Embed Size (px)
Citation preview
1
NEWSLETTER COMPLIANCE & INVESTIGATIONSISSUE 01/19
We regularly provide you with updates on the latest developments in compliance and investigations. Below wehave summarized some recent highlights of the past months for you. Enjoy reading and please do not hesitate tocontact us for more specific information!
• European Data Protection Supervisor: GDPR not an obstacle to disclosing personal information to EUinvestigating authorities
• On the liability of financial and private equity investors for antitrust violations by their portfoliocompanies
• Fines imposed on anti-money laundering officer
• Foreign trade law in Germany: Rising compliance requirements in business with Russia
• New secondary liability of operators of electronic marketplaces for online retailers’ VAT
European Data Protection Supervisor: GDPR not an obstacle to disclosing personal information to EUinvestigating authorities
In a letter to several EU authorities, the European Data Protection Supervisor (EDPS) has commented on anissue that has been worrying compliance departments for months. The date of application of the General DataProtection Regulation (GDPR) in May 2018 and the threat of far tougher fines being meted out for dataprotection violations have prompted uncertainty among companies as they find themselves confronted withcartel cases, official compliance-related investigations or State aid controls. They wonder whether they areautomatically allowed to provide the documents containing personal data, as regularly required by theauthorities in these proceedings, without risking an expensive violation of data protection law. This uncertaintyapparently reached such a pitch of late that the Data Protection Officers of the European Commission, the
2
European Anti-Fraud Office (OLAF), the European Investment Bank and the European Investment Fundapproached the EDPS with the request to clarify the matter. The EDPS, the supervisory authority of the Europeanauthorities and institutions as regards data privacy, complied with this request by letter of 22 October 2018.
The key statements of the letter
In summary, the key statements of the EDPS are as follows:
Compared with the legal situation applying up until May 2018, the GDPR has not changed the rules forcompanies on the disclosure of personal data to authorities and institutions of the European Union (and ofthe Member States).The EU authorities responsible for regulating competition, combating fraud and controlling State aid areauthorised to process personal data within their remit, provided that such is necessary for the performanceof their tasks. The legal basis required under data protection law does not emerge from the GDPR but from adata protection regulation specifically for the EU institutions (Regulation (EU) 2018/1725).Just as the authorities are authorised to process the personal data required in the performance of their tasks,private companies may likewise disclose these data to the authorities. That applies both in cases where thecompany is under an obligation to disclose certain information by reason of an explicit statutory regulation oran official order (Article 6(1) sentence 1 (c) GDPR), and in the event of “voluntary” cooperation with theauthorities, e.g. whistleblowing or leniency applications in cartel cases. In these latter scenarios, companiesmay, in terms of data protection law, rely on Article 6(1) sentence 1 (f) GDPR which allows data processing toprotect “legitimate interests”, provided it is necessary and does not conflict with overriding interests of thedata subject.It is not compulsory under the GDPR to inform data subjects (e.g. employees) that their data have beendisclosed, provided that such data transfer takes place in connection with specific official investigations.Articles 13 and 14 GDPR do specifically provide for data subjects to be informed of the disclosure and therespective recipient of their data. In his letter however, the EDPS refers to the “device” inherent in Article 4no. 9 GDPR that is intended to avoid an obligation to provide information in the cases referred to here:according to that, public authorities that receive personal data within the framework of a “particular inquiry”in accordance with Union or Member State law are not regarded as “recipients” of such data.Nor does the GDPR present an obstacle to arrangements on official audit and control rights in contracts onState aid or the financing of projects with public funds. The authorities do not however act within theframework of a “particular inquiry” in terms of Article 4 no. 9 GDPR. For that reason, companies that in thisway facilitate authorities’ access to documents containing personal data are obliged to inform the datasubjects (normally their employees) of the (possible) official measures and the data processing therebyentailed.
Unresolved questions remain
The comments of the EDPS are welcome. They provide clarity, at least on some important points, but do regardmatters from the perspective of the (EU) authorities. Material practical issues with which companies areconfronted in the context of official investigatory and supervisory measures are not addressed by the EDPS.
