Compliance management in the real estate industry: Risk management and less liability in the real estate industry.

The pressure is growing

A reversal of the current trend towards more regulation and, as is often the case, more bureaucratization is not in sight. Quite the contrary! National, European and international regulators are working, in a manner that is recognisable for everyone, on a further extension of the legal requirements for companies. We only have to recall the current new regulations and regulatory extensions in the areas of data protection, money laundering and tax law. Nevertheless, these are good times for the real estate industry. Capital market-oriented investors regard residential and commercial real estate as an attractive investment, especially in times of low interest rates. As a result, the real estate industry is moving closer to the area of regulated financial markets. This, in turn, brings increased compliance requirements. Listed companies need to convince analysts and investors of the quality of their management, as this is the only way they can further increase demand for corporate stock. Against this background, the strategy of the German real estate industry can only consist of developing a strong compliance culture in real estate companies in order to proactively engage in dialogue with the legislator and the regulatory authorities on the basis of their own position of strength and unassailability in cooperation with other industries. In this way, it provides effective impulses that counteract further bureaucratization in the direction of functional regulation and adequate enforcement (see Krais 2018, pp. 227-230).

Liability risks faced by management bodies

The liability risks for directors and managing directors – in other words, what is also referred to as manager liability – have tightened considerably in recent years in Germany. Manager liability has always existed, but it was not really lived. The worst thing that could happen to a manager in the past was the termination of his/her employment contract, often accompanied by hefty severance pay. Those days are over. Hardly a day goes by without reports of more or less big mistakes by managers – with spectacular consequences such as house searches, arrests and damages.

This development is not due to the fact that there has recently been a significant increase in mistakes made. Rather, there were also mistakes in the past, too. In the past, these mistakes were either not yet justiciable or they were purely and simply not pursued. That is unthinkable today. Times have changed a lot.

The potential for liability is enormous. If a manager does not pay close attention, then he/she is liable. And often with his/her entire privately held assets. Sometimes, even the best compliance measures associated with D & O insurance do not help. For executives, the due diligence standard of a “prudent and conscientious manager” contained in § 93 (1) German Stock Corporation Act (AktG) is decisive. For managing directors, the standard of care of a “prudent businessman” contained in § 43 (1) Limited Liability Companies Act (GmbHG) is decisive. For both liability situations, however, a liability reduction results from the so-called “Business Judgment Rule” codified in Section 93 (1) 2 German Stock Corporation Act (AktG): This describes the scope of entrepreneurial decision by managing directors and board members, which is not judicially verifiable. As a result, directors and board members are not liable for negative consequences of business decisions when they are based on reasonable information, without taking into account extraneous interests, for the good of the company and in good faith. In the event of violations, there is the threat of substantial liability obligations for damages and a massive loss of reputation for the company. Compliance management is also risk management and helps the company and the management to identify, regulate and thus minimize risks.

According to the survey of a large insurance company (see Managerhaftung 2017), one in five managers talks about claims being asserted against himself/herself or colleagues. At the same time, this survey reveals that almost every seventh CEO or board member has no knowledge of their personal liability risks. Parts of the real estate industry still treat compliance as a subordinate topic. This was the result of a study by the Federal Criminal Police Office on “Money laundering in the real estate sector” dating from October 2012 (see Bundeskriminalamt 2012), which is still current. According to a study published in February 2016 by Professor Bussmann of the University of Halle (see Bussmann 2015), the real estate industry is a high-risk sector – with low awareness of the problem. Most real estate companies are affected by compliance risks in several areas of law. 

In order to identify risks and prevent liability, a Compliance Management System (CMS) is the right tool. There is no doubt that a CMS is now an expression of good corporate governance for company management and control within the meaning of Section 76 (1) German Stock Corporation Act (AktG), even though the obligation to introduce a CMS has not yet been officially anchored in law. In the meantime, there are increasing calls to recognise the implementation of a CMS as a legal obligation: According to a ruling of Munich Regional Court on 10.12.2013 members of the management must ensure that a CMS is installed in the company. However, recent case law also shows that only a CMS written down in a document – i.e. merely a paper tiger – is not enough. Rather, what is required is that an effective (see Bochum Regional Court, ruling of 14.12.2015 – II 13 KLs-48 Js 4 / 13-16 / 14, cited in Transparency International, Scheinwerfer 77, p BGH of 09.05.2017 – 1 StR 265/16, NJW 2017, 3798.) CMS is present, i.e. a functioning and fully embraced CMS. It is pleasing to note that the Federal Court of Justice has made it clear that the presence of an effective CMS can lead to significant mitigation of liability if an offence is committed (see BGH of 09.05.2017 – 1 StR 265/16, NJW 2017, 3798).

