Corporate Criminal Liability: Preconditions to hold companies liable – and how to minimize risks

Companies are increasingly exposed to criminal investigations. Under Austria’s Corporate Criminal Liability Act (Verbandsverantwortlichkeitsgesetz – VbVG), criminal responsibility is no longer limited to individuals. Companies themselves may be held liable for criminal offences committed within their organization. For managing directors, shareholders and compliance officers, understanding the scope of corporate criminal liability is essential in order to manage legal, financial and reputational risks effectively.

1. Preconditions for corporate criminal liability in Austria

Corporate criminal liability is based on the attribution of a criminal offence to the company. This is the case where

  • an offence is committed for the benefit of the company, or
  • an offence results from a breach of corporate or organizational duties.

An offence is deemed to benefit the company, if it is intended to generate an economic advantage, such as unlawful profits, cost savings or the securing of business opportunities. Typical examples include falsified financial statements, unlawful price coordination, acts of corruption or tax-related crimes.

A breach of duty arises where legally or organizationally imposed obligations are violated. These duties often stem from civil, administrative or regulatory law requirements. In practice, even structural or organizational shortcomings may be sufficient to trigger liability – including cases where the offence was committed by a single employee.

2. Management misconduct vs employee misconduct

In Austria, it is being differentiated between offences committed by

  • management, or
  • employees.

Management includes all superior decision-makers such as managing directors, board members, authorized signatories, supervisory board members as well as individuals who exercise significant factual influence over the company, such as shareholders or de facto managing directors.

Where such decision-makers commit a criminal offence in their function, their conduct is directly attributed to the company. In practice, misconduct at management level almost inevitably leads to corporate liability.

In cases involving employee misconduct, the situation is more complex. The company may only be held liable, if the offence was enabled or materially facilitated by inadequate supervision or deficient organizational structures by management. Common risk factors include unclear responsibilities, missing approval processes, insufficient documentation or a lack of effective training and controls.

3. Potential consequences for companies

  • Monetary fines

If liability is established, courts may impose substantial monetary fines. The amount is determined by the statutory penalty applicable to the underlying criminal offence and the company’s financial capacity. Depending on the offence, fines may reach several million euros.

A company’s management’s behavior during the investigation is a key mitigating factor regarding the amount of the fine. Cooperation with authorities, prompt internal investigations, remediation of damage and the implementation or enhancement of compliance measures can significantly reduce sanctions. In some cases, prosecutors may even refrain from pursuing charges altogether.

  • Other consequences

Criminal proceedings rarely affect companies in isolation. Even the status of being under investigation can result in reputational damage, regulatory consequences and considerable economic harm.

4. Greatest risks for companies

Corporate criminal proceedings most commonly arise in the context of economic and financial crime, including fraud, breach of trust, corruption, anti-competitive conduct and tax offences. Violations relating to environmental protection, occupational safety or product safety may also give rise to corporate criminal liability.

Notably, companies are often not prosecuted because of deliberate criminal conduct, but because internal structures were inadequate or poorly documented. Deficient control mechanisms and unclear governance structures remain among the most frequent triggers for corporate criminal investigations.

5. How can companies reduce their exposure?

Effective prevention is the most important tool for managing corporate criminal risk – and is expressly taken into account by prosecutors and courts:

  • A robust and well-designed compliance framework serves not only as a preventive measure, but also as a key defense. In practice, it may determine whether proceedings are discontinued or resolved through alternative measures.
  • Clear governance structures are essential. Responsibilities, decision-making processes and control mechanisms must be transparent, documented and consistently applied.
  • An effective internal control system, including risk assessments, approval processes and regular audits, is the backbone of modern compliance.
  • Equally important are clear policies and a credible “tone from the top”. Guidelines on anti-corruption, conflicts of interest and anti-money laundering should be practical, accessible and embedded in day-to-day operations.
  • Targeted and regular training is particularly important in high-risk areas such as sales, procurement, finance and senior management. Beyond awareness, training also creates valuable documentation that can prove critical in defense.
  • Finally, companies should act swiftly if concerns arise. Internal investigations, early fact-finding, data preservation, cooperation with authorities and – where appropriate – remediation can significantly limit legal and economic exposure.

6. Conclusion

Corporate criminal liability in Austria is firmly established in practice. The framework clearly rewards prevention, transparency and cooperation.

