The spread of criminal and regulatory laws into the corporate world has been underscored by a string of cases in the US and, more recently, the UK sparked by M&A activity. As a result, our transatlantic white collar crime defence and investigations group has seen an uptick in advising buyers and sellers on corporate transactions conducting targeted criminal and regulatory due diligence to assess and, if necessary, proactively remedy potential problems.

The stakes are high when buying or selling a business with criminal and/or regulatory issues. Buyers and sellers risk potentially damaging and long-running criminal and regulatory investigations. In addition buyers risk overpaying for an impaired asset and sellers risk future warranty claims and litigation brought by a purchaser.

Importantly, pre-sale and purchase due diligence benefits both buyers and sellers. Sellers conducting pre-transaction diligence can address issues and thus preserve value in a transaction. A buyer who identifies a concern during the run up to a transaction can (i) effectively weigh and address both remedial and preventative concerns when entering into a binding agreement and, importantly (ii) ensure the matter is dealt with in post-closing integration.

In view of the increasing enforcement risk we recommend all UK companies and executives engaging in US/UK M&A consider cross-border criminal and regulatory risks associated with target businesses. In particular, with the US famously taking an expansive view of its jurisdiction many non-US companies have learnt to their cost that US law enforcement has a long reach with significant adverse consequences if US laws are transgressed.

It is anticipated that strong US/UK M&A activity will remain in 2020 as the mists of Brexit uncertainty clear and some investment banks reportedly viewing UK stocks as undervalued. In parallel, we expect the trend of cross border criminal and regulatory specialists involvement in corporate transactions to likewise continue.

Targeted diligence by specialists is key

Accordingly, we recommend targeted and proportionate pre-transaction criminal and regulatory due diligence to minimise and/or avoid risk of enforcement and to ensure that post acquisition businesses are properly integrated.

Recent enforcement actions demonstrate that even where a law enforcement investigation is sparked by M&A activity, companies that identify problems in due diligence and take steps to deal with them (even in circumstances where misconduct continues post acquisition) are dealt with more favourably.

Conversely, where targeted and specific due diligence regarding possible criminal or regulatory risk is done poorly or not at all, there is heightened risk that a nasty surprise can emerge post closing. Worse, in the event that the subject matter is subsequently the subject of law enforcement investigation a lack of due diligence by the parties will be considered an aggravating feature when assessing any penalty resulting in larger fines.

Recent prominent areas of risk

While problems flowing from a lack of due diligence are as unnecessary as they are unwelcome, surprisingly there are plenty of cases. We have flagged some recent enforcement cases below that highlight the importance of criminal and regulatory due diligence and the integration of newly acquired businesses into a buyer’s compliance programme.

Notably, three particular areas of risk stand out (the examples below highlight them) namely, bribery, fraud and sanctions. It’s also worth noting that each of these can raise potential money laundering issues that in turn may trigger reporting obligations and/or criminal risk for failing to report for those involved in M&A in the UK.

Bribery: UK follows US lead

In 2019, after an 18-month SFO investigation, the seller of a company called Alca Fasteners was sentenced to two years imprisonment, was subject to confiscation of nearly £4.5m (and was ordered to pay the SFO’s costs of nearly £500,000). The action arose when, months after the closing of the acquisition, the acquirers of the company self-reported bribery they had uncovered to the SFO. The SFO press release reported that ‘to maintain the value of [the] company prior to selling it in 2017, [the seller]… lied to the purchasers… claiming that the company had not been involved in any unlawful conduct.’

Importantly no action was taken against either the buyer or the target company by the SFO, which noted in its press release: ‘the company and its new directors co-operated fully with the investigation, and no further action will be taken’.

Across the pond, US Foreign Corrupt Practices Act (FCPA) investigations following M&A activity have been a perennial.

As a result of the long history and broad scope of enforcement addressing such concerns, the US Department of Justice has an FCPA corporate enforcement policy regarding mergers and acquisitions.

