It is not without a certain irony that, shortly after the German Constitutional Court gave public broadcasters a virtual free pass over private media (BVerfG, decision dated July 20, 2021 – 1 BvR 2756/20, here, in German), the private news portal “Business Insider“, of all places, uncovered numerous possible compliance lapses at the “Rundfunk Berlin-Brandenburg (RBB)“, a regional public broadcaster. In addition to a certain entertainment value (see for a chronology of the events of Business Insider, see here, in German), an analysis of the case also allows conclusions to be drawn about the orientation and development of corporate governance and compliance structures in companies, of which a fundamental issue will be singled out below – namely the question of how critical information reaches the supervisory bodies.
For example, the statement made by a responsible person at RBB in a television interview that he or she was not aware of concerns raised by the auditing department regarding the accrued costs for the restructuring of the boardroom (in the 7-figures-region) already appears questionable from a governance point of view. These concerns are reinforced by a further statement that the head of RBB’s auditing department is required to report to the RBB’s Director-General (in German called “Intendant“) and that “it is difficult to control the Intendant herself”.
Corporate Governance / Compliance within public broadcasters?
The RBB is a so-called “institution under public law” (“Anstalt öffentlichen Rechts, AöR“, see here for more details), i.e. not a private enterprise to which the regulations on corporate governance and compliance are originally addressed. In its so-called “BSR decision“, however, the Greman Federal Supreme Court (BGH) dealt both with compliance in principle (“Such an orientation, recently referred to as ‘compliance’ in large companies, is now implemented in business life by creating so-called ‘compliance officers’“, cf. para. 27) as well as with the question of transferring this concept to AöR (“Unlike a private company, which only operates within a legal framework which it has to observe, primarily for the purpose of making a profit, in the case of an institution under public law, the enforcement of the law is the actual core of its activity. This also means that the fulfillment of these tasks in a lawful form is a central component of its “entrepreneurial” activities.“, para. 29). From the statements of the BGH, one should therefore conclude, if only for reasons of risk minimization, that the rules of corporate governance and compliance apply in principle to both public and private companies, unless special rules apply (e.g., AöRs may be declared ineligible for insolvency by state law, cf. § 12 (1) No. 2 InsO; for RBB, see § 1 (2) of the State Treaty on the Establishment of RBB (here, in German)). The following analysis of the regulations applicable to stock corporations is therefore likely to be transferable both to AöR and (depending on the repective size) to companies of other private-sector legal forms, such as the GmbH, or also associations.
Basics of RBB’s compliance
Pursuant to § 18 (1) of the State Treaty on the Establishment of RBB , the Administrative Board (to be elected from the Broadcasting Council) supervises “the management of the Director-General” (and is thus almost identical in wording to the corresponding wording on the duties of the supervisory board in an Aktiengesellschaft (AG), cf. §111 (1) AktG). The administrative board in the ÖRR is thus structurally comparable to a supervisory board, the director-general to a management board in the AG. It goes without saying that the administrative board can only control those management processes of which it gains knowledge. And statements made in an interview (known to the author, but not specified here for reasons of personal privacy) indicate that the RBB’s Administrative Board presumably had no actual knowledge of the misconduct.
The above-quoted statements from RBB indicate that the reporting system required to monitor the management and especially was not “set up” in such a way that reporting to the RBB’s Administrative Board, in particular on critical business transactions, is guaranteed without interruption. Thus, the question is how such seamless information of the RBB’s Administrative Board can be structurally ensured.
Basics about information to the supervisory board
An AG’s supervisory board regularly obtains the information it requires for monitoring the management from the reports to be regularly submitted by the management board in accordance with § 90 AktG. According to Principle 16 of the German Corporate Governance Code (GCGC), the supervisory board “must, however, ensure that it is adequately informed.” This expressly also applies to the area of “compliance”. In this respect, the supervisory board is therefore obliged to collect the information required for monitoring the management of the company. The question is how far this duty to obtain information extends and at what point it encroaches on the authority of the management board. Outside the reports of the management board, the supervisory board of an AG may receive further relevant information via committees acting with other stakeholders of the company, such as auditors. For example, Item 5.3. DCGK (2013) (here, in German) still expressly provided for the entrustment of the audit committee with compliance issues.
