obtain a search warrant. Solely in exigent circumstances a company’s premises can be raided without obtaining a court order. In these cases, it is possible to request a judicial review whether or not the standard of ‘exigent circumstances’ was met. Even if a judge should decide that the raid was unlawful, the evidence collected may still be admissible in court later on. In Germany, the fruit of the poisonous tree doctrine does not apply.

Questioning of Employees

Employees may be questioned by both the public prosecutor and the police. Nevertheless, witnesses are only obliged to appear and provide testimony if they are subpoenaed by the public prosecutor’s office, or the police’s subpoena was ordered by the public prosecutor’s office.

An employee is legally required to testify, unless they have a right to refuse testimony (eg, if they invoke the right against self-incrimination). The duty to testify also applies to employees who have signed an NDA.

Prosecutors usually also subpoena former employees or members of management. By pursuing this course of action, they hope, for example, to gain material information on the whereabouts of missing assets.

Under German law, there are no express statutory requirements requiring companies to conduct an internal investigation. Although there is no distinct legal framework, there are certain, informal, established practices, which may also differ regionally depending on the competent public prosecutor’s office. Thus, conducting an internal investigation in Germany requires a company to manage a public prosecutor’s office’s expectations with respect to these established practices.

However, under both Section 93 German Stock Corporation Act (Aktiengesetz – AktG) and Section 130 OWiG (see 1.4 Corporate Liability and Personal Liability), the board must investigate, if there are sufficient factual indications of criminal or regulatory misconduct. Otherwise, board members may incur civil liability and/or risk committing an administrative offence under Section 130 OWiG. With respect to the scope of an internal investigation, a board may decide, at its discretion (business judgement rule), to which extent potential misconduct is investigated.

Strategic Considerations

An internal investigation may provide the necessary basis for closing gaps in a company’s compliance programme and, subsequently, implementing remedial measures. Both may be considered mitigating factors in the assessment of corporate fines (see 5.2 Assessment of Penalties). For example, the LkSG (see 1.6 Recent Case Law and Latest Developments) expressly recognises efforts to investigate an infringement as a mitigating factor.

Conducting an Internal Investigation in Germany

When conducting an internal investigation, companies will need to consider the following.

• Employees have an obligation to attend interviews conducted as part of an internal investigation. The StPO does not apply. Thus, in principle, employees must provide truthful information to their employer/the firm tasked with the investigation, even if doing so may result in self-incrimination. However, it is usually advisable to grant and comprehensively instruct employees on a right against self-incrimination and inform them that transcripts may be handed over to law enforcement. Thereby, the results of an employee interview will be admissible during the criminal investigation.
• In the light of the principle of fairness, interviews should adhere to the standards of the StPO. Employees should, for example, be allowed to be accompanied by a lawyer. The works council generally has no right to co-determination with respect to internal investigations. Nonetheless, it is advisable to inform the works council about the internal investigation.
• Companies must ensure compliance with the GDPR. The processing of personal data can be based on the company’s legitimate interests (Article 6(1)(f) GDPR) and exemptions to the GDPR’s transparency obligations may apply.
• Co-operating with law enforcement may involve sharing the results of an internal investigation. This, in turn, can lead to a reduced fine (see 5.2 Assessment of Penalties). Specifically, in relation to employee interviews, it is advisable to co-ordinate and align these with the public prosecutor’s office. From the latter’s point of view, having potential witnesses being questioned for the first time by a company’s internal investigators and not by themselves, may risk “tainting” an employee’s testimony at a later stage.
• Legal privilege is limited under German law. There is a high risk that attorney work is seized by law enforcement. This could expand the respective criminal investigation to misconduct which the prosecutor was not previously aware of. It is advisable to mark documents stemming from an internal investigation as legally privileged.

German authorities co-operate with law enforcement agencies around the world. Under the German Act on International Mutual Assistance in Criminal Matters, a suspect can be extradited, if the respective act also constitutes a criminal offence under German law. The offence must be punishable by a minimum of one year of imprisonment, which is the case for most white-collar criminal offences in Germany.

At the EU level, law enforcement authorities co-operate closely. A key instrument is the European Arrest Warrant, which simplifies extraditions within the EU.

The EU’s Supranational Law Enforcement Authorities

Companies need to be aware that, in certain cases, they may face supranational law enforcement authorities operating across EU Member States (eg, EPPO, Europol, Eurojust).