The DOJ policy states, ‘… where a company undertakes a merger or acquisition, uncovers misconduct through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this policy (including… the timely implementation of an effective compliance programme at the merged or acquired entity), there will be a presumption of a declination’. A declination is a case that would have been prosecuted or criminally resolved except for the company’s voluntary disclosure, full co-operation, remediation, and payment of disgorgement, forfeiture, and/or restitution.

Both the DOJ and other regulators in the US have been involved in cases that illustrate these concerns.

Fraud: acquisition spawns transatlantic criminal and civil action

In an ongoing transatlantic saga, HP alleges that former Autonomy CEO Mike Lynch, and Sushovan Hussain, former Autonomy CFO, fraudulently overstated Autonomy’s value, resulting in Hewlett Packard overpaying by $5.1bn. The claims have resulted in ongoing civil litigation in the High Court in London with Lynch denying the claims. In the meantime, the US has filed a criminal indictment against Mr Lynch and he now faces extradition. In separate US proceedings Hussain has been found guilty of fraud. Whatever the outcome, the case highlights the potentially catastrophic consequences of not identifying a problem pre-acquisition.

Sanctions: US singles out M&A and leads the way

The US has led the way on sanctions enforcement to date with the UK efforts being somewhat muted. In 2019 the US Office of Foreign Assets Control (OFAC) specifically called out M&A as a risk area and took enforcement action on a number of cases following M&A.

The theme emerging from the OFAC M&A enforcement actions is that OFAC acknowledged and credited companies for conducting diligence attempting to prevent violations as well as ultimately disclosing the violations. If no diligence had been done OFAC penalties would have been much higher and failure to conduct diligence may have actually been viewed by OFAC as an aggravating factor in assessing penalty amounts.

Importantly in the 13 June OFAC settlement with Expedia (which involved subsidiaries acquired by Expedia post closing providing travel services to over 2,000 people to Cuba in violation of US regulations) OFAC specifically addressed the M&A as a risk saying:

‘This case illustrates the benefits persons subject to the jurisdiction of the United States … can realise by implementing corporate-wide compliance measures commensurate with their sanctions risks. US companies can mitigate risk by conducting sanctions-related due diligence both prior and after mergers and acquisitions, and taking appropriate steps to audit, monitor, train, and verify newly acquired subsidiaries for OFAC compliance… Foreign acquisitions can pose unique sanctions risks, to which a US person parent company should be alert at all stages of its relationship with the subsidiary.’

While targeted at sanctions violations, the statement has equal application to other similar criminal and regulatory laws.

In short, M&A criminal and regulatory due diligence undertaken by specialists and the integration of new businesses by buyers is critical. Parties who take insufficient steps do so at their peril.

In 2015 Denmark’s image as one of the world’s least corrupt nations came under scrutiny as Atea A/S, the Danish subsidiary of the Norwegian IT supplier Atea ASA, came under investigation for bribing several public officials employed in IT departments of various Danish public authorities, including the national police and the regional authority, Region Zealand.

The investigations eventually resulted in charges for bribery and embezzlement against Atea and four high-ranking Atea employees, as well as a number of public servants. The corrupt activities primarily consisted of lavish travel and hospitality being extended to key employees at the public authorities, such as dining at high-end restaurants in Copenhagen and all-inclusive trips to Las Vegas, Miami and Dubai.

In the end Atea was fined a total of about $2m, one of the highest criminal fines ever imposed on a legal person in Denmark. Several high-ranking officials in both Atea and Region Zealand were also convicted.

As a result of the conviction for bribery, Atea would be excluded from participating in public tenders for a period of four years, unless the company could demonstrate its reliability to contracting authorities by carrying out a self-cleaning process as prescribed by EU and national laws on public tenders. Our firm was appointed by the Danish Ministry of Finance to advise on the steps taken by Atea to ‘self-clean’, and ultimately whether Atea should be allowed to immediately re-enter public tender processes.

