Home / Expertise / Commercial / Compliance



We identify the risks...

It goes without saying that business enterprises (and their officers) always had to adhere to various rules. However, until recently there were no risk managers, compliance officers and integrity managers. The universe in which companies and institutions operate has changed as a result of a significant increase of both national and international legislation, the introduction of numerous codes of conduct, new forms of supervision and unprecedented demands regarding accountability and transparency.

Infringements can easily result in serious repercussions affecting the enterprise and possibly its board members and other stakeholders: prosecution, investigations, litigation, penalties, loss of business, sanctions, blacklisting, liabilities, reputational damage, decrease of stock value, and so on.

Hence the prominent role which regulatory compliance has come to play. Full awareness of all applicable rules and codes (including non-binding guidelines relating to social or other community issues, business ethics, sustainability and other, similar matters) has by now become an absolute need. Each company (possibly with the exception of small enterprises) should have programs in place to ensure a sufficient degree of awareness, adequate risk assessment and management, and to warrant appropriate reporting both internally and towards the public.

...to help preventing accidents.

Experts at CMS give advice in all areas of regulatory compliance. Head of the team is Katja van Kranenburg.

  • Corporate Governance: the 2003 corporate governance code as amended, the way it is applied, the principles that are applicable to unlisted companies, conflicts of interest, disclosure requirements. Contact persons: Martijn van der Bie and Erik Vorst.
  • Financial sector: financial supervision, insider trading, rules governing securities' trading, the banking code, disclosure obligations of listed companies, compliance with terms of permits and exemptions. Contact person: Reinout Slot.
  • Insurance sector: sector supervision, supervision of pension funds, risk management for insurance companies. Contact person: Leonard Böhmer.
  • Pharmaceutical industry: regulations applicable to pharmaceuticals, market structure, permits and admission of products, tariffs, compensation and reimbursement systems, budgeting. Contact person: Ellen Gielen.
  • Competition law: national and eu, behaviour in relation to competitors, customers and suppliers; handling of dawn raids. Contact persons: Robert Bosman and Edmon Oude Elferink.
  • Employment law: remuneration policy, non-discrimination, codes of conduct, whistleblower schemes, etc. Contact persons: Katja van Kranenburg and Barbara Veldmaat.
  • Insolvency law: rights and obligations in the event of (imminent) inability to pay, and restructuring of companies in financial distress. Contact person: Marc van Zanten.
  • Data protection and privacy: use and transfer of personal data, the use of email and the internet, 'binding corporate rules'. Contact person: Edmon Oude Elferink and Simon Sanders
  • Fraud: tax and economic offences, insider trading, money laundering, bribing, trade restrictions and embargo's. Contact person: Edmon Oude Elferink
  • Administrative law: permits and licences, environmental law, safety legislation, working conditions, food and drink safety and health issues, transparency obligations, availability of information, governmental supervision, official investigations, public enforcement issues (and penalties, withdrawal of permits). Contact person: Luurt Wildeboer.

The services include: performance of a compliance due diligence identifying and describing any relevant risks; bringing existing agreements, general terms, templates,, forms and the like in line with requirements; drawing up manuals for internal use; providing information and training courses to management and staff; drawing up internal codes of conduct and checklists; putting together whistleblower schemes; providing advice on system modifications, including it systems; establishing crisis scenarios.

