We’re delving into the German market in part 4 of our key trends for regulated businesses series – from ESG to supply chain resilience, our specialist recruitment consultants are seeing a range of challenges and opportunities shape Germany’s business landscape. Read on to find out more.

The Supply Chain Act

In Germany, The Act on Corporate Due Diligence Obligations in Supply Chains (or, the Supply Chain Act) has been in force since January 2023, regulating how businesses address human rights and sustainability issues in their supply chains.

The act initially applied to German and foreign companies with a branch in Germany provided they had 3000 or more employees. As of January 1st, 2024, the act also covers businesses with at least 1000 employees.

Designed to prevent human rights and environmental violations, imposes obligations across the entirety of the supply chain, from obtaining raw materials through to the customer experience. Indirect suppliers also fall in scope, with focus areas including forced labour, child labour, and environmental pollution.

Under the regulation, businesses are required to take several steps to ensure their supply chains are both resilient and compliant, which includes classifying who’s responsible for which part of the monitoring and reporting process.

BAFA has published an FAQ on the updates; you can explore it here: FAQ. As regulatory pressures evolve, your business will need to do the same, otherwise, you risk falling behind and leaving it too late to make a change (like many UK businesses after the Consumer Duty Act). Don’t risk leaving it too late to build a dependable compliance function – reach out to Broadgate today: We Are Broadgate.

The NIS2 European Directive for Cybersecurity

The NIS2 (network and information security, version 2) was adopted by the European Parliament back in 2022, and the deadline for implementing it is fast approaching. Member states must have transposed the act into national law by October 17th, 2024. Germany recently submitted a draft bill that proposes management be liable for any damage caused by breaching the rules. It’s expected that breaches could merit substantial fines reminiscent of those handed out for GDPR violations (to date, the largest fine was €1.2 billion to Meta).

The key developments in the NIS2 include:

• Improved cooperation for EU member states – ENISA (the European Union Agency for Cybersecurity) will be publishing a vulnerability disclosure database to improve transparency and collaboration between entities.

• Increased Reporting – Organisations will be required to report more frequently with stricter deadlines. For example, organisations must report early warnings within 24 hours of detection.

• Supply Chain Monitoring – Businesses will now be required to address cybersecurity concerns in their supply chains. This could impact suppliers who aren’t technically in scope but supply services to those who are (depending on the sector).

• Wider Scope – The NIS2 broadens the scope of businesses deemed essential to include new sectors such as Waste Management, Postal and Courier Services, and Manufacturing.

You can find the full breakdown here: The NIS2 Act. If you’re looking for top compliance and risk talent to help you build a more resilient business, our German team have you covered. Our specialist recruiters use a community-led approach to hiring to ensure that we can identify and attract top-quality candidates, even when the talent pool is sparse. Contact us for a free consultation here: https://www.broadgatestaffing.com/contact-us/client-enquiries.

BaFin’s Ruling on CET1 Capital for Cooperative Banks

In January 2024, BaFin published a new general ruling on Common Equity Tier 1 (CET1) instruments for cooperative banks. This clarifies the requirements for these banks to classify newly issued shares as CET1 capital instruments, which are important for meeting regulatory capital adequacy ratios. As per BaFin’s website, this general ruling is valid until the end of 2024.

The rule applies to cooperative banks that aren’t directly supervised by the European Central Bank (ECB). This is because the ECB directly supervises large banks within the eurozone,  while BaFin’s scope is more domestic, responsible for overseeing smaller banks and cooperative lenders.

By clarifying the criteria for classifying newly issued shares as CET1 capital, BaFin's ruling helps ensure that German cooperative banks comply with the Basel III capital adequacy requirements. This contributes to a more stable German banking system that’s better equipped to withstand financial shocks.

Need consultative support from our Finance, Accounting and Audit recruiters? Meet the team here: Our team.

Support from Broadgate

The Broadgate team are your full-service recruitment partners, providing community-led interim and permanent talent solutions to regulated businesses across the UK, Ireland, Switzerland, Germany, Luxembourg, and the US. Our specialist consultants focus on mid to senior and board-level appointments across Finance, Accounting and Audit, Risk, Compliance, Fund and Operations, Financial Crime and Fraud, and Legal and CoSec.