Jump to main content

German Limited: Is the managing director liable for damages in case of phishing attacks?

Company law

German Limited: Is the managing director liable for damages in case of phishing attacks?

In its ruling of 18 August 2022, the Higher Regional Court of Zweibrücken (AZ 4 U 198/21) denied a claim for damages against a GmbH managing director who had been induced to transfer money to the detriment of the GmbH by fraudulent phishing emails.

First, the Senate denied a liability claim of the GmbH against the managing director under § 43 para. 2 GmbHG. Although the managing director had acted with slight negligence, he had not violated any duty he had in his capacity as managing director. This was because the transfer had usually been a task of the accounting department; the company management was not affected. For such activities, which could just as well have been carried out by a third party and which had only been carried out on the occasion of the management, there was no liability on the part of the executive board.

Liability was also excluded due to the knowledge of the GmbH in the person of the sole shareholder and co-managing director. The sole shareholder had been involved in the e-mail communication in "cc" and yet had not intervened. Thus, there was tacit consent, which rendered the liability of the managing director void.

Ultimately, a claim for damages for breach of the employment contract was also out of the question.

The judgement is not legally binding, the appeal was admitted. The reasoning of the OLG Zweibrücken is not compelling. The fact that all payments are not under the responsibility of the management is not mandatory, some payments are usually to be released by the management. In addition, there could be organisational fault on the part of the managing director due to inadequate protective measures (anti-phishing software and spam filters), but the court did not examine this. Also questionable is the opinion that the shareholder's tacit consent was assumed by the mere inclusion in the e-mail correspondence. We look forward to the BGH's decision.