Companies that invest in clear structures, actively manage compliance risks and treat compliance as an integral part of their corporate culture significantly reduce their exposure – and are far better prepared should an investigation arise. This is particularly relevant in cases of employee misconduct, where corporate liability depends on management or organizational failures.

Do you require legal support?

We support companies in all matters of corporate criminal liability – from preventive compliance advice and internal investigations to defense in corporate criminal proceedings. We also assist with the implementation of compliance systems, employee training and risk assessments.

Contact LEUKOS for a confidential consultation.

Managing Director Liability – Business Judgment Rule

Managing directors constantly face critical business decisions that shape the success of their companies. The economic outcome of these decisions is often uncertain by nature. Investments, strategic realignments, and everyday business operations all involve both opportunities and risks. Effective risk management and well-informed decision-making are therefore essential for sustainable business growth and long-term corporate success. Austrian corporate law recognizes this business reality and does not hold managing directors liable for every incorrect decision. Instead, it provides an important legal safeguard: the Business Judgment Rule.
This principle clarifies that liability does not depend on whether a business decision ultimately leads to economic success or failure. Rather, the decisive factor is how the decision was made.
read more

Cybercrime and Jurisdiction: When are Austrian authorities competent?

Cybercrime offences are among the most dynamic and fast-developing areas of criminal law. Attacks are typically cross-border in nature: perpetrators and victims are often located in different jurisdictions, and the underlying technical processes are complex. As a result, affected individuals and businesses frequently ask:
read more
show all blog entries

Dr. Paul Krepil

Partner | Attorney at Law

Paul Krepil is an attorney at law and partner at LEUKOS Attorneys at Law. His practice focuses on litigation, white-collar crime and (international) arbitration. He has 10 years of experience acting as counsel and defense attorney in cross-border cases. In addition, he has been repeatedly recommended as a Key Lawyer by the renowned legal guide Legal500.

„Paul Krepil was incredibly well prepared and always kept everything together.” – Legal500 (2024)

 

„Paul Krepil knows the case in depth, quick and useful responses. He typically knows even minor details by heart.” – Legal500 (2023)

Professional Background

since 2025
2021 – 2025
2016 – 2021

LEUKOS Attorneys at Law
Cerha Hempel
Wolf Theiss

University of Vienna (Dr.iur. and Mag.iur.), Austria
University of Edinburgh, Scotland

  • Representing a global tech company in mass proceedings concerning alleged GDPR violations.
  • Successfully defending a real estate entrepreneur in criminal proceedings, resulting in an acquittal on all charges including aggravated fraud, fraudulent insolvency and accounting fraud.
  • Strategically resolved a mass claim litigation involving over 120 claims through a combination of successful court proceedings and favorable settlements for the client.
  • Representing a financial institution in enforcement proceedings related to an arbitration award exceeding EUR 200 million.

  • Providing legal advise in enforcement proceedings arising from a multi-million-euro investment arbitration.

  • Cybercrime und inländische Gerichtsbarkeit (ecolex 2025)
  • Schutzmaßnahmen als Haftungsminimierung für Unternehmen und ihre Organe in Brewi/Royer (Hrsg.), Praxishandbuch Cybercrime (Linde 2025)
  • Obstructing Arbitral Proceedings at Their Beginning: A Bumpy Road (Not) to Take in Austrian Yearbook on International Arbitration 2024 (Manz 2024, co-author)
  • Regular presentation and courses for the academy for law and taxes in contract law – “Einführung in das Vertragsrecht” (ARS)
  • Litigation & Dispute Resolution, 2024, 17th Edition, Austria, International Comparative Legal Guide (ICLG, 2024, Co-Autor)
  • The Banking Litigation Law Review – Austrian Chapter, 5th Edition (Law Business Research 2021; Co-Autor)
  • Class & Group Actions 2019: International Comparative Legal Guide, 11th Edition (ICLG 2019; Co-Autor)
  • Foreign Investments in Austria, ABA Section of International Law, Issue 17, August 2018 (Co-Autor)
  • Global Legal Insights – Bribery & Corruption: Austrian Chapter (GLI 2018; Co-Autor)
  • The Class Action Law Review – Austrian Chapter, 2nd Edition (Law Business Research 2017, Co-Autor)

Team

Mag. Claudia Brewi

Partner | Attorney at Law

Claudia Brewi is an attorney at law and partner at LEUKOS Attorneys at Law. Her core practice areas include white-collar crime, cybercrime, litigation and compliance. She has extensive experience as defense or victim’s counsel in complex white-collar cases as well as representing clients in civil disputes with an economic and corporate nexus. In addition, she is a founding and board member of the Austrian White Collar Crime Association (AWCCA).