Even though this provision is no longer explicitly included in the current Code, one should not conclude that there is no need for such an additional “reporting track” alongside the reports of the management board. However, the original Government Commission on the German Corporate Governance Code was “skeptical” about the proposal. According to this, the supervisory board should be free to have certain items examined by the internal audit department. In this respect, it was pointed out that the members of the internal auditing department were employees of the company and therefore dependent on instructions from the management board. The use of internal auditing bypassing the management board and reporting to the executive board could lead to conflicts of loyalty to which neither the Executive Board nor the employees should be exposed. Irrespective of the question of whether this assessment would also be tenable at all with regard to compliance officers or in the case of an AöR, such assessment already does not apply to credit institutions (see BAFin, “MAComp,” here (in German), BT 1.2.2 para. 3, “The reports are also to be submitted to the supervisory body.”). Also, the question of such “direct cooperation” of employees of the company with supervisory boardss is likely to be settled or already settled with the establishment of the so-called “whistleblower protection” in German law (see already here, current status of legislative procedure here, in German). At the latest, the supervisory board will have to take action if it receives information about irregularities (suspected cases of non-compliance) via a whistleblower system. And at the latest when the provisions of this new German legislation come into force, employees will be able to legally report to the supervisory board under certain conditions, bypassing the management board.
Corresponding obligation to inform?
Which raises the follow-up question of whether the company’s employees can also be obliged to provide such information (or even more) to the supervisory bodies (possibly bypassing the management). In the aforementioned BSR ruling, the BGH had in fact succinctly stated in the lead sentence: “The head of the internal audit department of an institution under public law may be subject to a guarantor obligation to prevent fraudulent invoices.” This speaks in favor of a duty to inform for employees with such a scope of duties, which can also justify a guarantor obligation in the criminal law sense. And indeed, in para. 31 of the cited judgment, the BGH states that “the [head of internal auditing] could have easily prevented the fraudulent act of Management Board member G. by informing the Chairman of the Management Board or the Chairman of the Supervisory Board […].” Accordingly, employees of the company who are in a special position of obligation and who, for example, are also required to object to and prevent legal violations emanating from the company (para. 26), may be subject to a special duty to inform the respective supervisory bodies. In practice, this is likely to affect only the heads of compliance, auditing and, if applicable, risk management departments, but not simple employees of these departments or employees/heads of other departments. Furthermore, based on the ruling of the BGH discussed here, it is likely to be necessary to differentiate additionally according to the type of company: The duty to inform is more likely to affect the aforementioned department heads in AöR than the corresponding persons in credit institutions in the private sector. This is because the above-quoted paragraph of the BAFin’s MAComp provides in the following sentence that there is no “obligation to submit compliance reports directly to the supervisory body without prior information of the management“. If such a generalizing obligation is already not provided for in the highly regulated area of the banking industry, it will in principle (a fortiori) not be possible to state it for the area of the other private sector, unless the statutes of the organization or employment contract regulations (insofar as permissible) provide for a corresponding obligation.
Even if a person is considered to have a special duty to provide information according to the previous criteria, this should – in view of the BSR decision – only apply in cases of suspicion that are of a certain severity. In the case underlying the BSR decision, for example, fraud was proven in several thousand cases leading to considerable damage. Accordingly, the misconduct that triggers a duty to inform will, in case of doubt, have to overcome the threshold for criminal liability (at which a guarantor position and duty under § 13 of the German Criminal Code can arise in the first place). However, at the latest when the threshold for criminal liability is exceeded, the duty of loyalty to the position/person of management should indeed take a back seat to the duty of loyalty to the company.
Lessons Learnt (?)
Irrespective of the question of the responsibility of the ACTING persons, the events at RBB have brought the question of the responsibility of the SUPERVISORS to the fore. In other words, who actually controls the controllers? At RBB, the controllers (audit/compliance) were obviously controlled by the controllers (Director-General). The restriction of the supervisory board to an informationial “one-way street” based on the interpretation of the German Stock Corporation Act (AktG) and the German Corporate Governance Code (DKCG), which is the basis of this constellation, thus already poses a compliance risk at the level of corporate governance (i.e., the higher-level corporate management) itself. At least for criminal offenses, however, the BGH has lifted these restrictions.
Not only with regard to criminal offenses, but also with a view to the forthcoming German laws pertaining to the protection of whistleblowers, the supervisory board (advisory board, administrative board) should uncover any existing “information one-way streets” and redesign them in a “multi-lane” manner, e.g., by formulating an obligation to submit compliance and/or internal audit reports, including to itself. Only by doing so the respective bodies can ensure that they are informed of suspicious cases in “their” company. To safeguard the company’s employees, it is also advisable to set out the relevant regulations on the conduct and reporting of violations by management bodies in job and process descriptions and to provide assistance in weighing up the duties of loyalty.
BGH, Urt. v. 17.7.2009 – 5 StR 394/08 („BSR“) – in German