Companies frequently regard one of the main problems as being their obligation to decide which personaldata are necessary for the authorities to perform their tasks and may therefore be disclosed. This is only notso in the rare cases where an authority explicitly specifies the documents it requires, at the same time statingwhether and to what extent it will accept an anonymization of information. Normally, however, the companiesfind themselves in a predicament. If they transfer too much personal information they will risk being finedunder the GDPR, but if they withhold a sizeable number of documents or blank out large parts of them theymay face penalties for their lack of willingness to cooperate, particularly in cases of leniency applications. Itwould be desirable for it to be made clear on the part of the authorities that companies may withhold,respectively blank out, personal data that are obviously not relevant to the official proceedings concerned,and will only be required to submit them if the authority specifically asks them to do so.Particularly in the case of cartel investigations, companies are frequently confronted with requests from theauthorities to waive objections to the disclosure of documents and information to foreign cartel authorities.
3
With a view to this practice, the EDPS would do well to make it clear that such a waiver may not relate topersonal data that the company has disclosed to an authority. The particular authority alone bears theresponsibility for these data and their (further) processing under data protection law. A waiver from thecompany will therefore not release the authority from its duty to review itself whether the disclosure of datato other bodies at home and abroad is permissible under data protection law. Such waivers will at most makesense where the disclosure of business or trade secrets is concerned.Finally, the EDPS’s opinion does not deal with scenarios encountered by companies on the question ofwhether they are permitted to disclose personal data directly to authorities or courts outside of the EuropeanUnion. The provisions of the GDPR tend to be restrictive but also vague on details. Companies thereforeconstantly face the dilemma of either risking penalties in third countries for lack of cooperation, or violatingstipulations of the GDPR that are punishable with an administrative fine. It would therefore be a great help toobtain clear guidance from data protection authorities on the leeway provided under the GDPR regarding thedisclosure of data to authorities in non-EU countries. Ultimately, however, it will only be possible to solve theproblems as outlined at the political level by harmonising the international data protection rules and puttingpracticable mutual legal assistance treaties in place.
This (incomplete) overview is likely to make it clear that the letter from the EDPS of 22 October 2018 is far fromsolving all problems arising from the conflict between data protection and the disclosure of personal data to publicauthorities. In many cases therefore, it will still be essential to make a careful analysis of data protection lawbefore deciding on whether or not to disclose documents in official proceedings.
On the liability of financial and private equity investors for antitrust violations by their portfolio companies
By judgment of 12 July 2018, the General Court of the European Union took a position for the first time on theliability of financial and private equity investors for antitrust violations by their portfolio companies (CaseT-419/14 – The Goldman Sachs Group v European Commission). In the view of the Court, the EuropeanCommission can also impose joint and several fines on financial investors if they have exerted a decisiveinfluence over the market conduct of their portfolio companies. If a financial investor holds virtually all of theshares or voting rights of the portfolio company, the actual exercise of decisive influence will be rebuttablypresumed. In the case before the Court, the European Commission had imposed a fine of EUR 37,303,000 jointlyand severally on Prysmian S.p.A. – an Italian manufacturer of high voltage and extra-high voltage submarineand underground power cables – and the United States investment bank The Goldman Sachs Group, Inc.
On the joint and several liability of group companies in European competition law
If employees of a group company violate European competition law, the Commission can impose fines not only onthe company directly involved in the infringement, but also on other companies of the group (typically parentcompanies and in particular the ultimate parent company of the group). The penalised group companies are jointlyand severally liable for the payment of the fine.
Prerequisite: existence of an economic unit
This is subject to the existence of an economic unit between the company directly involved in the infringement andthe other group company.
According to the case law, an economic unit exists be-tween a group parent company and its subsidiarywhich is directly involved in the infringement where “although having a separate legal personality, thatsubsidiary does not decide independently upon its own conduct on the market, but carries out, in all materialrespects, the instructions given to it by the parent company”.This is the case if the parent company is first of all in a position to exert a decisive influence over the marketconduct of the subsidiary, and second of all actually exerted this decisive influence at the time of theinfringement.
