The impact of criminal matters on business

In this text, we would like to present the main trends related to criminal law issues in daily business practice. In our day-to-day practice, we mainly handle white-collar crime cases. We provide legal services at all stages of the proceedings for clients both as attorneys of injured parties, and as defence counsels. Usually we deal with cases involving economic crimes such as fraud, embezzlement, offences of a corruption nature, acting to the detriment of the company, money laundering, etc.

What are the current trends in white-collar crimes practice?

Currently, more clients are asking us to provide legal services in cases concerning environmental offences and cybercrimes.

Regarding environmental offences, these cases are directly related to the day-to-day operation of a clients’ facilities, factories and organisation. Environmental incidents that pollute water, air or land may bring serious consequences for both companies and individuals acting in the name of companies, including members of the management boards or high-ranking managers.

Despite the fact that under Polish law only individuals may bear criminal liability and only they may be charged, in the Polish legal system there is the Act on Collective Liability of Collective Entities for Acts Prohibited Under Penalty (ALCE), which regulates issues of quasi-criminal liability of commercial companies. The companies may incur quasi-criminal liability for certain offences committed by individuals after fulfilling the requirements detailed in the ALCE. In the case of environmental offences, contrary to others, the prerequisite of a prior final judgment prejudging the commission of an offence by an individual acting on behalf of the company is not required to bring companies to responsibility. Sanctions for companies may be financial ie up to PLN 5,000,000.00, or some other, such as prohibition for applying for public contracts.

The actual enforcement of the ALCE as currently stated is rare and the fines imposed on entities are not high. However, the Polish government is working on an amendment to the ALCE that aims to increase the effectiveness of this act, reduce the requirements for company’s liability, and introduce severe sanctions.

What problems do businesses face with regard to cybercrimes?

As a part of our practice we have noticed various cyber-scams which harm business. Our experience shows that companies are mostly exposed to business e-mail compromise (BEC). Based on our practice, the common threats are also website spoofing and ransomware attacks.

BEC is a cyber-scam that targets businesses performing legitimate transfer of funds. Most often, BEC results in so-called invoice fraud where the company is approached by the scammers pretending to represent its contractor. The fraudsters send an e-mail message that seems to come from a legitimate address and provide the victim company with the bank details for the payments of future invoices. Everything looks like daily business, but the bank account is controlled by the fraudsters. Usually, the scammers are aware of when regular payments are due – the invoice fraud is often a consequence of being unknowingly infected in previous cyber-attacks (eg phishing or e-mail spoofing).

Once the cyber-attack appears, the key is to act not only internally but also externally by notifying the competent institutions (the Prosecutor/Police, but also CERT, Banks or General Supervisor of Financial Institutions). If the reaction is quick and efficient, you can stop the cyber-attack or even return the defrauded funds.

With no doubt, proper preparation and prevention of cyber-attacks is fundamental nowadays. We share with the clients our expertise and experience in cybersecurity.

Are there any legal standards governing whistleblowing in Poland, and how do they affect your compliance and internal investigations practice?

In the Polish legal system there is no general regulation concerning the issue of whistleblowing. The process of creating legal norms concerning whistleblowing in Polish law has begun only in recent years. For instance, banks or other financial entities are obliged to create an anonymous whistleblowing procedure for reporting irregularities within the scope of money laundering. More significant and complex provisions concerning whistleblowing are expected to appear in the Polish legal system in the near future. Legislative work is currently under way on a draft act on the protection of persons who report violations of the law. This is related to the obligation to implement EU Directive No. 2019/1937 of 23 October 2019 on the protection of persons reporting breaches of EU law.

At the moment, despite the lack of general regulations regarding the issue of whistleblowing and the nature of the whistleblowers’ reports, companies adopt internal policies and procedures under which they act on receiving such reports. The lack of a legal framework setting the boundaries of permitted activities does not prevent companies from adopting objective standards of operation. These standards are set for example by ISO 37301, which was created as a kind of signpost that allows companies to adapt to the dynamically developing regulatory environment. It identifies certain requirements necessary for an organisation to develop, implement, maintain and improve an effective compliance management system. In business, the awareness of risks related to compliance is constantly growing, which is why an increasing number of companies, as part of good practice, are deciding to conduct internal investigations in order to verify information on irregularities reported in whistleblowers’ reports.

What was the Covid-19 pandemic’s impact on the functioning of the enforcement authorities? What is the current situation?

The Polish judiciary system had never been famous for being fast and effective. The pandemic has only deepened the problems with efficiency. During the pandemic, investigations were conducted slower than usual due to health problems of personnel and preventative measures put in place against Covid-19.

The lack of a sufficient number of personnel is still the main obstacle to improving the efficiency of the enforcement authorities and also results in a decrease in the quality of investigations. Without a proactive approach from harmed parties, it is very likely that investigations will be conducted slowly and without the expected results. Many investigations might even be terminated due to lack of evidence.

Although the prosecution should seek evidence and gather it actively, reality shows that the common practice of the enforcement authorities is quite different and depends in many cases on the available number of personnel and other necessary resources.

A proactive approach, cooperation, and regular contact with enforcement authorities can facilitate the achievement of satisfactory results. The injured party should not leave the case without their own supervision. Consequently, entities should – especially in complex cases – actively support the enforcement authorities. For instance, during interrogations conducted in the frame of legal assistance (including abroad), a police officer or prosecutor usually allows the injured party’s attorney to attend and actually also expects them to lead the interrogation, because of the proxy’s knowledge of the conducted case.