Professional Background

since 2025
2021 – 2025
2017 – 2021

LEUKOS Attorneys at Law
Paulitsch Law
Wolf Theiss

University of Vienna (Mag.iur.), Austria
University of Oslo, Norway

  • Advising and representing a tax advisor in complex civil proceedings concerning alleged damages in the millions due to alleged incorrect advice; several (partly already legally binding) dismissals of claims were achieved.
  • Successful criminal defense of an entrepreneur from the real estate industry with acquittal on all charges (allegations including aggravated fraud, fraudulent insolvency and accounting fraud)
  • Representation of victims of large-scale crypto fraud cases in Austria, Germany and Switzerland.
  • Acting on behalf of an international IT company as a private party in connection with multi-million-euro in damages arising from embezzlement and money laundering.
  • Online-Presentation – Das österreichische Unternehmensstrafrecht (Verbandsverantwortlichkeitsgesetz): same same but different? (WisteV/AWCCA 2025)
  • Checklist: Aktuelle Cybercrime-Phänomene und Präventionsmaßnahmen für Unternehmen (ecolex 2025)
  • The International Anti-Corruption Academy’s Annual Conference on Global Trends and Challenges in Preventing and Combating Corruption Vortrag: From Corruption to Laundering in Austria/Europe: Legal and Practical Responses to an Evolving Threat (IACA 2025)
  • Co-Editor and Author of Praxishandbuch Cybercrime: Cybercrime – eine Bestandsaufnahme, Online- und Krypto-Betrug, Aktuelle Entwicklungen und Ausblick (Linde 2025)
  • Ecolex Talks – Do’s and Don’ts im Strafrecht (Manz 2025)
  • The International Anti-Corruption Academy’s Annual Conference on Global Trends and Challenges in Preventing and Combating Corruption Vortrag: New trends in AML/CFT from the financial sector perspective (IACA 2024)
  • Presentation at the AML-Conference: AML- und Betrugs-Compliance (ARS Akademie 2024)
  • Strafbarkeit wegen Geldwäscherei durch Unterlassen? (ecolex, co-author)
  • Verschärfung des Korruptionsstrafrechts (ecolex, co-author)
  • Expert panel on risks in the Darkweb (SMJ partners, AWCCA and Darkowl 2023)
  • Presentation at blockchain-REAL: Crypto-Crime – Aktuelle Betrugs- und Geldwäschefälle (Linde und GEWINN 2022)
  • Linde Podcast #96 – Crypto Crime (Linde 2022)
  • The Asset Tracing and Recovery Review – Austrian Chapter, 7th and 8th Edition (Law Business Research 2019 und 2020, Co-Autorin)

Team

Inhouse Outsourced

Outsourced
Legal department

For some companies, maintaining an in-house legal department is not economically viable. Even established legal teams can quickly reach their limits during periods of increased workload or staffing shortages, particularly in legally sensitive situations. We support your business flexibly, quickly and reliably in all legal matters – so you can focus entirely on your core business.

  • Corporate Housekeeping
    Ongoing legal support for companies, from incorporation to amendments of articles of association or changes in shareholder structure.
  • Claim Management
    Coordination and handling of contentious matters including strategic and legal support in disputes and conflicts.
  • Crisis Management and Crisis Communication
    Legal assistance in critical situations as well as strategic guidance on internal and external communication.
  • Data Protection (GDPR)
    Advisory on the implementation of data protection requirements, drafting of guidelines and support during regulatory audits.
  • Contract Drafting and Contract Negotiations
    Drafting of tailor-made contracts to safeguard company interests as well as legal support during negotiations to strengthen the company’s position and minimize risks.
  • Contract Management
    Structured administration, monitoring and adaption of existing contracts including deadline management.
  • Intellectual Property Law and Unfair Competition
    Protection of intellectual property (trademark applications, etc.) and opposing unfair business practices by competitors.