Read more Read less
January 2019
The ten­sion between GDPR and the rise of block­chain tech­no­lo­gies
We live in an era of rap­id tech­no­lo­gic­al de­vel­op­ment. Though this provides hu­man­ity with amaz­ing op­por­tun­it­ies to en­hance our stand­ard of liv­ing, it also forces law­makers to work around the clock to ana­lyse and cap­ture the im­plic­a­tions of the tech­no­logy in­to le­gis­la­tion. The same is true for the sub­ject of this pa­per – the ten­sion between the re­l­at­ively new Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) and the quick rise of block­chain and oth­er dis­trib­uted ledger tech­no­lo­gies (DLTs).GDPR was draf­ted based on a world in which cent­ral­ised and iden­ti­fi­able act­ors con­trol per­son­al data. Block­chain works rad­ic­ally dif­fer­ently. This tech­no­logy aims to move the power over per­son­al data away from cent­ral­ised en­tit­ies by pro­cessing it in a de­cent­ral­ised en­vir­on­ment. One could ima­gine that the pro­cess of ap­ply­ing le­gis­la­tion based on a cent­ral­ised view to tech­no­logy without a clearly iden­ti­fi­able cent­ral­ised en­tity might cause some ten­sion. However, the de­cent­ral­ised nature of block­chain tech­no­logy is not the only factor that causes leg­al and com­pli­ance chal­lenges.The near im­mut­ab­il­ity of trans­ac­tions, of code (e.g., smart con­tracts) and, in gen­er­al, of blocks in a block­chain po­ten­tially af­fects the rights of data sub­jects.This pa­per briefly ad­dresses three main is­sues arising out of the ten­sion between the GDPR and block­chain.
June 2019
CMS Com­mer­cial Glob­al Bro­chure
Com­mer­cial law reaches in­to all sec­tors. It is the core of every busi­ness.Today’s in­creas­ingly reg­u­lated mar­kets de­mand that op­er­at­ors man­age com­mer­cial risk as they work to­wards their busi­ness ob­ject­ives. Suc­cess de­pends on suc­cess­ful re­la­tion­ships with cus­tom­ers and sup­pli­ers, based on ef­fect­ive sec­tor-spe­cif­ic con­tracts. Busi­nesses need the right leg­al an­swers, groun­ded in the con­text of their spe­cif­ic mar­kets. Our mul­tidiscip­lin­ary teams are trained to un­der­stand the cul­tur­al and busi­ness factors im­pact­ing our cli­ents’ com­mer­cial ar­range­ments.
Sub­scribe to Com­mer­cial top­ics


Show only
August 2019
Avoid­ing ugly head­lines
Com­pli­ance in es­ports
26 March 2018
McHardy with­draws in­junc­tion re­quest – Is this a vic­tory for open source?
After the with­draw­al of re­quest for in­ter­im in­junc­tion in Co­logne High­er Re­gion­al Cour­ton March 7, can users of open source soft­ware breathe a sigh of re­lief or does this with­draw­al give rise to false...
Token­ized As­sets: How to is­sue Tokens on the Block­chain
19 March 2018
Open Source Com­pli­ance
Open source com­pli­ance fail­ures can pose a ser­i­ous threat to af­fected com­pan­ies. Here is an over­view. After the first open source li­cense was en­forced by a Ger­man court in 2004, there is no longer any...
Token­ized As­sets: Pur­pose Built As­set Token Block­chains
30 October 2017
ECJ Rules on when a com­pany owned by a con­tract­ing au­thor­ity is gov­erned...
IN­TRO­DUC­TION A re­cent rul­ing of the European Court of Justice (ECJ) has con­firmed that a wholly owned sub­si­di­ary of a con­tract­ing au­thor­ity can it­self be re­garded as a ‘body gov­erned by pub­lic law’...
Spot­light on com­pli­ance with work­ing time re­gis­tra­tion sys­tem
CJEU de­cision tight­ens work­ing time reg­u­la­tions
30 October 2017
What next for in­ter­na­tion­al data trans­fers?
Sum­mary The Ir­ish High Court has made a pre­lim­in­ary ref­er­ence to the Court of Justice of the European Uni­on (the “CJEU”), ask­ing wheth­er stand­ard data pro­tec­tion clauses (“stand­ard clauses”)...
AB In­Bev hit with a EUR 200 mil­lion fine for re­stric­tion of cross-bor­der...
20 September 2017
Pub­lic Coun­try-by-Coun­try Re­port­ing; Tax­pay­er­s' Rights
Ap­pro­pri­ate Use of Coun­try-by-Coun­try Re­ports The OECD has now pub­lished Guid­ance (avail­able here) on the ap­pro­pri­ate use of Coun­try-by-Coun­try Re­ports (‘Cb­CRs’) by na­tion­al tax au­thor­it­ies. This...
May 2019
The Ver­dict
Round-up of cor­por­ate crime de­vel­op­ments across CMS jur­is­dic­tion­s'
13 September 2017
The ap­plic­a­tion of EU mer­ger con­trol cla­ri­fied: no EC no­ti­fic­a­tion re­quired...
In the first ever pre­lim­in­ary rul­ing on the EU mer­ger con­trol re­gime, the Court of Justice of the European Uni­on ("CJEU") brought much needed clar­ity on wheth­er the shift from sole con­trol to joint con­trol...