Germany is preparing a significant change to the way companies are fined for corporate misconduct. The proposed reform would amend section 30 of the German Act on Regulatory Offences, known as the OWiG, increasing the maximum corporate fine and introducing statutory criteria for how those fines should be assessed.
Although the legislative vehicle is Germany’s implementation of the EU Environmental Crime Directive, the proposed amendments would apply more broadly across German corporate liability. That means the reform could affect corporate exposure in areas such as fraud, bribery, money laundering, sanctions, environmental offences and other misconduct attributable to senior management or linked to failures of supervision.
Germany’s current corporate liability model
Germany does not have a general corporate criminal liability regime in the way many other jurisdictions do. A company is not treated as capable of committing a crime in its own right. Instead, corporate accountability is generally channelled through the administrative offences regime.
Under section 30 OWiG, a fine can be imposed on a legal person or association where a senior representative commits a criminal or regulatory offence which breaches duties owed by the company, or where the company has been enriched or was intended to be enriched. In practice, section 30 OWiG has become the central route for imposing financial sanctions on companies in Germany.
The current framework has two main weaknesses. First, the punitive element of the corporate fine is capped at €10 million for intentional criminal offences and €5 million for negligent criminal offences. For large companies, those sums can look modest when compared with the scale of the misconduct, the profits involved or the compliance failure. Second, the statute has not provided a clear, general set of criteria for calculating the fine. That has left considerable discretion to prosecutors and has contributed to uneven outcomes.
What the proposed reform changes
The draft reform would quadruple the maximum corporate fine under section 30 OWiG. The new caps would be:
- €40 million for intentional criminal offences.
- €20 million for negligent criminal offences.
The change is significant because the higher caps would not be limited to environmental crimes. The draft legislation is designed to revise section 30 OWiG more generally, meaning the higher maximums would apply across the field of corporate liability where section 30 is engaged.
There is one important nuance. Germany has already tightened sanctions enforcement in 2026 when implementing the EU Sanctions Directive. In that specific sanctions context, corporate fines can already reach up to €40 million for relevant sanctions-related offences and corresponding breaches of supervisory duties. The new environmental-law implementation bill is different because it would generalise the higher corporate fine framework across section 30 OWiG more broadly.
The bigger change: statutory fine-setting criteria
The increased fine caps are obviously the headline worry for compliance teams, however the more practical change may be the introduction of statutory criteria for assessing corporate fines.
The proposed new section 30(2a) OWiG would require authorities to consider the significance of the underlying offence, the reproach attaching to the company and the company’s economic circumstances. It would also set out a non-exhaustive list of factors to be weighed, including the gravity, scope, duration and consequences of the offence, prior offences, the company’s size and earnings position, and the company’s own conduct before and after the misconduct.
However from the mitigation perspective, the draft expressly recognises the company’s efforts to uncover the offence and make reparation, as well as measures taken before or after the offence to prevent and detect misconduct.
That gives compliance programmes, remediation and internal investigations a clearer statutory role in the assessment of corporate fines. These factors already mattered in practice. The reform could potentially make them a more standard factor for prosecutors to consider.
Why internal investigations matter more than ever
Effectively, the reform strengthens the practical importance of internal investigations in suspected cases of corporate wrongdoing. A company that identifies misconduct, investigates it properly, preserves evidence, remediates weaknesses and considers whether to self-report will be in a better position to argue for mitigation.
That does not mean every internal investigation will help. A weak, conflicted or cosmetic investigation can create additional risk. If an investigation appears designed to limit scrutiny rather than establish the facts, it may damage the company’s position in an investigation. Under the proposed criteria, the question isn’t just whether the company commissioned an investigation. The relevant factors will be whether the investigation was credible, properly scoped, independent enough for the circumstances, adequately documented and followed by meaningful remediation.
In practice, this means companies operating in Germany will need to be much more deliberate about how they respond when potential misconduct comes to light. Authorities are likely to look closely at whether the company had a clear process for opening an investigation, who made the key escalation decisions, how quickly the board or audit committee was informed, and whether relevant evidence was properly preserved. They will also be interested in how employee interviews were conducted, how legal privilege was handled, whether the investigation was sufficiently independent, and whether the company made a careful, documented decision on voluntary disclosure. The quality of the investigation will therefore matter almost as much as the fact that an investigation took place.
What past German cases show on assessing investigations
German enforcement practice already shows why the quality of an internal investigation matters. Authorities do not simply ask whether a company commissioned external lawyers or produced a report. They look at whether the investigation helped establish the facts, preserved the independence of the public investigation, enabled cooperation with prosecutors and led to meaningful remediation.