The EPPO (see 1.3 Extraterritorial Reach), for example, has already conducted a total of 929 investigations since the start of its operations in 2021. Moreover, it has concluded a multitude of working arrangements with non-EU law enforcement authorities (eg, the US DOJ). In 2022, there were 79 ongoing EPPO investigations in Germany related to an estimated EUR1,2 billion in damages.

Cross-Border Access to E-evidence

The EU has recently adopted the E-Evidence Regulation, which will be applicable as of 18 August 2026. It provides law enforcement in all EU member states with cross-border access to electronic evidence held by service providers (eg, email services, cloud providers).

Criminal investigations are governed by the principle of mandatory prosecution. If a prosecutor becomes aware of factual indications that give rise to a preliminary suspicion that an offence was committed, they must investigate.

Discontinuation of a Criminal Investigation

In certain cases, prosecutors have discretion to discontinue an investigation. Highly relevant for the pre-trial resolution of white-collar investigations (see 2.7 Deferred Prosecution) is the prosecutor’s power to discontinue an investigation under the condition of the payment of a monetary penalty. A discontinuation is also possible once, following an indictment, the criminal proceedings have already been opened by the criminal court.

Margin of Discretion in Fine Proceedings

In contrast to a criminal investigation, the authorities have a wide margin of discretion whether to initiate or terminate fine proceedings for administrative offences.

German law does not provide for a distinct mechanism for a pre-trial resolution between the suspect and the prosecution (eg, a deferred prosecution agreement). Nonetheless, there are ways to resolve a white-collar criminal investigation without a trial. The practically most relevant manner of resolving a white-collar criminal investigation without a trial is for the prosecutor to discontinue his investigation.

Discontinuation of a Criminal Investigation Against Individuals

In many white-collar cases, an important objective will be to achieve a discontinuation of the investigation in return for the payment of a monetary penalty. Such a discontinuation does not constitute an admission of guilt. It is to be regarded as a mere procedural dismissal of the investigation.

A discontinuation has a beneficial impact on additional repercussions (eg, no registration in the Competition Register for Public Procurement, see 1.4 Corporate Liability and Personal Liability).

“Non-conviction based” Imposition of a Corporate Fine or Confiscation of Assets

Although the criminal investigation against individual members of management was discontinued, the public prosecutor’s office may still, on a “non-conviction basis”, impose a corporate fine or confiscate company assets (see 1.4 Corporate Liability and Personal Liability).

Under Section 257c StPO, the criminal court, the prosecutor and the defendant may enter into a plea agreement. In return for a confession, an agreement may be reached, for example, on the severity of the sentence. The possibility of entering into a plea agreement does not alter the duty of the criminal court to investigate the facts of the case ex officio. Even if a confession was made as part of a plea bargain, the court must still examine its authenticity.

Plea bargaining is also possible in administrative offence proceedings as Section 257c StPO also applies to fines (eg, an agreement on the amount of the fine may be reached).

Corporate Fraud Offences

Criminal liability for fraud may arise if the assets of another person are damaged by creating or perpetuating an error under false pretences or by distorting or suppressing true facts with the intent of gaining an unlawful benefit. The punishment is either imprisonment for up to five years or a fine. Aggravated fraud (eg, causing a significant financial loss of at least EUR50,000) is punishable by imprisonment of at least six months and up to ten years.

Criminal liability may also be incurred for subsidy fraud, capital investment fraud, insurance fraud, credit fraud or social security fraud.

Embezzlement

Whoever intentionally breaches a fiduciary duty, leading to a damage of another person’s or entity’s assets, for whose property interests they were responsible, may be held criminally liable for embezzlement.

There is some debate as to whether the failure of a board to pursue damage claims against an employee who has committed a criminal offence constitutes a breach of a fiduciary duty resulting in criminal liability for embezzlement. Ultimately, the board’s margin of discretion under Section 93 AktG requires, on a case-by-case basis, an assessment of the potential damage claim and a comprehensive risk analysis (eg, significant factors affecting the welfare of the company may outweigh claiming damages).

Bribery in the Private Sector

Under Section 299 StGB, criminal liability for both active (ie, as a benefactor) and passive (ie, as a recipient) bribery in the private sector may be incurred if a benefit is granted or accepted as consideration for according an unfair preference to another in the competitive purchase of goods or services in Germany or abroad.

