The US "White-Collar Enforcement Plan" in the focus of German corporate practice

In May 2025, the Criminal Division of the US Department of Justice published a concept for realigning the white collar strategy. The so-called "White Collar Enforcement Plan" aims to fundamentally restructure US law enforcement by combining economic policy objectives with the strengthening of the domestic and global compliance architecture, promising companies that voluntarily self-report a binding suspension of proceedings if they cooperate and implement effective remediation measures.

At the heart of the concept is a strategic focus on high-risk areas of economic crime that prioritise the protection of public funds, national security and the integrity of financial and procurement markets. The Criminal Division explicitly identifies ten priority crime areas, including healthcare fraud, foreign trade offences, complex investment fraud schemes, violations of US sanctions, money laundering via shadow banking structures and offences relating to digital assets.

The central element of the reform is the revised "Corporate Enforcement and Voluntary Self-Disclosure Policy" (CEP). This provides for the first time that companies are offered the prospect of a binding suspension of proceedings in the event of voluntary self-disclosure, comprehensive cooperation and effective remediation measures.

In addition, companies whose voluntary disclosure is made in good faith but not in due time or form are promised considerable relief in terms of legal consequences. This also applies to voluntary disclosures that fulfil the formal requirements but do not fall within the scope of the privileged suspension of proceedings due to aggravating circumstances that justify criminal prosecution ("near miss"). In these cases, the Criminal Division can, for example, offer a non-prosecution agreement (NPA) with a shortened term (maximum of three years) or the waiver of a compliance monitor order. This option is supplemented by a possible reduction of the threatened penalty by up to 75 per cent.

The plan also provides for a limit on the appointment of independent monitorships to implement an effective compliance programme. The current practice of using external monitoring organisations is now to give way to a commercially-driven and proportionate case-by-case assessment. In particular, the following assessment criteria will be taken into account

• the likelihood that the criminal behaviour will be repeated,
• the existence of effective official supervisory mechanisms,
• the demonstrable effectiveness and organisational anchoring of the internal compliance system and
• the company's ability to analyse risks independently.

The reform will be supplemented by the expansion of the "Whistleblower Awards Pilot Programme", which was already introduced in 2023. In future, prizes will also be awarded for evidence of corporate involvement in transnational crime, terrorist financing, sanctions evasion or customs offences - provided that the evidence leads to a forfeiture of at least one million US dollars. The maximum reward continues to be the considerable sum of up to 50 million US dollars.

A structurally comparable, centralised enforcement plan is still lacking in Germany. The draft of an Association Sanctions Act (VerSanG-E), which was presented in 2020 but ultimately failed, would have introduced a coherent corporate criminal law that also provided incentives for cooperation, voluntary disclosure and internal clarification. In the absence of a statutory implementation, the sanctioning of legal entities remains in the administrative offences law pursuant to Sections 30 et seq. OWiG. The Whistleblower Protection Act (HinSchG), which came into force in June 2023, focuses primarily on protection mechanisms under labour law and has no direct effect in the area of criminal law incentives to cooperate, as provided for in the White Collar Enforcement Plan.

Despite the structural differences between the US enforcement plan and the German legal system, there are, however, conceptual parallels in the consideration of internal company information and compliance measures in the context of sentencing and fines. While the Enforcement Plan expressly provides for the prospect of proceedings being discontinued in the event of voluntary disclosure, cooperation and effective remediation, there is no equivalent normative structure in German law. Nevertheless, a certain harmonisation process can be seen at the level of the application of the law.

In its decision of 9 May 2017 (1 StR 265/16, para. 118 f.), the Federal Court of Justice clarified that internal investigations and an effective compliance management system can have a mitigating effect when assessing a fine in accordance with Section 30 OWiG, particularly if they contribute to clarification and make future offences more difficult. This case law was confirmed in the decision of 22 April 2022 (5 StR 278/21). Within the scope of application of the General Data Protection Regulation (GDPR), supervisory authorities also take into account mitigating factors if companies can prove that they have a functioning data protection management system. In its guidelines on the calculation of fines (Guidelines 04/2022), the European Data Protection Board emphasises that cooperation with the authority and preventive measures can reduce the amount of the fine in accordance with Art. 83 GDPR.

It can therefore be seen that even if there is no legal basis to date, German courts and authorities also recognise substantial compliance efforts in the calculation of fines - provided they credibly address structural deficits and demonstrably contribute to prevention.

However, the US enforcement plan is also relevant for German companies. The scope of application is open if there is an indirect connection to the United States. This is the case, for example, if

• transactions are carried out in US dollars,
• subsidiaries or permanent establishments are maintained in the USA,
• business relationships exist with US contractual partners,
• components from the USA are integrated into global supply chains or
• the company is listed on a US stock exchange.

Due to the extraterritorial reach of US criminal law, even offences committed outside the United States may be subject to criminal prosecution if they violate US sanctions law, export control regulations or money laundering provisions.

However, the enforcement plan also opens up opportunities: companies that carry out internal investigations, file voluntary disclosures at an early stage, effectively remedy irregularities and cooperate can hope for concrete mitigation or dismissal of proceedings. Internationally active companies with US connections should therefore proactively align their compliance and investigation processes with the standards of the enforcement plan in order to react early and minimise regulatory risks in a targeted manner.

If you require further information or support in adapting your compliance structures to national or international requirements, the experts at KPMG will be happy to assist you.