4
Whether or not a subsidiary is under the decisive influence of its parent company must be determined in thespecific case involved, taking into account all of the relevant factors relating to the economic, organisationaland legal links which tie the subsidiary to the parent company.It is of no relevance whether or not the parent company was involved in the infringement by the subsidiary.If the parent company holds virtually all of the shares or voting rights of its subsidiary, it is not necessary topro-vide concrete proof of an actual exercise of decisive influence. Rather, its actual exercise of decisiveinfluence will be inferred from its ability to do so by way of a rebuttable presumption. Although the “virtuallyall presumption” is rebuttable according to the case law, to date no parent company has successfullyrebutted it in practice. If personal links additionally exist, or if representatives of the parent company arerepresented in decision-making bodies or advisory boards, a rebuttal of the presumption can be virtually ruledout.
Consequences: impact on the amount of the fine
If an economic unit exists between the parent company and the subsidiary, not only will the number of potentialaddressees of a Commission decision be expanded and thus the number of the potential debtors of a fineincreased, but the existence of an economic unit will have a substantial effect on the amount of the fine.Accordingly, when calculating the fine (in particular when applying the 10% cap pursuant to Article 23(2) ofRegulation 1/2003), the EU institutions do not base themselves on the sales of the company directly involved in theinfringement, but rather on the sales of the undertaking which is deemed to comprise an economic unit and thus,as a rule, the consolidated group-wide aggregate sales on the level of the parent company.
Applicability to financial and private equity investors
This case poses the question of whether the concept of joint and several liability of group companies – andthereby in particular the “virtually all presumption” – can be applied to financial and private equity investors. In theassessment of the Court, the European competition law does not distinguish between whether the undertakingwhose liability for an infringement of European competition rules is to be established is, at least according to itsabstract business model, a financial investor (such as a private equity investor, an insurance company or acompany which is the trustee of a pension scheme). The Court stresses that “pure financial investor” does notconstitute a legal criterion, but is an example of a circumstance in which it is open to a parent company to rebutthe presumption of actual exercise of decisive influence. The Court understands a “pure financial investor” to be aninvestor who holds shares in a company in order to make a profit, but not for the purpose of managing orcontrolling it.
Criteria which, in the assessment of the Court, could indicate in a specific case that an investor is not a “purefinancial investor” are:
The financial investor has the ability to determine alone the composition of the decision-making bodies;the financial investor has the right to call shareholder meetings and to propose the revocation of directors orof entire boards of directors, and in this way decisively influence the decisions made by these bodies;the financial investor is represented in the decision-making bodies with more than 50% of their members;the delegated members receive regular updates and monthly reports and are informed about all businessareas and activities.
Conclusion and consequences in practice
The Court’s judgment underscores the importance of compliance measures in connection with transactions.According to the practice of the authorities and courts to date, the existence of a group-wide complianceprogramme does not have the effect of reducing fines and can – on the contrary – even be included as a factor tosubstantiate a parent company’s actual exercise of decisive influence on the market conduct of its subsidiary.Nonetheless, in view of the existing liability risks, financial and private equity investors should not only identifypossible antitrust risks in advance of a transaction by way of a compliance due diligence, but also minimise themfor the duration of their participation by setting up an effective com-pliance organisation on the level of theirportfolio companies.
5
Fines imposed on anti-money laundering officer
In a press release issued on 25 October 2018, the Frankfurt am Main Higher Regional Court announced that ithad confirmed fines imposed on a major international bank’s anti-money laundering officer. In particular, theHigher Regional Court emphasized the statutory rights and duties of an anti-money laundering officer.
In the case that was the subject of the announcement, Germany’s Federal Financial Supervisory Authority, theBaFin, had imposed several fines on a major international bank’s anti-money laundering officer for having violatedher duty to file suspicious activity reports relating to money laundering without undue delay. In the first instance,the Frankfurt am Main Local Court had reduced the amount of the fines imposed for negligent delay in filingsuspicious activity reports, but confirmed the fines in substance.
According to the ruling, the facts at hand had required that suspicious activity reports be filed without undue delay,but the officer only filed such reports after several months had elapsed since the payment. Moreover, she had onlydone so because other credit institutions involved in the transactions had in turn complied with their reportingduties and had informed her of this.
In the appeal she brought before the Higher Regional Court, the officer concerned had argued that she had had toundertake her own investigations so as not to file the reports just on the off chance that they might be right. Shealso argued that the shortcomings found at the bank were the responsibility of the bank’s executive board.