One of the principal constitutive elements is the existence of an (implied) agreement between the recipient and the benefactor that the benefit is given/received as (illegal) consideration for granting an unfair advantage.

Bribery in the Public Sector

Both “active” (Section 333, 334 StGB) and “passive” bribery (Section 331, 332 StGB) of public officials are criminal offences. The term “public official” is very broad and covers any person who is either a civil servant or a judge, carries out other public official functions or has otherwise been appointed to serve with a public agency or has been commissioned to perform public administrative services.

Public official also pertains to “European officials”– eg, officials of the EC. Additionally, criminal liability is extended to the bribery of foreign public officials (see 1.3 Extraterritorial Reach).

Facilitation Payments

The term facilitation payment is used to describe a payment, usually of a small amount, to a public official which is not provided for by law and is intended to induce the latter to expedite an official act. Facilitation payments are regarded as bribes and may trigger criminal liability.

“Socially Acceptable” Benefits?

While immaterial benefits may qualify as bribes and result in criminal liability, “socially acceptable” benefits may be exempt. Those are of a small monetary value and granted out of common courtesy (eg, giveaways as part of corporate hospitality). Whether a benefit is socially acceptable requires a case-by-case analysis of its value and context. The standards for social acceptability are generally higher for bribery in the public sector.

Anti-bribery Compliance Programme

Generally, there is no express legal obligation to implement an anti-bribery compliance programme.

Financial institutions, however, must institute an organisational structure that complies with applicable legal requirements (Section 25a German Banking Act (Kreditwesengesetz - KWG)), as well as a risk management plan to prevent, inter alia, bribery and corruption.

Under Section 93 AktG (see 3.1 Criminal Company Law and Corporate Fraud) board members must prevent criminal misconduct, including corruption and bribery. The existence of an anti-bribery compliance programme may not only prevent criminal misconduct but can also serve as a defence to a claim of a violation of Section 130 OWiG and avoid a corporate fine (see 4.1 Defences). A dedicated anti-bribery compliance programme can also reduce a fine (see 5.2 Assessment of Penalties).

Bribery and Tax Evasion

If a benefit is deemed to constitute a bribe, a company is prohibited from deducting the benefit and related expenses from its taxable income. In this respect, German tax law provides for an information exchange. The tax authorities are obliged to inform the public prosecutor’s office of suspected bribery payments. Conversely, a prosecutor must inform the tax authorities regarding any tax offences related to bribery payments.

Impact on Public Procurement

Pursuant to Section 123 German Competition Act (Gesetz gegen Wettbewerbsbeschränkungen – GWB), public contracting authorities must exclude a company from participating in a tender award procedure if they are aware that a person, whose conduct is attributable to the company, was convicted or a fine was imposed on under Section 30 OWiG for bribery.

Criminal and administrative offences in relation to insider dealing and market abuse are laid out in Section 119, 120 German Securities Trading Act (Wertpapierhandelsgesetz – WpHG). Their constituent elements are largely determined by reference to the EU’s Market Abuse Regulation (MAR).

Insider Dealing

Under Section 119(3) WpHG (in conjunction with Article 14 MAR) it constitutes a criminal offence, if a natural person intentionally:

• engages in insider dealing;
• recommends or induces a person to inside dealing; or
• discloses inside information without authorisation.

If insider dealing is committed negligently, it constitutes an administrative offence under Section 120(14) WpHG, which can incur fines.

Market Abuse

Under Section 119(1) WpHG, intentionally influencing stock exchange or market prices constitutes a criminal offence. If, however, there is no influence on the market prices or it cannot be proven, the act in question may nevertheless qualify as an administrative offence.

The BaFin’s Involvement

In most cases, the German Federal Financial Supervisory Authority (BaFin) files a criminal complaint with the competent public prosecutor’s office. The latter conducts the respective criminal investigation. However, the prosecutor is legally required to involve the BaFin in the investigation (eg, the BaFin must be heard if the prosecutor is considering a discontinuation). The BaFin is also the competent supervisory authority for both the regulatory investigation and the ancillary fine proceedings.

Criminal Banking Law

CEOs of financial institutions may incur criminal liability under Section 54a KWG, if they fail to implement the risk-management processes prescribed by the KWG which, in turn, results in an existential threat to the respective institution.

