A lot has been said and written about the Wirecard scandal in Germany. Books and scholarly articles have been published, movies about the case are blockbusters in theatres. Therefore, just briefly here: Wirecard was the poster child start-up company in Germany, active as an (online) payment service provider. The German federal government lobbied for Wirecard with its international counterparts. In summer 2019, Wirecard publically announced that an amount of approx. EUR 2 billion on its balance sheet was missing. Wirecard’s auditors refused to certify the accounts. Wirecard filed for insolvency. Criminal and civil proceedings are underway in Germany because of this scandal.

The most recent legislative consequence of the Wirecard scandal is the newly enacted FISG, i.e. the Act for the Strengthening of the Integrity of the Financial Markets.[1] Its rules generally do not bring about new models or ideas to fulfil the goal of preventing new scandals. The tools used by the German federal government in the FISG were already in place. They are now simply tightened. The FISG addresses a multitude of subjects regarding financial reporting and corporate governance amongst others. Not all of them appear to have a direct connection to the Wirecard scandal. However, one of the focal points of the FISG is the implementation of tightened rules for auditors. Most of these rules are a direct answer to the Wirecard scandal.

After the draft law for the FISG was presented on 16 December 2020, it was debated twice in the German parliament, first on 4 March 2021 and again on 20 May 2021. The Federal Counsel (Bundesrat) agreed to the law on 28 May 2021. The FISG came into force on 1 July 2021. However, there are various transitional provisions included in the law.

Legislative changes for auditors under the FISG

As mentioned, the FISG addresses multiple topics. Some of the most impactful changes were made regarding auditors and auditing firm. The following three changes are the most prominent in this regard:

1.                  Increase of auditors liability

Section 323 of the German Commercial Code (HGB) deals with the statutory liability of auditors in Germany. Under the previous version of the statute, the liability for auditors was capped at EUR 1 million per audit or EUR 4 million per audit for publicly noted companies. This statutory liability cap even applied in case of gross negligence. The FISG now makes it tougher on auditors. Since 1 July 2021, the liability for gross negligence is unlimited when auditing a publicly noted company.[2] The FISG also quadruples the liability cap per audit regarding publicly noted companies to EUR 16 million.[3] Furthermore, with regard to non-capital market oriented credit institutions and insurance companies the liability cap is now EUR 4 million and for all other companies it was increased to EUR 1.5 million.[4]

2.                   Stricter rules about auditor rotations

The FISG also implements new and stricter rules regarding auditor rotations. The new rules stipulate that companies cannot have the same auditing firm for more than ten years running. Article 86 (2) of the Introductory Act to the German Commercial Code (EGHGB) implements a transitional provision which gives companies the option to extend their running business relationship with an auditing firm for a maximum of two additional years if the maximum period of ten years has already expired on June 30, 2021. However, for this rule to apply the company has to go through a selection and proposal process.[5] In addition, the FISG accelerates the internal rotation of the responsible auditor in companies of public interest (i.e. publicly noted companies, banks, and insurance companies). The responsible auditor can be defined as the auditor who signs the auditor’s report or has been named as the primarily responsible auditor. Instead of every seven years, such auditor must change every five years under the new laws.[6]

3.                  Auditors’ conflict of interest

The FISG aims to prevent conflicts of interest in order to strengthen the integrity of the financial markets in Germany. Before the FISG, German law allowed auditors to simultaneously provide a spectrum of consulting and auditing services to a company.[7] The business model of auditing and providing tax advice or assessment services at the same time is now prohibited in regards to companies of public interest.[8] Other advisory services can only be provided under stricter rules.[9] An auditor who breaches the new prohibition faces a fine of up to EUR 500,000. Additionally, auditing firms can be sanctioned if they provide services that breach these prohibitions. The fines can reach up to EUR 5 million.


The FISG is a direct reaction to the Wirecard scandal. It significantly increases the responsibilities and liabilities of auditors. However, it is not entirely clear if these rules would have or could have prevented the scandal or will prevent a similar scandal in the future. The Institute of Public Auditors in Germany (IDW) voiced its concern most prominently in its announcement of 19 May 2021 stating that the new provisions do not remedy the lack of responsibility of auditors (“FISG behebt Verantwortungsmangel nicht[10]). In the opinion of the IDW, the German financial industry does not need more regulation, it needs more sense of responsibility. That raises the question whether increased liabilities will lead to more responsibility in the future.

Not only will the FISG probably not prevent future scandals – legislative changes hardly prevent scandals -, insurers might be hesitant to cover high liability risks under the FISG – or drastically increase premiums. None of this appears to lead to a future of strengthened integrity on the financial markets. Yet, is this not the title and goal of the FISG?

[1]           See already: Draft law provides for drastic increase of auditors’ liability in Germany – Global  Litigation News ( and Unlimited Liability for Auditors in Germany? – Global Litigation News (

[2]           § 323 Sec. 2 Sentence 2 HGB.

[3]           § 323 Sec. 2 Sentence. 1 No. 1 HGB.

[4]           § 323 Sec. 2 Sentence 1 No. 2, and 3.

[5]           Article 16 EU-APrVO.

[6]           § 43 WPO Sec. 6 Sentence 2.

[7]           § 319a HGB.

[8]           Art. 5 REGULATION (EU) No 537/2014 of the European Parliament and of the council of 16 April 2014.

[9]           Id.



Dr. Max Oehm is a member of Baker McKenzie’s Dispute Resolution Practice Group in Frankfurt. Max has a particular focus on international arbitration and ADR in infrastructure projects and post-M&A disputes, often involving projects in Europe and South America. As a litigator, he advises in cases of professional liability of auditors, tax advisors and investment banks as well as in strategic / risk-relevant issues in connection with such services. Max holds a doctoral degree from the University of Mainz, Germany, and obtained a master’s degree in law at Boston University, USA, where he was awarded the American Law Outstanding Achievement Award. Max writes and speaks regularly on international arbitration and professional liability issues. He teaches at the University of Mannheim, Germany.


Lennart Schrick is an Associate in the Baker McKenzie Dispute Resolution team based in Frankfurt