When and for what purpose do companies actually start to establish a dedicated treasury function?

Broadly speaking, this is usually the case when a certain level of complexity is reached in the finance area. The complexity is either caused by market price risks arising from corresponding business activities or by the significant volume that needs to be managed in cash management. In this case, it is up to the person responsible for finance on the Executive Board to build up a treasury function in such a way that it is effective and can withstand at least (!) a statutory quality audit. Even companies with long-established and well-organized finance departments are facing recurring questions as to whether the various finance functions are still future-proof or whether they require to be optimized or expanded. Such considerations may be triggered, for example, by a planned IPO or a carve-out or spin-off of a unit from the group.

Starting from a legislative and regulatory perspective, this article addresses the challenges involved in establishing and expanding a modern treasury function and provides answers to the question of what duties of due diligence Management needs to observe. To this end, the last part of the article cites some examples from practice.

1. The statutory and regulatory minimum requirements for the treasury function and potential penalties in the event of a breach of relevant duties of due diligence arise from a number of laws and regulations.

For listed corporations, the German Stock Corporation Act (AktG) is authoritative. It governs the requirements for risk management systems and early warning instruments. Section 91(2) requires a company's Executive Board to set up a monitoring system that can identify risks at an early stage. This means that both an early risk detection system and a risk management system must be in place. These statutory regulations specifically require treasury departments to have liquidity planning processes and financial risk management processes in place. In addition, they define the need for a compliance management system and the specific related requirements.

In May 2021, with the resolution of the Act to Strengthen Financial Market Integrity (FisG), the German Bundestag added a paragraph (3) to Section 91 of the German Stock Corporation Act (AktG), thereby explicitly stipulating the obligation of the Executive Board to establish an appropriate and effective internal control system (ICS) and risk management system (RMS)1. The legislation, which entered into force on 1 July 2021, not only amended the German Stock Corporation Act (AktG) but also many other existing laws, partly against the backdrop of the Wirecard balance sheet falsification scandal. As a result, information requirements (e.g. vis-à-vis the audit committee or the financial supervisory authority) have been extended, so that companies now have to be ready to provide actual evidence of the existence of an ICS and RMS.

As is widely known, the German Commercial Code (HGB) applies in principle to all higher executives. Paragraphs (2) and (4) from Section 289 and (2) and (4) from Section 315 respectively define risk management objectives and methods. The German Act on Corporate Control and Transparency (KonTraG) extended and specified the provisions of the German Commercial Code (HGB) and the German Stock Corporation Act (AktG) as early as 1998 with the aim of expanding corporate governance, i.e., the responsibility of the management and administration of German companies. An important aspect here was that a company's management is required not only to introduce and operate a company-wide early risk detection system, but also to provide information on risks in the management report.

Section 17 of the Insolvency Ordinance governs the definition of insolvency. Insolvency is therefore deemed to exist if the debtor is currently not in a position, and is not expected to be in a position within three weeks, to settle 10% or more of its total liabilities due. This state justifies the opening of insolvency proceedings. Imminent insolvency (the subject of §18) arises if the debtor is currently still solvent, but will not be able to meet future payment obligations with the liquid funds currently available. To recognize this, liquidity planning is a must. Under Section 15a, an application for the commencement of insolvency proceedings must be filed no later than three weeks after the occurrence of insolvency or overindebtedness.

Companies importing or exporting from various countries around the world must adhere to import or export embargoes. These prohibit companies from doing import and export business with certain countries, and by extension, companies located in those countries. The most common form of embargo is the trade embargo. According to the German Federal Office of Economics and Export Control (BAFA), as a rule embargoes are based on resolutions of the United Nations (UN Security Council), the Organization for Security and Cooperation in Europe (OSCE) or common positions of the Council of the EU. These are implemented through European Union (EU) regulations, which are immediately applicable to all EU companies. Simultaneously, they are transposed into national law, in Germany, for example, in the Foreign Trade and Payments Ordinance (AWV). In the European area, the relevant financial sanctions regulations are EU Regulations 2580/2001, 881/2002 and 83/2011. Any trade or business relations with sanctioned persons, companies or countries are generally punishable by law. Non-compliance can result in heavy fines or even imprisonment. For this reason, companies must ensure that their business partners are not included on sanctions lists and address lists of embargoed EU regulations. In Germany, Deutsche Bundesbank's Financial Sanctions Service Center is responsible for implementing financial sanctions. It has at its disposal a catalog of measures ranging from prohibitions on the disposal and making available of funds (i.e., the "freezing of funds") to restrictions on payment transactions and reporting obligations. Pursuant to Sections 18 and 19 of the Foreign Trade and Payments Act (Aussenwirtschaftsgesetz, AWG), violations of financial sanctions can be punished as administrative offenses or criminal offenses.

In this context, the Money Laundering Act (GwG) should also be mentioned. The term money laundering refers to the integration of illegally acquired funds or assets into the legal financial and economic cycle. Violating the AMLA is a criminal offense according to Section 261 of the German Criminal Code (StGB) and can be punished with imprisonment. Companies must define internal regulations, guidelines and control mechanisms to prevent money laundering through effective and unavoidable measures, such as due diligence (Section 3 of the AMLA), which prescribes mandatory checks on all business partners.