The Higher Regional Court did not accept this view. The Court made special reference to the explanatorymemorandum in Germany’s revised Money Laundering Act (Geldwäschegesetz). In this memorandum, the Courtstated, legislators have again made it clear that “the view propagated in legal literature and at training sessions onimplementing the Money Laundering Act, whereby reporting only becomes necessary where there is reasonablesuspicion of a criminal act having occurred, is not correct”.
The Higher Regional Court made it clear that a suspicious activity report relating to money laundering is not acriminal complaint within the meaning of section 158 German Code of Criminal Procedure (Strafprozeßordnung).Only the investigating authorities, the Court stated, are qualified to initiate investigations, not the anti-moneylaundering officer of a credit institution. Such officers’ task is simply to report the information available in houseregarding any event subject to a reporting requirement.
In some cases, the bank’s executive board may be liable in addition to the anti-money laundering officer, but notinstead of him or her. Because of the many shortcomings found in the present case, intent rather than negligencewas to be assumed, the Court concluded.
Comment
Germany’s Federal Financial Supervisory Authority, the BaFin, has long disputed the view that reports of suspectedmoney laundering (Verdachtsanzeigen) constitute a criminal complaint within the meaning of section 158 GermanCode of Criminal Procedure, which therefore requires reasonable suspicion in terms of criminal prosecution. Infact, this view was only taken in a commentary on the Money Laundering Act and never established itself as“prevailing opinion” in the financial sector. In relation to reports of suspected money laundering, by contrast – andeven before such reports were renamed “suspicious activity reports” (Verdachtsmeldungen) in the 2011 reform ofGermany’s Money Laundering Act – it was recognized that the threshold of suspicion for this mandatorynotification under laws regulating the due conduct of business (Gewerberecht) lies considerably below thethreshold for reasonable suspicion for criminal prosecution. All the same, there must at least be a conceivable andpossible connection to potential criminal acts involving money laundering for a suspicious activity report to benecessary, so that no reports are filed “on the off chance.” If there are plausible explanations for a transaction thatdo not point to money laundering, then a suspicious activity report does not need to be filed.
6
In the case at hand, the key fact appears to have been the requirement for the report to be filed without unduedelay. This was not complied with because the officer undertook her “own investigations”. But the matter is notquite as clear cut as the Higher Regional Court makes it out to be in its press release (the original court order isnot available, unfortunately). Before a suspicious activity report is filed, the anti-money laundering officer doesindeed have to carry out his or her own fact-finding, and this could also be termed an “investigation”. Enhanced duediligence, section 15(5) no. 1 Money Laundering Act expressly states, requires that the obliged entity examinetransactions that are especially complex or large-scale compared to similar cases, that follow an unusual course,or which are taken without an economic or lawful purpose being evident, “in order to be able to verify, wherenecessary, whether a duty to file a report under section 43(1) may exist.” Institutions falling under Germany’sBanking Act (Kreditwesengesetz) will even need to draw on “their own experience and knowledge”, section 25h(2)states, when applying this principle of judicial investigation.
So the anti-money laundering officer in the institution or undertaking is in fact legally required to examine thematter him or herself before filing a suspicious activity report, and a reasonable period needs to be granted forthis. The Higher Regional Court stated that “in Germany, only the investigating authorities are qualified to initiateinvestigations”, but this seems to be an overly terminological view of matters.
It should be conceded, however, that such internal fact-finding should not generally be drawn out over severalweeks and that it does not override the requirement to file such reports without undue delay. The anti-moneylaundering officer’s job here is to find an objectively justified and reasonable balance between collectinginformation (investigation) and filing the report without culpable delay.
The Higher Regional Court’s decision should serve as a warning to all obliged entities under Germany’s MoneyLaundering Act to organize their processing of suspected cases of money laundering so as to meet therequirement of prompt reporting and not to draw out the decision-making process unnecessarily. For compliancemanagers in general, and for anti-money laundering officers in particular, decisiveness is a key personalrequirement.
