compliance.

We assist boards of directors, managers, executive employees, signatory authorities, and supervisory bodies in all aspects of duty of care, in the case of liability claims, and, if necessary, of course, in court.

services.

• Consulting with regard to existing duties of due care, their observance and possible consequences of conduct contrary to duty
• Out-of-court defense against asserted liability claims
• Representation in court in the case of claims asserted or taking effect

We advise and support our clients with regard to individualized compliance management systems, risk analyses, and internal investigations. Services.

services.

• The establishment, implementation, and ongoing monitoring of compliance management systems in companies
• Conducting compliance risk analyses, as well as special audits on behalf of companies
• Conducting internal investigations

We advise and support our clients in all aspects of directors and officers insurance (D&O), including risk analysis and reviewing existing insurance policies. Services.

services.

• Individual consulting on the necessity of D&O and/or fidelity insurance in the context of general compliance
• Analysis of existing risks for ensuring adequate protection
• Review of existing and new insurance terms within the context of individual requirements

The introduction of a Tax CMS can — when properly designed — moderate negative consequences when amending returns, and can serve as an early warning system.

services.

• Development and implementation of a Tax CMS
• Evaluation of an existing Tax CMS
• Minimizing process-related tax risks
• Analysis and documentation of tax-relevant internal procedures a decision-making processes
• Risk inventory
• Collaborative development of strategies for satisfying tax obligations
• Assistance in establishing an IT-supported Tax CMS or implementation in the existing IT landscape

Criminal law consulting and representation at all stages prior to, or during an investigative or criminal proceeding pertaining to tax law relations.

services.

• Preventative consulting for avoiding the risk of criminal liability under the tax laws
• Assistance in the course of critical company audits
• Assistance in the event of search warrants conducted by customs, tax investigators, and prosecutors
• Representation in criminal investigative proceedings under tax law
• Representation in judicial criminal proceedings
• Counsel with regard to voluntary disclosure for avoiding penalties
• Individual consultations on social insurance law issues, e.g. preparation of expert opinions
• Support of colleagues (with a client protection agreement)

Consulting in all matters surrounding the German Money Laundering Act.

services.

• Counsel on introducing a general risk management system
• Preparation and documentation for risk analysis (§ 5 German Money Laundering Act [GwG])
• Introduction of security measures (§ 6 GWG)
• Assisting with the examinations of supervisory authorities
• Consulting on duties to provide notification under the Transparency Register
• Support of colleagues (with a client protection agreement)

Handling customer data in conformity with the law is an essential element of compliance systems in companies. This involves the issue of the legally secure collection, storage, and use of customer data, in particular in so-called customer databases, such as for example, in newsletter dispatch and customer loyalty systems.

subject areas.

• Obligations to provide information vis-à-vis customers
• Legal foundation for individual customer data
• Advertising measure such as newsletters, customer loyalty systems, etc.
• Interfaces with competition law
• Rights of affected customers

services.

• Consultation for, and preparation of data protection statements and data protection information for customers, business partners, etc.
• Counsel with respect to permissible configuration options for processing customer data, as well as drafting and preparing consent declarations (online and offline)
• Guidance and support for the purpose of introducing advertising concepts, for example, newsletter dispatch or other customer loyalty systems

The Whistleblower Protection Act came into force on 2 July 2023. It obliges companies with 50 or more employees to set up an internal whistleblower system. Smaller companies with between 50 and 249 employees are granted a transition period until 17 December 2023.

If you would like to learn more about SONNTAG's digital and legally compliant whistleblowing system, click here.

Guidelines and requirements for employers under the Whistleblower Protection Act

The Whistleblower Protection Act aims to ensure comprehensive protection for whistleblowers and to protect them from possible reprisals. To this end, the Act contains the following requirements:

• Companies and organisations with at least 50 employees must introduce and operate internal whistleblower systems. Smaller companies between 50 and 249 employees have until 17 December 2023 to implement this.
• Once a tip is received, the internal reporting office must confirm this to the whistleblower within seven days.
• Within three months, the reporting office must inform the whistleblower of the measures taken, for example, the initiation of internal compliance investigations or the forwarding of the report to a competent authority, such as a law enforcement agency.
• In addition, the Federal Office of Justice will establish and operate an external reporting office as an equivalent option for reporting tips. The federal states also have the option of setting up their own reporting offices.
• Whistleblowers are free to decide whether they want to submit a report to their company's internal reporting office or use the external reporting office.
• Anonymous tips are also to be followed up. However, there is no legal obligation to design reporting channels in such a way that they enable the submission of anonymous reports.
• To protect whistleblowers from possible "reprisals", the law contains a comprehensive reversal of the burden of proof: If a whistleblower is "disadvantaged" in connection with his or her professional activities, it is presumed that this disadvantage constitutes reprisal, insofar as the whistleblower claims to have suffered this disadvantage as a result of making a report. In addition, whistleblowers may claim damages for reprisals suffered.
• Violations of the Whistleblower Protection Act may be subject to fines of up to €50,000. For legal entities and associations of persons, the fine can even be increased tenfold in certain constellations.

Significance of the Whistleblower Protection Act for practice

In addition to the obligation to set up and operate an internal reporting office in the company, it is also necessary to establish clear guidelines on how to deal with possible incoming reports from whistleblowers. If a reporting office and corresponding guidelines already exist in the company, they must be reviewed to see whether they are in line with the provisions of the new Whistleblower Protection Act.

In companies where there is a works council, a longer lead time must regularly be planned. Depending on the design of the whistleblower system in the individual case, various co-determination rights of the works council come into consideration, which must be taken into account.

If the identity of the whistleblower is known, even the non-inclusion of the whistleblower in upcoming promotions, transfers or the non-extension of his fixed-term employment contract could be considered a potential "reprisal". In such cases, the burden of proof is on the employer to show that this was not a disadvantage to the whistleblower because of his or her report. If this exculpatory evidence cannot be provided, the whistleblower may face claims for damages and fines.