Liability risks faced by supervisory bodies

Supervisory bodies have long been targeted by the German judiciary and are being used more and more frequently. As the supervisory body of a corporation, the supervisory board is the bearer of rights and duties alongside the management board or managing directors. As a result, the supervisory board is becoming more of a co-decision body, and is even taking command with increasing frequency (see Rack 2017, pp. 59-63). Therefore, the question arises here of the legal consequences and, in particular, personal liability if members of the supervisory board have violated their duties.

The discussion concerning the quality of corporate monitoring is still relatively new. The financial crisis is perhaps the most recent example indicating that the days of “figurehead directors” on the supervisory board are over. For example, incompetent supervisory board members are considered one of the causes of the financial market crisis of 2009. These alleged experts failed in many cases to recognise the grave difficulties of the banks whose own affairs they were supposed to be supervising. Meanwhile, the Federal Financial Supervisory Authority (BaFin) has implemented a number of consequential actions; not only can it enforce the dismissal of supervisory board members, it can also prohibit individual appointments (see Fissenewert 2012, p. 445).

It is undisputed that the supervisory board is liable if it does not react or does not react properly in recognisable crisis situations facing the company. In this context, the question of obtaining information is always important. It is true that the management board is fundamentally obliged to provide the supervisory board with comprehensive information. This results from the information obligation of the management board. However, the supervisory board should also not be able to exonerate itself by referring to missing or incomplete information from the management board (see Huthmacher 2015, p. 38). The supervisory board therefore has the obligation to procure the necessary information for itself. Without the information obligation of the supervisory board, its supervisory task would have no effect (see Fissenewert 2013, pp. 214-219). It is therefore duty-bound to procure said information itself. If the management reports are incomplete, the supervisory board must request further information. The German Corporate Governance Code not only requires the management board to take care of compliance, as laid down in section 3.4 (GCGC). In addition, the supervisory board shall set up an “Audit Committee, which – insofar as no other committee is entrusted with it – deals in particular with the monitoring of financial reporting, the effectiveness of the internal control system, risk management (…) and compliance” (Section 5.3.2 GCGC).

The same statement also applies to § 107 (3) German Stock Corporation Act (AktG) since its amendment by the Accounting Law Modernization Act (BilMoG): “In particular, the supervisory board may appoint an Audit Committee to oversee the accounting process, the effectiveness of the internal control system, the risk management system and the internal auditing system (…).” According to prevailing opinion, compliance management is understood as part of the risk management system in the sense of § 107 (3) German Stock Corporation Act (AktG). 

If the company suffers damage as a result of improper conduct by the supervisory board, the members of the supervisory board are personally and jointly liable. Supervisory boards bear the burden of proof as to whether they exercise the diligence of a prudent executive. The reversal of this burden of proof, which is valid here, is particularly dangerous. In fact, it is assumed that the supervisory board acted in breach of duty and in a culpable manner until the supervisory board has proven otherwise. This reasoning is very difficult. If, for example, the management board continues to make payments despite the insolvency of a company, the supervisory board must stop these payments. If they do not do so, they become liable with their privately held assets.

The supervisory board is also responsible for asserting claims for damages against members of the management board as part of its monitoring task. If the enforcement of a claim for damages against members of the management board has sufficient prospects of success, the claim must be asserted in principle by the supervisory board, otherwise a liability risk also arises here. The liability of the supervisory board can also affect politicians or civil servants if, for example, they are supervisory board members in a public undertaking and, for example, in connection with compliance cases that have arisen, it should emerge that the members of the supervisory board acted in a reproachable manner or, more precisely, acted in a reproachable manner because they did not act.

The German Stock Corporation Act (AktG) contains the special claim basis of the company in case of breaches of duty by supervisory board members in § 116, 93 German Stock Corporation Act (AktG). § 116 German Stock Corporation Act (AktG), pertaining to the due diligence and responsibility of the supervisory board, refers to the analogous application of § 93 German Stock Corporation Act (AktG), which regulates due diligence in paragraph 1 and liability and duty of compensation of the management board in paragraph 2. Due to the different nature of the tasks undertaken by the supervisory board and the management board, the underlying facts of the claim must be interpreted accordingly. As a result of its own due diligence, the supervisory board has to check whether the company has the necessary instruments to ensure proper management. This includes, for instance, an appropriate and effective CMS that meets the requirements of the company. 

The increasing frequency of supreme court decisions on a topic that was virtually untouched until recently illustrates, above all, one thing: The relevant legal views are now set and are no longer subject to interpretation. More extensive activities are expected of the supervisory board as part of its monitoring obligations – especially in times of crisis.