Criminal Compliance & Sections 30, 130 OWiG

In brief: Criminal Compliance brings together all measures that help companies identify, reduce and internally investigate criminal and regulatory risks. Since high-profile cases (Diesel, Wirecard, Cum-Ex), Section 130 OWiG (supervisory duty) and Section 30 OWiG (corporate fines) have moved centre stage—even without a separate corporate criminal code in Germany. Our Frankfurt law firm Buchert Jacob Peter advises boards and compliance teams across Germany on criminal defence, white-collar crime, tax offences, and ombudsperson solutions.

Why Criminal Compliance matters right now

• Higher expectations for leadership: Management and supervisory bodies must implement effective organisation, controls and oversight. Missing or inadequate measures can be sanctioned as a breach of supervisory duties under Section 130 OWiG.
• Fine calculation & case law: When imposing fines against companies under Section 30 OWiG, authorities and courts consider whether an efficient Compliance Management System (CMS) existed—and whether it was improved after an incident.
• Whistleblower Protection Act (HinSchG): Companies with 50+ employees must maintain internal reporting channels. As a result, internal investigations become a practical standard.
• Corporate sanctions on the radar: Even though the draft Corporate Sanctions Act (VerSanG-E) failed in 2021, stricter corporate sanctions and clearer compliance duties remain on the political agenda.

Legal framework at a glance

• Section 130 OWiG – Supervisory duty: Sanctions failures in adequate supervision where corporate offences could have been prevented or made significantly more difficult.
• Section 30 OWiG – Corporate fines: Enables substantial fines against legal entities/associations where managers commit offences. A robust CMS can mitigate fines.
• Further links: Section 9 OWiG (attribution), Section 14 StGB (acting for a company), HinSchG (reporting channels & follow-up duties), and the German criminal procedure.

Core elements of an effective CMS (ex ante & ex post)

• Risk inventory & analysis: Business model, markets, processes, customers, third parties, “red zones”.
• Policies & responsibilities: Clear allocation, four-eyes principle, delegated tasks with control.
• Training & awareness: Role-based, periodic, and documented.
• Whistleblowing & protection: Confidential channels, anti-retaliation, case management—supported by an ombudsperson.
• Monitoring & controls: KPI/red-flag-based checks, audits, data analytics.
• Internal investigations: Legally sound, independent, documented; feed lessons learned back into measures.
• Sanctions & remediation: Employment measures, process/system fixes, third-party management.

Practical tip: Documentation is gold. What is not traceably documented will usually have little or no impact in fine mitigation.

Preventive vs. reactive—two sides of the same task

• Preventive: Reduce risks, avoid violations, strengthen culture.
• Reactive: On suspicion, investigate promptly, cleanly and proportionately; coordinate communications with authorities; secure mitigation benefits in fine calculation; consider civil/employment law implications.

“Best practice”—without over-compliance

Overly rigid rules can paralyse an organisation and inadvertently raise the objective standard of care. Proportionate, risk-based solutions are both defensible and economically sensible. The benchmark is what constitutes adequate supervision in the specific company—appropriate and feasible in practice.

Outlook: What companies should do now

• Assess CMS maturity (gap analysis re Section 130 OWiG/HinSchG).
• Set up the reporting channel and workflows in a legally compliant way.
• Build an Internal Investigations Playbook (roles, forensics, privilege, communications).
• Establish board/management briefings and KPI reporting.
• Ensure continuous improvement: feed findings back into structures and culture.

For end-to-end support—from CMS design to investigations and defence—contact our English-speaking criminal lawyers in Frankfurt or explore our practice areas.

FAQ – Criminal Compliance

What does “Criminal Compliance” mean?
All organisational, technical and legal measures that preventively reduce criminal/administrative-offence risks and ensure a professional response—including internal investigations.

Is there a general legal duty to have “Compliance”?
No general statutory duty, but concrete duties arise from Section 130 OWiG (adequate supervision), sector-specific rules (e.g. AML, HinSchG) and directors’ duties.

What exactly is the role of Section 130 OWiG?
It penalises supervisory failures of owners/management if proper oversight would have prevented or substantially impeded violations.

And Section 30 OWiG?
It allows fines against companies if managers commit offences. An effective, documented CMS can mitigate fines.

How high can fines be?
Potentially significant under Section 30 OWiG; authorities can also skim illegal profits. Section 130 OWiG adds fines for the supervisory breach itself.

Does a CMS really help in fine calculations?
Yes. Courts consider whether a CMS existed and whether it was improved after the incident. Demonstrable effectiveness matters.

Are internal investigations mandatory?
Not generally by law—but in practice often necessary (HinSchG follow-ups, cooperation with authorities, defence strategy, fine mitigation).

What is the difference between “Compliance” and “Criminal Compliance”?
“Compliance” covers overall legal conformity; Criminal Compliance focuses on criminal/OWiG risks, CMS, internal investigations and dealings with authorities.

How do we avoid over-compliance?
Apply risk-based proportionality: lean policies, clear responsibilities, effective controls, and continuous learning—rather than rule inflation.

What first steps are sensible now?
Update the risk matrix, test whistleblowing channels, plan risk-oriented training, finalise the investigations playbook, and define monitoring KPIs.

Contact our criminal defence lawyers in Frankfurt and across Germany

• Rechtsanwalt Frank M. Peter, Specialist Lawyer for Criminal Law
• Rechtsanwältin Dr. Caroline Jacob, Specialist Lawyer for Criminal Law
• Rechtsanwalt Dr. Sven Henseler, Diplom-Finanzwirt (FH)
• Of Counsel: Prof. Dr. Frank Peter Schuster
• Cooperation Partner: Tax Consultant and former Tax Investigator Frank Wehrheim

Our law firm Buchert Jacob Peter in Frankfurt am Main has worked with experienced defence lawyers for over 25 years. We represent clients nationwide. Learn more about our attorneys or reach out via our contact page.

📞 Phone: +49 69 710 33 330
✉️ Email: kanzlei@dr-buchert.de

Learn more: Criminal Defence, White-Collar Crime, Tax Offences, Ombudspersons, Practice Areas

• Teilen