Corporate Compliance and Internal Investigations

Common guidelines and a consistently high level of integrity in all parts of the organisation are of decisive importance to achieving permanent business success.
Maintaining a strong legal risk management and corporate compliance programme designed to prevent harmful or illegal business conduct may sound simple, but most businesses find it a real challenge. Multinational enterprises often have thousands of employees, numerous cooperative partners and widespread activities, including in international growth markets which differ greatly from their home markets in terms of culture and business ethics standards. But most Danish medium-sized enterprises also have international activities and they are exposed to exactly the same compliance risks.

How do businesses cope with these challenges? As a full-service law firm, Kromann Reumert has specialists who can assist in adopting a proactive risk management and compliance strategy, contribute relevant management tools and advise on the contents of the law, international conventions, relevant codes and ethical guidelines which are relevant to your business.

We provide advice on:

  • Compliance policies
  • Compliance audits
  • Anti-corruption
  • Preventive advice and crisis management
  • Legal risk management/enterprise risk management
  • Code of conduct
  • CE marking

Compliance policies

What is a compliant business?

Corporate compliance is often seen as something that is intangible. However, at the practical level being compliant relates to the specific areas in which compliance is required. A business may be compliant with the law, safety standards, quality standards or audit standards, or in respect of its policies in general. The first step in any compliance analysis is therefore to establish which rules, regulations and standards apply to the business. While the business may be fully in control of meeting the requirements of applicable rules and standards, it should also be able to document its compliance and follow-up measures to the authorities and auditors.

Drafting a compliance policy

Once the applicable compliance requirements have been determined, the business should set its ambition in the relevant areas. For this purpose, the business should focus on rules and processes that actually contribute to the bottom line. Compliance is not a clearly defined state. Management should start by asking the question whether it is worthwhile being able to document compliance with a standard or a set of rules at all. To answer this question, the business should consider both what it achieves and what it avoids. By way of example, it may be very difficult to realise a return on an investment in a safety measure because safety is primarily about preventing the occurrence of adverse events and it is therefore often difficult to document which events have been prevented. 

Advantages of being compliant

The advantages to the organisation of maintaining clear compliance policies and consistent compliance and follow-up practices in business critical areas are more tangible: 

  • Common understanding and shared expectations
  • Clear distribution of responsibilities and assignments
  • Work process optimisation
  • Uniform quality
  • Flexibility in connection with growth and staff intake
  • Fundamental risk assessment and basis for contingency planning
  • Audit savings

Kromann Reumert's compliance team

Kromann Reumert's compliance team has assisted many different types of businesses in drafting and implementing relevant compliance policies and programmes. Therefore, our compliance team has the necessary experience to ask the critical questions in a compliance evaluation and to inspire and drive the implementation of relevant compliance policies and codes of conduct.   

Compliance audits

Are the processes and transactions in your business in accordance with current rules and guidelines?

What are compliance audits?

A compliance audit is one way to reveal existing or potential violations of the law and determine the reason for such violations. With a compliance audit analysis, your business will receive specific recommendations on how to avoid future violations. An audit analysis may include everything from statutory requirements and industry standards to in-house guidelines.

Compliance audits are characterised by a "yes/no" review. Accordingly, any act or transaction which is tested in a compliance audit process will be classified as either compliant or non-compliant. The end product we provide to the business is typically an audit report, specifying the compliance percentage in each of the tested areas. The compliance audit report will be accompanied by a description of the reasons for any non-compliance findings as well as specific remedial recommendations, which could include a proposal for new business procedures or other recommendations. 

Examples of compliance audits

 A compliance audit could, for example, be requested by investors in a private equity fund seeking to confirm whether the investment portfolio meets the diversification requirements and leverage thresholds that have been set out in the fund's investment strategy. As another example, the board of directors in a shipping company may want to have the company's entertainment expenses tested for compliance with the company’s internal gifts and hospitality code of conduct.  