The Siemens corruption case remains the clearest example of an internal investigation working in the company’s favour. After raids by the Munich prosecutor in 2006, Siemens commissioned Debevoise & Plimpton and Deloitte to conduct a large-scale international investigation under the oversight of the audit committee and, later, a supervisory board compliance committee. Siemens stated that the investigation was deliberately structured to avoid interfering with the Munich prosecutor’s work, and that the public investigation was allowed to take precedence where necessary. The Munich prosecutorial decree expressly treated Siemens’ extensive cooperation and assistance in clarifying the allegations as a substantial mitigating factor. Siemens also pointed to concrete benefits from that cooperation, including coordinated German and US resolutions and a faster corporate settlement.
The lesson from Siemens is that a credible investigation can materially improve a company’s enforcement position. The investigation was independent of operational management, supervised at board level, resourced with external legal and forensic expertise, coordinated with prosecutors, and connected to wider remediation. That is the kind of investigation German authorities are more likely to treat as evidence of genuine cooperation rather than tactical damage control.
The opposite risk can be seen in the Heraeus precious metals case, which is still ongoing and has not yet resulted in a final corporate fine. German prosecutors are investigating suspected fraud and embezzlement at Heraeus Precious Metals after alleged irregularities in the handling of customer-owned metals. Heraeus made a voluntary disclosure, cooperated with authorities and commissioned a new external review, however this came only after concerns were raised about an earlier internal investigation.
Auditor KPMG took issue with a 2023 internal investigation, after which Heraeus commissioned a new one which found it was possible that the flawed 2023 investigation had been intended to conceal or enable the continuation of unlawful activity. That 2023 investigation found Heraeus had instructed investigators to remove detailed descriptions of the conduct from the draft. Heraeus has said it acted transparently, proactively notified the relevant authorities, compensated affected customers and is cooperating with investigators.
This is an important warning for firms considering the external investigations into wrongdoing. Weak or incomplete internal response can become a risk in itself. If an investigation appears to minimise the facts, narrow the paper trail or delay escalation, it may do little to mitigate the company’s exposure. It may instead raise harder questions about management knowledge, remediation, whistleblower handling and governance oversight.
German authorities are likely to give credit for investigations that genuinely assist in clarifying misconduct and fixing the control environment. They are far less likely to give credit for investigations that look defensive, conflicted or incomplete. Under the proposed reform to section 30 OWiG, that distinction becomes even more important because a company’s efforts to uncover wrongdoing, make reparation and improve compliance controls would become express statutory factors in the assessment of a corporate fine.
Could recent German fines that could have been higher?
Recent German enforcement does show tougher regulatory activity, especially in financial services. In March 2025, BaFin imposed fines totalling €23.05 million on Deutsche Bank, including penalties connected with derivatives sales, payments supervision and Postbank-related failings. In November 2025, BaFin imposed a €45 million fine on J.P. Morgan for failures connected with delayed suspicious activity reporting, described in press reporting as a record BaFin AML penalty.
These recent BaFin cases are useful indicators of Germany’s increasingly assertive compliance enforcement environment. German authorities are prepared to impose substantial penalties where firms fail to maintain effective systems and controls, particularly in regulated sectors such as financial services. Although BaFin fines sit under sector-specific regulatory regimes, it can suggest what the general OWiG framework would change in corporate compliance. The proposed reform matters because it would increase that punitive component. It would not replace disgorgement, but it would give prosecutors more room to impose a fine that reflects the seriousness of the corporate failing itself, rather than relying so heavily on confiscation of economic benefit.
What compliance teams should do now
Companies with operations, subsidiaries, customers or counterparties in Germany should treat the reform as a governance and compliance priority.
Compliance teams should review whether their risk assessments reflect German exposure across financial crime, sanctions, fraud, environmental risk, product risk and regulatory offences. The higher caps may change the financial assessment of corporate misconduct.
Companies should ensure their compliance programmes are documented in a way that can be evidenced later. Policies alone will not be enough. Companies need to be able to show training, monitoring, escalation, controls testing, management oversight and remediation.
Internal investigation protocols should be reviewed. The organisation should know who decides when an investigation is opened, who oversees it, how evidence is preserved, how employee interviews are handled, when external counsel is used, and how remediation is tracked.
Boards and audit committees should be briefed. The proposed criteria expressly bring the company’s compliance posture, economic circumstances and post-incident conduct into the fine assessment. That makes oversight and documentation central to the company’s defensive position.
A company’s response to misconduct will increasingly affect the size of the penalty. A strong compliance programme, a credible internal investigation and prompt remediation will not guarantee leniency, though they will be harder for authorities to disregard. A weak programme, poor documentation or a superficial investigation may now carry a clearer financial cost.
