The Human Resources (HR) department plays an important role in a company’s compliance activities due to its operational relevance to personnel-related affairs, which is why it can both help and hinder a company’s compliance efforts. The integration of HR as a component of an efficient Compliance Management System (CMS) therefore offers promising opportunities to minimize liability risks for managing directors as well as the management level overall.
What does compliance mean?
Compliance is generally understood to mean obligatory lawful conduct for organizations, i.e. their governing bodies and all employees. This includes the obligation to observe and act in accordance with legal provisions, internal company guidelines, and regulations (legality obligations). However, this also covers the entrepreneurial decisions made by the organization’s management, i.e. decisions that are fundamentally at their discretion. To be compliant, a business decision must follow the business judgement rule (BJR) and be made in good faith by the director who believes that they are acting in the best interests of the organization, based on adequate information and not extraneous interests or self-interest. It must also be carefully documented that the decision complies with these requirements.
A well-established CMS supports a company’s observance of compliance regulations and thus ultimately serves to avoid civil liability risks for executive bodies, managing directors, and senior executives. On the other hand, it also prevents fines and the associated reputational damage for the entire organization.
Specific compliance risks in the HR department
Since the traditional HR tasks include recruitment, personnel administration, and personnel development, the department is the primary organizational body responsible for the implementation of many related operational issues.
Mistakes can slip in with important personnel issues, such as when deciding whether to hire, fire or give employees a raise. This requires the observance of numerous regulations as this decision may only be made by competent, authorized persons and in compliance with the BJR on the basis of factual considerations. It is therefore essential to
- observe a clear separation of duties,
- introduce clear authorization management, and
- adhere to a dual control principle.
In addition, each personnel decision must be documented for evidentiary purposes.
Comply with the Working Hours Act!
Moreover, with many companies gradually moving toward a more flexible work system, the obligation to comply with the Working Hours Act is increasingly gaining risk potential. In principle, an employee may work no more than eight hours a day and must take at least 11 hours of rest between the end of one workday and the beginning of another. However, compliance with these regulations is difficult to ensure (e.g., in the case of flextime systems or mobile working) because, generally, the management level only learns about a violation after it has occurred.
It becomes more difficult to ascertain compliance here with the fact that after work, dealing with presentations, emails, etc., up to a certain duration (usually starting at 15-20 minutes) constitutes further work, which reinitiates the eleven-hour rest period. In the event of a violation of the Working Hours Act, it is not the specific employee but rather the employer and the management responsible for personnel administration who will face heavy fines. For this reason, effective and compliant HR management must always collect information about the working time behavior of employees and work preventively to ensure that working times are observed by all through regular training and education of employees and supervisors.
Compliant handling of employee data
Furthermore, data protection law is particularly relevant for HR because a large amount of applicant and employee data flows through the department. A CMS with efficient data protection helps create a data directory for processing activities as well as a deletion policy.
Last but not least, HR must also have a well-founded knowledge base in contract drafting because different procedural steps must be followed depending on the employment status of a staff member, i.e. an employee, a freelancer, or a temporary worker. For example, to avoid scams when hiring a self-employed individual, or freelancer, the clearing procedure for determining the self-employment status must be carried out, as this can prevent potential criminal liability for the employer due to arrears of income tax and social security contributions. HR may also need to consider, on a case-by-case basis, questions about the requirement to obtain a work permit or apply for an employee leasing license. For this purpose, both regular training of HR staff and regular checks to ensure that the aforementioned requirements are being met are helpful.
We provide support with CMS processes
We therefore recommend the targeted integration of ongoing CMS processes within the HR department. For this purpose, implement
- the expansion of the internal compliance organization,
- effective risk management,
- specialized employee training, and
- an ongoing verification system.
Our attorneys will support you every step of the way in establishing an efficient, first-rate CMS. Please feel free to contact us for a non-binding consultation.
Compliance Consulting and Monitoring in Germany
Compliance: Avoiding Liability Traps in German Companies