Kromann Reumert's compliance audit team

 At Kromann Reumert, we have a dedicated compliance audit team with the experience and tools that are necessary to conduct efficient and cost-effective compliance audits. Our compliance team is always assisted by our in-house industry specialists within the relevant field. This enables us not only to deliver accurate audit results, but also to recommend commercially viable solutions if any non-compliance is established.


The consequences of corruption can be severe, ranging from reputational damage, business disruption and significant fines and claims for damages. Businesses should therefore identify their exposure to corruption and implement general anti-corruption and marketing policies in the area. Marketing in the form of free meals for customers and other business partners has given rise to many problems for businesses in Denmark and abroad. 

Many Danish businesses have activities abroad, exposing them to different market conditions and anti-corruption regulations. As a result of the increased international focus on corruption, Danish businesses may have to comply with different rules around the world, in addition to the Danish rules.

Foreign rules

For a business to be subject to the rules applicable in the UK and the USA, it need not have a significant presence on those markets. A Danish business may be covered by the anti-corruption rules in another country not only if it has subsidiaries or branches in that country; the establishment of sales offices and listing of securities or similar representation may have a similar effect. Many of these rules are intended to prevent corruption regardless of where it takes place and whether the acts are committed by commercial agents or other intermediaries.

It is characteristic of the foreign rules that the level of fines is significantly higher than in Denmark and that the fines may be accompanied by other severe sanctions, including listing of the business on a public “name and shame “ list, prohibition of participation in public tenders, and risk of being kept under supervision. Further, (managerial) employees risk imprisonment.

Anti-corruption programmes

Drafting and implementation of an efficient anti-corruption programme with down-to-earth everyday examples may contribute to identifying potential risks and serve as a cultural carrier, while also acting as a deterrent through internal controls.

Further, an anti-corruption programme may prove useful if the business is subjected to corruption. First, the programme will state how to proceed, also in relation to the authorities, and which processes to initiate. Second, an efficient anti-corruption programme may contribute to withdrawal or reduction of the fine. 

An anti-corruption programme which is tailored to your specific business will therefore contribute to identifying and eliminating the risks associated with the industry and the markets in which you carry on business. 

We cooperate with relevant employees in your business to draw up a tailored anti-corruption programme covering the whole organisation, from senior management to employees who are in contact with customers, suppliers, distributors, other business partners and authorities. We also offer to go through existing marketing policies and/or practices and to provide training to relevant staff groups.

UK anti-bribery rules

A new act to combat corruption entered into force in the UK on 1 July 2011 (UK Bribery Act 2010). It means that Danish businesses operating in the UK may have to have internal anti-bribery guidelines and programmes in place. Many businesses will therefore need to prepare new or update their existing internal guidelines and/or programmes.

More and more Danish businesses are operating internationally in an increasingly global market. They are also more frequently acting in markets where corruption is more widespread than in traditional Danish export markets and where employees risk being asked to give bribes. 

In 1997, the OECD adopted the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Several countries, including Denmark, subsequently introduced rules criminalising corruption regardless of where it takes place. In 2000, a prohibition against bribery of foreign public officials was implemented in Denmark. Danish businesses with, for example, a US parent are also subject to the prohibition of the US Foreign Corrupt Practices Act ("FCPA") against bribery of foreign public officials. Now, the UK has adopted a new anti-corruption act, which came into force on 1 July 2011.

The most important innovation in the UK Bribery Act is that a business will be guilty of an offence if it does not have adequate procedures designed to prevent persons associated with the business from giving bribes. In order to have a defence against allegations of bribery, it is imperative that the business is able to show that it has guidelines and programmes which meet the requirements of the new UK Bribery Act and that these are effectively implemented throughout the entire organisation, for example through training for employees, agents, and others. 

As a general rule, the UK Bribery Act applies to British citizens and companies incorporated in the UK. The Act also applies to overseas companies that “carry on part of their business in the UK”. This expression is assumed to be interpreted broadly, and therefore the UK Bribery Act will also apply to many Danish businesses even if they are not resident in the UK. 