Foreign trade law in Germany: Rising compliance requirements in business with Russia
German companies’ business with Russia continues to grow. At the same time, however, the legal hurdles forsuch business are increasing as well. A complex regulatory environment exists in which some provisionsoverlap or even conflict with each other. Since 2014, the European Union has been imposing sanctions due toRussia’s annexation of the Crimea, and these sanctions were renewed for a further six months in December2018. The US recently tightened its sanctions again, and these may also impact German companies as theyhave extraterritorial effect. In turn, Russia has reacted with counter-measures that may likewise have a majorimpact on German companies.
This increases the complexity of compliance requirements in business with Russia under foreign trade law.European and US sanctions differ in many details. It is imperative to keep checking business partners’ currentlinks to listed persons, as both the EU and the US’s list of sanctions are subject to ongoing additions orchanges.
1. EU sanctions on persons or goods – restrictions on financial instruments
Currently, the EU regulations cover a list of 150 natural persons as well as 40 entities. Listed persons are bannedfrom entering or transiting the territory of the European Union, and their funds are frozen.
For German companies, the most important element in sanctions on persons is the ban on making funds oreconomic resources available (Bereitstellungsverbot). This makes it impermissible for listed persons to beprovided with or to benefit from funds or economic resources either directly or indirectly. The same applies toorganizations or entities owned or controlled by listed persons. To prevent circumvention, there is also a ban ondelivery to an undertaking owned or controlled by a listed person.
7
An undertaking is owned by a listed person if, for example, that person possesses more than 50 per cent ofthe property rights or has a majority shareholding.The question of whether an undertaking is controlled by a listed person is a much more complex one,however. Here, it is necessary to check several factors including whether the listed person holds a majority ofvoting rights either alone or through agreements with other shareholders, or whether on this basis the listedperson is able to exert a controlling influence on the undertaking’s management, administration orsupervisory bodies.
Exceptions to the ban on making funds or economic resources available are only possible within narrow limits.This is the case where it can be ensured individually that the listed person will neither use nor benefit from thefunds or resources. It is mandatory for German companies to comply with the ban on making funds or economicresources available. Any violation of the ban is punishable under section 18(1) no. 1(a) of Germany’s Foreign Tradeand Payments Act (Außenwirtschaftsgesetz).
Under certain circumstances, exporting dual-use goods to Russia is also prohibited in its entirety. Dual use goodsare those that can be used for both civilian and military purposes. Direct or indirect delivery of dual use goods toundertakings or persons in Russia is banned whenever these are or could be either wholly or partially intended formilitary purposes or a military end user. In contrast to deliveries of dual use goods in other countries, suchdeliveries to Russia cannot receive approval. Technical assistance and financial services connected to dual usegoods are also ruled out. It is possible, however, to obtain exemptions from such restrictions for agreementsconcluded before 1 August 2014 or 12 September 2014, as well as for ancillary contracts needed to fulfil suchagreements. These can be approved by Germany’s Federal Office for Economic Affairs and Export Control (BAFA).
Finally, exporting goods required for oil exploration and extraction as well as certain services involved in this alsorequire prior approval by the Federal Office for Economic Affairs and Export Control.
In addition to these sanctions on persons and goods, the EU has also issued bans on trading using certainfinancial instruments. There are sanctions in place on various undertakings in the Russian banking, defence andenergy sectors (listed in the EU regulations), as well as on undertakings established outside the EU in which theselisted undertakings have majority ownership, and on other undertakings acting on behalf of or as instructed by thelisted undertakings. These bans may for example cover certain instruments for financing exports, such asguarantees and letters of credit. Less obviously, but of particular relevance in practice, target payment dates anddeadlines that exceed 30 days, or their extension, may constitute a regulatory violation if they are not customary inbusiness.
2. Current trends in US sanctions – increasingly, Germany companies may be affected as well
In 2014, at almost the same time as the EU, the US also issued executive orders for major economic sanctions onRussia, likewise in response to the Ukraine crisis. Their content and scope is comparable with those of theEuropean sanctions, but the details do not coincide. For example, not all persons subject to EU sanctions are onthe American SDN (specially designated nationals) list. Vice versa, the US’s SDN list includes persons that the EUdoes not include.