Constituent Elements of Tax Evasion

A person is deemed to have committed tax evasion if they intentionally submit an incorrect/incomplete tax return or fail to submit a tax return despite being legally obliged to do so, resulting in an understatement of tax. Intent also pertains to conditional intent (see 1.1 Classification of Criminal Offences). Grossly negligent tax evasion is an administrative offence punishable by a fine.

Specific Guidelines for Criminal Penalties

Tax evasion is punishable by a term of imprisonment of up to five years or a fine.

There are, different to German criminal law more generally (see 5.2 Assessment of Penalties), guidelines for the assessment of penalties, which can be derived from the case law of the Federal Court of Justice. For example, if the evaded taxes amount to more than EUR1 million, generally, a prison sentence without parole will be imposed.

Voluntary Self-Disclosure

A voluntary self-disclosure can exempt one from criminal prosecution if the following prerequisites are met:

• timely filing of the tax return (ie, if the tax authorities have already ordered an audit, self-disclosure is precluded);
• submission of complete and detailed information (ie, at least on all tax offences for the relevant tax type within the last ten years); and
• timely payment of the understated taxes.

Tax Compliance

There is no express legal requirement to establish a tax compliance programme. However, pursuant to a Fiscal Code Application Decree issued by the Federal Ministry of Finance, the existence of a tax compliance programme may be an indicator of a lack of intent or (gross) negligence to commit tax evasion, notwithstanding an individual case-by-case assessment.

Tax Settlements

It is possible to conclude a settlement with the tax authorities regarding the assessment of outstanding taxes. Tax settlements are not legally binding for the prosecutor conducting the criminal investigation. Nonetheless, the main objective of a successful defence will be to achieve both a discontinuation of the criminal investigation (see 2.6 Prosecution) and a settlement with the tax authorities.

Violations of Financial Disclosure Obligations

Members of the board and/or the supervisory board can be sentenced to imprisonment for up to one year or a fine if they misrepresent a company’s circumstances in its annual financial statements (Section 331(1) HGB). Note, however, that the breach of disclosure obligations must be severe to incur criminal liability.

In addition, under Section 332(1) HGB, statutory auditors, who incorrectly report the results of an audit of annual (non-)financial statements, may be sentenced to imprisonment for up to three years or fined.

Violations of financial disclosure requirements under the HGB may also constitute administrative offences under Section 334 HGB.

Violations of Accounting Obligations

Under Section 283(1) No 5-7, 283b StGB a penalty of imprisonment of up to five years or a fine may be imposed for a breach of accounting obligations. Criminal liability may only be incurred if the perpetrator has suspended their payments or if insolvency proceedings have been opened against their assets or if the application to open insolvency proceedings has been rejected for a lack of assets.

Anti-competitive practices under Article 101 Treaty on the Functioning of the EU (TFEU) or the abuse of a dominant market position under Article 102 TFEU, may incur fines. At a national level, the FCO may impose fines for violations of national competition rules under Section 81(1) to (3) GWB.

If the underlying conduct rises to the level of collusion/bid-rigging, criminal liability may be incurred (Section 298 StGB).

Antitrust Fines

EU antitrust fines are imposed on the basis of a fine liability concept substantially broader than Section 30 OWiG (see 1.4 Corporate Liability and Personal Liability). The EC may impose fines on “undertakings”. Thus, a parent company can be held liable for antitrust infringements committed by its subsidiary, provided that it exercises decisive influence over the latter. The EC must attribute an “intentional” or “negligent” infringement by a natural person. In contrast to Section 30 OWiG, this may be any employee acting on behalf of the “undertaking”.

Partially aligning with the EU’s antitrust liability concept, Section 81a (1) GWB enables the FCO to impose a fine on the group parent company but also on other group companies, insofar as (in)direct decisive influence was exercised on the management of the entity involved. This substantially deviates from Section 30, 130 OWiG, as it enables the imposition of a fine on the parent company, without attributing the respective infringement to a “representative” of the parent company.

Digital Markets Act

The Digital Markets Act which, for the most part, became applicable in May 2023, requires online platform services (“gatekeepers”) to abstain from certain practices on digital markets. Non-compliance may incur (hefty) fines of up to 10%, in cases of repeated infringements of up to 20%, of a gatekeeper’s worldwide annual turnover.