Cyber and Crypto Crime

Digitalization has led to a rapid increase and evolution of crimes in the worldwide web. Cyberattacks can hit both companies and private individuals suddenly and severely. We help you assess complex online crimes from a legal perspective, minimize financial losses and assert your rights effectively.

  • Crypto and Online Fraud
    Initial legal assessment, case analysis and enforcement of claims in cases of crypto fraud, investment and trading scams, romance scams, pig butchering schemes, fake online shops, impersonation scams and similar online fraud schemes.
  • Prevention and Compliance
    Development and implementation of guidelines, trainings and preventive measures to minimize digital risks.
  • Attacks on IT systems
    Legal advice and crisis management in cases of hacking, phishing, ransomware, fraudulent data processing, misuse of access credentials, data forgery and data damage.
  • Online Harassment and Abuse
    Legal support in cases of coercion, threats, stalking, cyberbullying, hate speech and online defamation.
  • Identity Theft and Online Manipulation
    Legal support in cases involving order fraud, CEO fraud, money laundering, data protection breaches and reputational harm.
  • NIS 2 Directive and Data Breaches
    Advice on security requirements, obligations and organizational measures for affected companies. Assistance in managing data protection incidents including data-breach notifications and communication with authorities.

White-Collar Crime

Criminal risks can affect companies and individuals unexpectedly. We provide comprehensive support to handle critical situations professionally, discreetly and with legal certainty. We safeguard your rights throughout all stages of criminal proceedings, guide you through challenging situations and ensure that your position is represented effectively and strategically.

  • Economic Crimes
    Consistent representation in cases of economic and business-related offences such as fraud, fraudulent insolvency, embezzlement, breach of trust, accounting offences, money laundering, misuse of trade or business secrets, forgery and other related matters.
  • Defense in Investigations and Criminal Proceedings
    Support and advice at every stage of criminal proceedings – from initial questioning to dawn raids, seizures, asset freezes and full defense representation before the criminal court.
  • Victim Representation
    Assertion of victims’ rights and claims of private parties or private prosecution to effectively protect economic and personal interests.
  • Corruption
    Legal advice and defense in cases involving abuse of power/office, acceptance of advantages, bribery and other corruption-related offences.
  • Compliance
    Development, optimization and implementation of guidelines, training programs and preventive measures to minimize risks for employees and companies.
  • Internal Investigations
    Discreet and independent clarification of internal matters to minimize criminal liability risks including interviews, document analysis and structured reporting for internal or external use.
  • Appeals and Remedies
    Review and filing of objections, complaints and appeals against acts or decisions of investigative authorities and courts.

Disputes

We represent our clients in contentious disputes before state courts and arbitral tribunals. Our services include enforcing claims, defending against unjustified claims and guiding our clients through payment, enforcement and insolvency proceedings. We also provide strategic support outside of court through assertive correspondence as well as efficient claim and enforcement management.

  • Advising in Civil Law Matters
    Legal advice across all areas of civil law, including damages, warranty, product liability and unjust enrichment.
  • Corporate and Commercial Disputes
    Legal support in shareholder disputes, director and officer liability and matters related to the Business Judgment Rule.
  • Representation before State Courts (Litigation)
    Comprehensive legal representation before state courts in all areas of civil law (i.e. damages claims, declaratory actions and injunctions) including strategic case management and targeted litigation preparation.
  • Arbitration
    Representation in domestic and international arbitration cases under various rules (i.e. VIAC, ICC, UNCITRAL) as well as ad hoc arbitration proceedings.
  • Out-Of-Court Representation
    Preparation of targeted legal demand letters and efficient out-of-court interventions to resolve disputes.
  • (European) Payment Orders
    Supporting with asserting monetary claims including initiating payment orders and representation in objection proceedings.
  • Debt Collection
    Efficient identification, securing and recovery of assets to enforce outstanding claims.
  • Enforcement Proceedings
    Securing and satisfying claims as well as enforcing final judgments through injunctions, seizures, enforced sale of assets and other enforcement measures.
  • Recognition and Enforcement of Foreign Arbitral Awards
    Legal representation in recognition and enforcement proceedings concerning domestic and international arbitration awards.
  • Insolvency Cases
    Legal advice and support with claim submissions as well as representation in insolvency related disputes.