For German and European companies, these US sanctions (termed primary sanctions) may apply directly if suchcompanies make payments in USD or, more generally, US banks are involved in processing the payment, or if US“persons” are involved (i.e. natural persons with US citizenship, Greencard holders, US companies and all naturalpersons for as long as they are on US territory). Moreover, US sanctions also apply directly to German andEuropean companies if American products, or products with a certain minimum US component are re-exported, i.e.are delivered to Russia from Germany. In this case, US export controls apply just as they would to primary exportsfrom the US.
More controversially – since it is largely out of step with European instruments for sanctions – another currentdevelopment is evident in the US’s Russia policy. In 2017, the US Congress passed the Countering America’sAdversaries Through Sanctions Act (CAATSA), which also provides for what are termed secondary sanctions.These cover persons from third countries. Here, no direct connection to the US is required (as would be the case
8
for primary sanctions). The US may therefore, for example, proceed against persons who knowingly undertake orfacilitate “significant transactions” with listed persons, their children, partners, parents or siblings, or who engagein business with persons belonging to the Russian defence and intelligence sectors, or who are involved in Russianenergy pipeline expansion by exporting goods or providing services. For German companies, therefore, it isrecommended that they keep track of this sanction list too and integrate it into IT-supported sanction listscreening, which companies generally use – or should use – in their compliance management. Important: underUS law, agreements with Russian business partners that originally were unproblematic are no longer permitted tobe continued either; in contrast to EU sanctions law, existing agreements are not protected.
In practice, the extraterritorial application of US law exhibits a considerable deterrent effect, as any party violatingthese provisions could face exclusion from the American market or substantial fines.
3. Russian counter-measures – major legal uncertainty
A further point that German companies should note in their Russia business concerns Russian counter-measuresto the EU and US sanctions referred to above: Russian law does not recognize the American or Europeansanctions. Nor do Russian courts view Western sanctions as force majeure; so premature termination of anagreement owing to sanctions could entail claims for damages against the German company.
In response to the Western sanctions imposed in 2014, Russia also issued an import ban on agricultural products,food and drink, and raw materials, as well as an entry ban on politicians, military personnel, and people from thebusiness community, who were placed on what was initially a secret list. In June 2015, a version of the list becamepublic, including persons from the US, the EU, Canada and Japan. Russian courts comply with these sanctions. Soif a Russian business partner refuses to meet its contractual obligations by invoking the current sanctions againstRussia, the German company concerned will be unable to defend itself in court.
In response to the US’s latest sanctions, the Russian government has also brought in new counter-measures inaddition to the above. In Summer 2018, two new draft bills were introduced in the Russian State Duma. Initially,both contained drastic measures such as making implementation of foreign sanctions a criminal offence andintroducing new import bans. Although these measures were watered down in the course of the legislativeprocedure owing to protests from Russian businesses, there still exists major legal uncertainty for Germancompanies: it is hard to predict from the legal basis what exactly will be decided or how the legislation willproceed. Nor has the option of making it a criminal offence to comply with foreign sanctions been wholly ruled out.This concerns the following two laws:
The “Law on measures (countermeasures) against unfriendly actions of the United States of America andother foreign countries” entered into effect on 4 June 2018. Although it does not provide for any specificmeasures, as a framework law it gives the Russian president the option of imposing further import bans onproducts from “unfriendly states” without any legal time limit. “Unfriendly” is defined here as states thatundertake “unfriendly actions” against Russia or Russian persons and citizens, as well as the US. Thisdefinition is very broad and allows the Russian president substantial political leeway. For German companies,therefore, there is a potential risk that they might in future be deemed “unfriendly”. A second draft bill expands the Russian Criminal Code to include a ban on compliance with foreign sanctions.This ban is to apply not only to Russian natural persons but also to foreign citizens; its violation is to bepunishable by a prison sentence of up to four years. Although Russian business has resisted this far-reachingcriminal liability, and the bill’s second reading in parliament was postponed in May 2018 and has yet to takeplace, it cannot be ruled out that the act will still be passed. This would entail severe consequences forGerman and European companies’ Russia business, as it will put the representatives of German companies atrisk of criminal liability.