Criminal Offences With a Nexus to Consumer Protection

Strictly speaking, German law does not entail a distinct body of “consumer criminal law”. The most noteworthy criminal offence with a nexus to consumer protection is Section 16 Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG), which penalises:

• intentionally misleading advertisements; and
• practices aimed at progressive consumer canvassing (eg, pyramid schemes).

Criminal Liability for Defective Products

Criminal liability for causing bodily harm (by omission) may be incurred for placing defective products (products of such a nature that their intended use creates health risks for consumers) on the market, which caused physical injuries.

Main Cybercrime Offences

The main cybercrime offences are the following.

• Accessing or intercepting data without authorisation (ie, under circumvention of security measures) may incur criminal liability for data espionage (Section 202a StGB) or, for example, in cases of phishing, data interception (Section 202b StGB).
• Whoever commits acts, which impact the integrity of data or IT systems, may be held criminally liable for data tampering (Section 303a StGB) or, for example, in cases of denial-of-service attacks, computer sabotage (Section 303b StGB).
• Criminal liability may be incurred for computer fraud (Section 263a StGB) and falsifying or suppressing data of evidentiary value (Section 269, 270, 274 StGB).
• The handling of illegally obtained data – eg, distributing such data, constitutes a criminal offence (Section 202d StGB).

Co-operation Obligations of Telecommunications Providers

In the context of a cybercrime investigation – eg, in cases of severe computer fraud, law enforcement can intercept the telecommunications of potential suspects. Under Section 100a(4) StPO, a public prosecutor may require a telecommunications service provider to assist them in the interception of telecommunications. Telecommunications service providers not only have to assess the extent to which they are obliged to co-operate under Section 100a(4) StPO, but also ensure compliance with the GDPR.

Protection of Company Secrets

Under Section 23 German Law on the Protection of Trade Secrets, a breach of company secrets constitutes a criminal offence. No criminal liability is incurred if the disclosure of a company secret serves a legitimate interest – eg, is covered by the right to freedom of speech or freedom of the press.

Under Section 17 AWG, the violation of an arms embargo constitutes a criminal offence punishable by at least one year and up to ten years of imprisonment. Reckless violations may incur a prison sentence of up to three years or a fine.

Intentional violations of EU sanctions and export control requirements under the Foreign Trade and Payments Ordinance are punishable by a term of imprisonment for between three months and five years. This also pertains to cases in which the company’s management acted with conditional intent only.

Negligent violations of EU Sanctions and export control rules may qualify as administrative offences (Section 19 AWG). Self-disclosure in relation to certain administrative offences committed negligently may exempt one from fines (Section 22(4) AWG).

An act of “concealment” may trigger criminal liability in different respects.

Concealment of Facts/Evidence Material to a Criminal Investigation

Concealing facts or evidence material to a criminal investigation may amount to obstruction of justice, for which the penalty is imprisonment for up to five years or a fine.

During an internal investigation, members of management may become aware of criminal offences committed by employees of the company. The question may arise whether they must file a corresponding criminal complaint.

Generally, they will not incur criminal liability for an obstruction of justice by omission, as they lack the requisite duty to act.

Under Section 93(1) AktG, it is at the board’s discretion whether and how it sanctions employee misconduct. In certain severe cases, the margin of discretion may be limited and, with respect to a potential criminal liability for embezzlement (see 3.1 Criminal Company Law and Corporate Fraud), can require the pursuit of damages claims against the respective employee. It may hypothetically be necessary for the board to file a criminal complaint if the latter is deemed material to the pursuit of a claim for damages. However, even in such cases, the board retains its discretionary power (eg, consider reputational risks).

Concealment as a Requisite Act to Fraud Offences or Money Laundering

An act of “concealment” may also trigger criminal liability in relation to corporate fraud offences (see 3.1 Criminal Company Law and Corporate Fraud). This may, for example, be the case for fraud by omission, where the perpetrator, with the intent of gaining a benefit, does not disclose certain facts although duty-bound to do so.

If the act of “concealment” relates to obfuscating the illegal origin of an asset, the perpetrator may incur criminal liability for money laundering (see 3.13 Money Laundering).

