Compliance - and operative risks – Reporting in the company
In addressing corporate risks it is advisable to distinguish between risks in connection with possible Compliance violations and the so-called operative risks. In order to do so, it is initially necessary provide a definition of both terms: A Compliance risk comprises the future danger of infringing compliance with risks resulting from international or national laws, as well as from specific corporate and thus individual regulations. A violation can have serious consequences for a company, in particular in the event of non-compliance with statutory requirements. In an extreme case, this may even represent an existential threat to a company.
Operative risks, however, are risks which under certain circumstances may have an effect on the planned net operating results, i.e. may influence these in a negative respect. In this context, no regulations are violated. If these risks take effect the company may thus be endangered with regard to its existence under special circumstances, as in the case of compliance risks. In this context it is necessary to realise the following: Management requires a strategic margin in order to be able to make decisions and to implement these. If the organs of a joint-stock company have made a decision in total awareness of their responsibility and oriented to corporate wellbeing – which retrospectively turns out to have been unfavourable – they shall not principally assume civil liability therefor (so-called Business Judgment Rule1, § 93 par. 1 p. 2 AktG [German Stock Companies Act]). Taking risks is deemed to be immanent in corporate decisions2.
Risk management
Management therefore shall attempt in both cases to make the risks for the company controllable. Whereas operative risks within the scope of corporate decisions are intentionally and tacitly accepted, the risks which may entail a contravention must be avoided. For economic reasons it is impossible to hedge all operative risks. If, for example, a company desires to cover the risk of loss of its accounts receivable up to one hundred percent, this would be extremely costly and would be really inappropriate in the majority of cases. It is therefore recommended to initially establish and continuously further develop an efficient risk management system within the company. Furthermore, risk differentiation on a case-by-case basis should be implemented. For the example, deviating criteria should be applied in particular in the case of with previous favourable payment history or stable big corporations as against new clients, under circumstances from threshold countries. After all, with regard to analysing risks, it is of particular importance whether the client itself disposes of an established risk management system.
Wykorzystałeś swój limit bezpłatnych treści
Pozostałe 77% artykułu dostępne jest dla zalogowanych użytkowników portalu. Zaloguj się, wybierz plan abonamentowy albo kup dostęp do artykułu/dokumentu.
Zaloguj się