4. Conclusion
Companies with Russian business relationships are now finding themselves in a complex web of requirementsfrom different sources and with conflicting effects. To avoid criminal liability and economic restrictions, it isimperative to be aware of the mechanisms of sanctions and to implement a corresponding compliance
9
management system (including efficient business partner screening). In particular, this needs to take account ofthe differing details of the European and American regulations on sanctions and their ongoing amendments. Ontop of this, Russian counter-measures also need to be considered. The existing legal situation in Russia andpossible tougher measures in future create major legal uncertainty. For this reason, German companies need tokeep an eye on current legal developments in Russia, and to continue doing so.
New secondary liability of operators of electronic marketplaces for online retailers’ VAT
The legislature has introduced new record-keeping obligations for operators of electronic marketplaces and anew rule on the secondary liability of the operators of electronic marketplaces with effect as of 1 January 2019.This is the German legislature’s response to the massive VAT leakages and the adverse effects on competitionwhich have arisen in the last few years due to the fact that online retailers (especially those from China) havenot paid the VAT on supplies that were carried out in Germany.
Overview of the new provisions
The new provisions stipulate new record-keeping obligations for operators of electronic marketplaces in section22f VAT Act (UStG), to which the new rule on the secondary liability is linked (section 25e VAT Act).
1. New record-keeping obligations (section 22f VAT Act)
Section 22f VAT Act imposes new record-keeping obligations on operators of electronic marketplaces. Theoperator must now record the following information for each supply of goods carried out on its electronicmarketplace where the transport or the shipment commences in Germany:
Complete name and address of the online retailer,Tax number and, if applicable, VAT registration number of the online retailer,Starting point and destination of the supply,Time of the supply,Purchase price, andTerm of validity of the certification of the online retailer’s registration for tax purposes.
Every online retailer must apply to the responsible tax office for a certification of its registration for tax purposes.Private sellers do not need to do so. It is intended that in the future it will be possible for marketplace operators toretrieve this certification centrally from the Federal Central Tax Office (Bundeszentralamt für Steuern), but this isnot yet possible at present. Instead, the certification will be issued to the online retailer in paper form and must besent to the operator of the marketplace either in the original or as an electronic copy. It must be retained by themarketplace operator.
In the case of private sellers, instead of the tax number, VAT registration number and the information oncertification of the registration for tax purposes, the marketplace operator must record the date of birth of theonline retailer.
2. Secondary liability of the operator of the electronic marketplace (section 25e VAT Act)
The operator of the electronic marketplace is secondarily liable for the VAT of the online retailer if it cannotpresent certification of the online retailer’s registration for tax purposes in paper form or an electronicconformation by the tax office, or if it knew, or ought to have known by exercising the due care of a prudentbusinessperson, that the online retailer was not meeting its tax obligations at all, or not in full. This secondaryliability includes the VAT incurred for supplies s generated on the marketplace.
The tax office responsible for the online retailer can inform the operator of the marketplace that the supplyingcompany is failing to meet its tax obligations at all, or to a material extent. The marketplace operator must thenblock the online retailer’s account within the time period set by the tax office. Otherwise it will be liable for the
10
online retailer’s VAT on further sales.
Practical consequences
The secondary liability of the operator of the electronic marketplace will apply to supplies of online retailersdomiciled in non-European countries as of 1 March 2019. For online retailers domiciled in Germany, in the EU or inan EEA state, the new rules on the secondary liability will not enter into force until 1 October 2019. The new record-keeping obligations entered into force on 1 January 2019, but according to the letter of 28 January 2019 from theFederal Ministry of Finance (Bundesfinanzministerium), it will not have any detrimental consequences if theoperator of the electronic marketplace does not meet these record-keeping obligations until 1 March 2019 or 1October 2019, as the case may be.
The operators of electronic marketplaces should require all active and new online retailers which sell on theelectronic marketplace to provide certification on their registration for tax purposes so that they can meet theobligations under the new provisions as of 1 March or 1 October 2019, as the case may be. The operators of theelectronic marketplaces must additionally ensure that they receive all of the other information that has to berecorded, in particular with regard to the supplies. Furthermore, it must be ensured that online retailers can beexcluded from the marketplace by blocking their accounts within the period set by the tax office. Apart from this, itmay be necessary to amend the general terms and conditions of the electronic marketplace in order to request theinformation, as well as to exclude the online retailer from the marketplace.