Criminal liability can be incurred for aiding and abetting another person to commit a criminal offence. If, for example, bribery committed abroad is aided by an act committed in Germany (eg, provision of funds within a German parent company for foreign business transactions of a German employee), criminal liability may be incurred under German law. The act of assisting another incurs the same criminal penalty as the principal perpetrator, yet the criminal court is legally obliged to mitigate the penalty.

Criminal Liability

Natural persons can be held criminally liable for money laundering if they introduce illegally generated assets into the legal, financial and economic cycle. Whoever conceals an object derived from an unlawful act, transfers it with the intention of preventing its discovery, procures it for themselves or a third party, or keeps it for themselves or a third party, if they knew its origin at the time they obtained it, can be punished by imprisonment for up to five years or by a fine.

In March 2021, Germany adopted an all-crimes approach, meaning that all criminal offences may constitute suitable predicate offences. Being recklessly unaware of the illegal origin of funds may also incur criminal liability. The latter, in combination with an all-crimes approach, has substantially expanded criminal liability for money laundering.

Regulatory Requirements

The German AML Act (Geldwäschegesetz – GwG) requires obliged entities (eg, credit institutions, financial services institutions) to establish effective risk management systems appropriate for the nature and size of their business to prevent money laundering and terrorist financing. The GwG requires risk analyses, establishing internal safeguards, conducting customer due diligence and filing suspicious activity reports.

Germany also operates a transparency register on companies’ ultimate beneficial owners (UBOs). In August 2021, its scope was expanded. Almost all legal entities in Germany (with some exceptions) must report their UBOs.

In cases of non-compliance, for particularly grave and systematic offences and for certain obliged entities, the maximum fine is between EUR1–5million, or 10% of annual turnover in the preceding year, whichever is higher.

Effective Compliance Programme as a Defence?

The existence of an effective compliance programme can be a defence against an alleged breach of supervisory duties under Section 130 OWiG. The failed draft for a VerSanG expressly provided for an effective compliance programme to be considered as a mitigating factor (see 1.4 Corporate Liability and Personal Liability), which showcases that there is awareness in Germany that this should be a statutory requirement.

The authorities often infer from the (mere) existence of an offence, a corresponding breach of supervisory duties. Such an inference, however, is not permissible and can be rebutted by demonstrating the effectiveness of the company’s compliance programme. Under Section 130 OWiG, members of management must implement the following measures:

• careful selection of employees;
• proper organisation of workflows and a clear distribution of responsibilities;
• adequate information of employees as well as corresponding training;
• adequate supervision of employees; and
• under certain circumstances, the imposition of appropriate sanctions.

Even if a company’s compliance system has evident flaws, it may be possible to obtain a (substantial) fine reduction by demonstrating remedial measures designed to prevent future criminal or regulatory misconduct (see 5.2 Assessment of Penalties).

Co-operation With Law Enforcement From the Outset?

In certain cases, the key to a successful defence may be co-operating with law enforcement from the outset of a criminal investigation (eg, by aligning the scope of an internal investigation with the prosecutor’s investigation). This may have a substantial impact on the pre-trial resolution of the criminal investigation (see 2.6 Prosecution) and/or a reduction of the corporate fine. However, in some cases, the better strategy may be to mount a robust defence from the outset of a criminal investigation rather than to co-operate.

In Germany, there are no (de-minimis) exceptions for white-collar offences.

Co-operation

Co-operation with law enforcement can be a mitigating factor in the assessment of a penalty. However, since deferred prosecution agreements are not provided for under German law, companies must be aware that even if they co-operate, there is no guarantee that the authorities will not carry out coercive measures.

Self-Disclosure

Voluntary self-disclosure is expressly provided for certain white-collar offences, such as tax evasion, social security fraud, subsidy fraud or money laundering. Nonetheless, strict requirements will have to be met for a self-disclosure to be fully valid and exempt from prosecution. Voluntary self-disclosure may generally be considered as a mitigating factor in the assessment of penalties.

Leniency

The FCO has a leniency policy for horizontal restraints of competition. The first applicant is granted full immunity from fines if he provides material information and continuously co-operates. Other cartel participants who apply for leniency at a later stage may receive a reduced fine.

Before the HinSchG came into effect (see 1.6 Recent Case Law and Latest Developments), Germany did not have a distinct legal framework for whistle-blower protection.