Should a company enter into business relationships with persons or organizations on sanctions or embargo lists, it could face high penalties. To prevent this, the Compliance department needs to establish clear structures, suitable controls and transparent processes. It is the Executive Board's duty of care to create the necessary framework conditions.

2. Since 2001, the Government Commission on the German Corporate Governance Code (GCGC) has been dealing with principles, recommendations and suggestions for the Executive Board and the Supervisory Board based on the principles of the honorable businessman, and is aimed in particular at listed companies.

Its members are appointed by the German Federal Ministry of Justice and Consumer Protection (BMJ) and they review the standards of their code annually (for example, the updated 2022 version is currently being drafted).

As far as the treasury function is concerned, the focus is on Principles 4 & 5 in particular. Principle 4 provides that a suitable and effective internal control and risk management system is mandatory for the proper handling of the company's risks. Principle 5 goes on to state that the Executive Board must ensure compliance with legal requirements and internal policies. Accordingly, this requires an effective compliance process. In addition, attention should be drawn to the provision of information to the Executive Board and the Supervisory Board. In this context, Principle 15 is particularly relevant. Under this principle, the Executive Board is obliged to inform the Supervisory Board of developments relating to the risk situation, risk management, the general corporate strategy and your legal compliance. For this reason, effective systems and an established regular reporting process to the Executive Board are indispensable. Also with regard to the annual audit process, the control and risk management systems' effectiveness and compliance with the law is highly relevant, because the auditor also audits and examines systems relevant to financial reporting. The next section examines further ways in which the group of auditors can become involved in these issues and assume responsibility.

3. In order to ensure that companies are not on their own with the aforementioned challenges relating to corporate governance, the Institute of Public Auditors in Germany (Institut der Wirtschaftsprüfer, IDW) has also dedicated various auditing standards to this complex of topics, which are updated on an ongoing basis. In this way, a uniform standard for the quality assessment of financial functions is ensured in the market.

Particularly noteworthy in this regard are IDW EPS 980 and the series consisting of IDW PS 981, IDW PS 982 and IDW PS 983. This series generally relates to the audit of corporate governance systems. Auditing Standard 980 pertains to the design and auditing of compliance management systems (CMS) and was comprehensively revised in October 2021. It now takes into account new rulings, pronouncements and developments in the field of compliance. Auditing Standard 981 is dedicated to the principles of proper auditing of risk management systems and refers to paragraph (3) of Section 107 of the German Stock Corporation Act (AktG). Auditing Standard 982 is aimed at reviewing the internal control system as well as the internal and external reporting system. It refers to the core business as well as support processes and their management and control measures. Last but not least is Auditing Standard 983, which relates to the audit of internal auditing systems.

4. Illustrative timeline for implementing the minimum requirements before and after an IPO and leading examples from practice

An IPO, carve out or spin off, entails certain minimum requirements for a company so as to ensure the adequate management of liquidity and financial risks as well as the long-term financing of the company. An exemplary overview of these requirements on a timeline is provided with the following chart: 

Minimum requirements at the IPO closing date


Picture by KPMG, A. Redenz (Article „Corporate Governance bei Börsengängen“ published in March 2022)

The Treasury function's main focus is on the company's financial stability and thus its long-term continued existence as a going concern that is as profitable as possible. In order to ensure this on a lasting basis, it is necessary to plan liquidity in the short, medium and long term. Short-term liquidity planning is also referred to as cash planning, covering a horizon of two to five days. The purpose of cash planning is to optimize cash holdings in existing bank accounts and to determine precisely whether the company has excess or deficit liquidity in the short term. For the short to medium term, often a planning of 13 weeks on a weekly rolling basis is chosen. This is based on the fact that a quarter is easy to plan and measure and therefore temporary liquidity gaps can be identified and closed in good time with suitable measures before an impending insolvency. By doing so, the risk of the absolute worst-case scenario, the resulting obligation to file for insolvency, is reduced to the greatest possible extent. For the medium to long term, a planning horizon of 12 months on a rolling monthly basis is advisable. This time horizon follows the practical logic whereby the usual business transactions occur at least once within a year. As a result, the cash inflows and outflows that can be planned over the longer term are considered here and then analyzed to identify a liquidity situation that may be structurally challenging. Accordingly, any structural liquidity gaps can be identified and closed. The long-term financial planning takes place on a rolling annual basis over a horizon of 1-3 years. This involves planning – usually by Controlling – the strategic business development and its effects on the company's net assets and results of operations.

So, the statutory and regulatory minimum requirements not only necessitate the corporate governance structures described above, but also the mandatory implementation of an effective liquidity management system. Both sets of requirements are firmly anchored in Management's due diligence obligations. As mentioned at the beginning, treasury functions often vary significantly in their complexity. This complexity can stem both from the existence of significant market price risks and from multidimensional cash management. Therefore, tackling the requirements and implementing appropriate structures should be done in line with the prevailing complexity and in a timely manner prior to a "Day 1" in Treasury.

Source: KPMG Corporate Treasury News, Edition 120, April 2022
Nils Bothe, Partner, Finance and Treasury Management, KPMG AG
Cornelius Bonz, Manager, Finance and Treasury Management, KPMG AG 


1 AktG § 91 Abs. (3): „A listed company's Executive Board shall also establish an internal control system and risk management system that is adequate and effective in view of the scope of the company's business activities and risk situation.“