We advise clients on the implementation and revision of anti-corruption programmes that meet the requirements of the UK Bribery Act and other anti-bribery rules. We have an extensive international network and cooperate with international experts within the area.

We offer advice on anti-corruption issues in relation to e.g.:

  • Conflicts of interest
  • Bribery
  • Facilitation payments
  • Donations
  • Interaction with suppliers
  • International production
  • Gifts
  • Agents

Kromann Reumert also assists in drafting codes of conduct, contractual clauses, including clauses covering breach, website content and large-scale anti-corruption programmes, and in setting up a whistleblower hotline. 

Do not hesitate to contact us if you need assistance in identifying potential risks of corruption and assessing the need to draw up and implement an anti-corruption programme. We would be happy to meet and discuss your exposure to corruption risks, both within your organisation and in relation to cooperative partners, and to suggest proper legal measures.

Legal risk management/enterprise risk management

In our experience, many businesses fail to clearly identify their actual risk exposure and to define which risk profile they want or which risks they are competent to assume.

Our assistance includes:

  • Drawing up clear guidelines setting out which risks can and should be assumed.
  • Defining a clear risk profile
  • Implementing a risk management / governance structure in the organisation
  • Ensuring that the overall risk exposure of the business matches its resources, competencies and financial capacity
  • Ensuring that the overall risk exposure of the business at all times matches its risk profile and competencies  
  • Ensuring that all officers and employees understand and comply with the risk strategy and the associated guidelines and processes (the risk culture)
  • Ensuring that the level of risk is at all times counterbalanced by greater income/benefits (cost/benefit analysis)

Code of Conduct

Being able to influence cooperative partners and suppliers is an important tool for businesses working with corporate social responsibility. The Danish government notes in its CSR Action Plan that businesses and investors play a central role in promoting social responsibility. Today, a number of state-owned enterprises use ethical rules for supplier management purposes. 

When assessing which requirements to impose on its partners and suppliers, the business must take different elements into account, including the type of industry, its reputation and image, a risk assessment of suppliers, international relations and customer requirements, etc.

We assist our clients in preparing a business-specific code of conduct that describes the values and principles to be adhered to by their business partners and suppliers.

We also advise businesses on the legal issues associated with the implementation of their CSR strategy, including in relation to contractual matters and compliance. In addition, our assistance includes the drafting and enforcement of relevant CSR provisions. 

 We also provide advice on:  

  • The relationship to sub-contractors
  • Audit inspections
  • Compliance reporting
  • Preparation of action plans
  • Follow-up measures/rights in case of non-compliance with the CSR provisions, etc.

Internal investigations

Most businesses will at some point be suspected of being victims of or involved in serious misconduct, making it necessary to initiate more detailed investigations. The suspicion may be directed towards different types of behaviour.In some cases, it is suspected that the business has been a victim of an offence against its property. In other cases, the business may have concerns about industrial espionage or about its own involvement in serious offences or other unethical behaviour.

Where an internal investigation is needed, it will often have to be established whether one or more of the company’s own employees, including maybe also members of management, have been involved. In this situation, the decision to initiate an internal investigation must be made under considerable time pressure.

Some investigations are best carried out in-house with an internal person being in charge, while others should be conducted by a third party such as a lawyer.

We advise on the advantages and disadvantages of the different approaches and ensure that the investigation is performed in an efficient and satisfactory manner regardless of which approach is used.

Our assistance in connection with an investigation includes:

  • Strategic advice on the advantages and disadvantages of different types of investigation. 
  • Recommendations as to whether the incident should be reported to the police and, if so, assistance in this respect.
  • Guidance and assistance in connection with the collection of data, including data protection advice.
  • Preparation of interviews, including advice on relevant employment law requirements.
  • Advice on the possibility of obtaining other expert advice, e.g. from IT specialists.
  • Summary and assessment of the issues identified and strategic and legal advice on the course of action.

Contacts within Corporate Compliance and Internal Investigations