Scope of the HinSchG

Companies – ie, the individual legal entity qualifying as the respective employer within the scope of the HinSchG, with more than 50 employees – must establish internal reporting channels. The HinSchG also provides for designated external reporting bodies (eg, the FCO).

The HinSchG encompasses criminal and certain administrative offences. Individuals are only subject to the protection standards of the HinSchG if they report information through the reporting channels prescribed by the HinSchG or, if certain conditions are met, publicly.

Whistle-Blower Protection Under the HinSchG

Under the HinSchG, whistle-blowers are protected as follows.

• They may not be held liable for accessing information that forms the basis of their disclosure, provided that the way they obtained access does not amount to a criminal offence.
• Retaliation against whistle-blowers is prohibited.
• Whistle-blowers may breach non-disclosure obligations, if they had valid reasons to believe that revealing the respective information was necessary to detect misconduct.

In a criminal investigation, the prosecutor gathers evidence to determine whether the initial factual indications that a criminal offence has been committed meets the standard required to request an indictment: the probability of a conviction must be higher than the probability of an acquittal – ie, more than 50%. The prosecutor must remain objective and consider all relevant facts, including those that may exonerate the suspect.

Reasonable Doubt

During the criminal trial, the court investigates the evidence ex officio. If there is a reasonable doubt – eg, if not all factual requirements for a conviction have been established, the court must find in favour of the defendant.

In administrative fine proceedings, which are quasi-criminal in nature, the presumption of innocence applies. The public prosecutor or the competent regulatory authority carry the burden of proof.

Regulatory Documentation Requirements – A Reversal of the Burden of Proof?

In certain areas of administrative law, companies may have to comply with extensive documentation requirements. For example, under the GDPR, companies must demonstrate compliance (Article 5(2) GDPR). Inadequate documentation can result in fines.

Although this cannot be reconciled with the presumption of innocence, which is also guaranteed under EU law (Article 48 CFR), data protection authorities regularly invoke Article 5(2) GDPR to alleviate their burden of proof in fine proceedings. If the data controller does not hand over the documents after being requested to do so by the competent data protection authority, the latter could deem this as a separate breach of Article 5(2) GDPR and subsequently impose a fine.

In Germany, unlike the US, sentencing is not governed by guidelines. The sentence must reflect the defendant’s degree of culpability (Section 46(1) StGB). Within the penalty range provided for in the respective criminal provision, the court must weigh both aggravating and mitigating factors.

Mitigating Factors

The following mitigating factors are particularly relevant to the sentencing of white-collar criminal offences:

• a defendant’s confession;
• compensation of damages caused by the respective criminal offence;
• the length of the criminal proceedings, which in white-collar cases tends to be much longer than the average;
• contributory “negligence” on the part of the victim – eg, for embezzlement, if the victim was aware of the defendant’s lack of good faith and nonetheless allowed them access to their funds; and
• non-criminal legal consequences, such as a civil liability for damages claimed by the victim of the white-collar offence.

Assessment of Fines for Administrative Offences

Generally, it is important to note that under German law corporate fines aim at extracting the commercial profits resulting from the offence (see 1.4 Corporate Liability and Personal Liability). Section 17 OWiG sets out the criteria for assessing fines for administrative offences as well as the minimum or maximum level of fines if the respective regulatory statute does not provide for a distinct minimum/maximum amount. Criteria for the assessment of a fine under Section 17(3) OWiG are the significance of the administrative offence in question as well as the perpetrator’s financial circumstances. In terms of the perpetrator’s financial circumstances, income, existing assets and existing financial liabilities are of particular importance.

Existence of an Effective Compliance Programme

According to a 2017 ruling by the Federal Court of Justice, the existence of an effective compliance programme is a mitigating factor to consider when assessing the level of a corporate fine. Moreover, remedial measures taken after identifying flaws in the compliance programme may lead to a reduction of the fine.

The existence of a compliance programme is also expressly considered a mitigating factor in the assessment of antitrust fines (Section 81d(1) No 5 GWB). Fines imposed under the LkSG may be reduced if remedial measures are implemented (Section 24(4) No 7 LkSG).

Distinct Guidelines Issued by Regulatory Authorities

Some supervisory authorities may rely on their own, distinct guidelines for the assessment of fines (eg, the European Data Protection Board’s guidelines for the calculation of GDPR fines).