Like the rest of the EU, public procurement of most goods and services in Denmark must be carried out in accordance with the EU Public Procurement Directives, namely Directive 2014/24/EU, as transposed into Danish law by the Public Procurement Act.

Based on the Directive, Part 11 of the Act includes several exclusion grounds, some of which are mandatory, while others are facultative. Despite the apparent duty to exclude tenderers convicted of corruption, the rules do leave a backdoor open by introducing the possibility of carrying out a self-cleaning process. Effectively, s138(1) of the Act prevents contracting authorities from excluding a tenderer from participating in a tender procedure if the tenderer has put forward sufficient documentation to prove its reliability. Reliability is sufficiently documented if the tenderer has:

1. proved that it has paid or undertaken to pay compensation in respect of any damage caused by the criminal offence or misconduct;
2. clarified all relevant facts and circumstances in a comprehensive manner by actively collaborating with the investigating authorities; and
3. taken the technical, organisational and personnel measures that are appropriate to prevent further criminal offences or misconduct.

Whether the tenderer must put forward documentation regarding all of the above is determined on a case-by-case basis. However, the Act, like the Directive, does not specify the nature or extent of the documentation needed from the tenderer in any detail. Some guidance is, however, found in the preamble to the Directive, stating that the measures:

‘… might consist in particular of personnel and organisational measures such as the severance of all links with persons or organisations involved in the misbehaviour, appropriate staff reorganisation measures, the implementation of reporting and control systems, the creation of an internal audit structure to monitor compliance and the adoption of internal liability and compensation rules.’

The test should be whether the measures taken by the tenderer, when taken together, are suited to avoid the occurrence of similar offences in the future.

In Atea’s case, the evaluation came to focus on whether Atea had put forward sufficient documentation showing that the company had taken ‘appropriate technical, organisational and personnel’ measures to prevent future corruption. The evaluation was guided by four distinct factors:

1. The evaluation was carried out proportional to the gravity of the offences that were committed. In Atea’s case, the offences had been committed by high-ranking officials for a period of more than five years, factors which dictated that the company would have to meet a high threshold for self-cleaning to have taken place.
2. The evaluation would only focus on measures taken by Atea after June 2015, ie, the time after the relevant conviction and guilty plea. Our position was that actions taken before this time were clearly insufficient to prevent corruption.
3. The evaluation would not be based on the conclusions of the appropriateness of Atea’s measures made by others. In the documentation initially submitted to the Ministry, Atea placed high reliance on other external opinions to document its reliability, including a recent ISO certification acceptance to bid for UN procurements as well as an opinion by Deloitte Denmark. Deloitte had also acted as Atea’s adviser on the implementation of the company’s compliance measures aimed at preventing bribery, which, in our view, further reduced its relevance for our assessment. While these factors are relevant, a concrete assessment dictated that they were given limited weight.
4. Finally, the evaluation of Atea’s self-cleaning was based on international best practice for corporate compliance. We chose to base our assessment on the requirements of the UK Bribery Act, which Atea had also used as a benchmark in its own compliance work.

We are reluctant to summarise our assessments beyond the report itself, but will highlight some general observations from this assessment process in the following.

First, Atea’s approach to documenting reliability appeared to primarily focus on producing a large volume of documents of various formats, eg, codes, guidelines, process descriptions, training manuals etc, rather than mapping out convincing arguments that the effort had led to a sufficient degree of reliability in the context of the legal requirements for self-cleaning. In short, the focus generally appeared to have been more on documenting tangible output than underlying substance.

Secondly, Atea lacked thorough documentation in support of actual top-level commitment or cultural change in the organisation. Instead of focusing on providing management presentations as well as proof of internal compliance events, Atea could have created an employee survey, documenting the views and actual experience of cultural change as perceived by the employees of Atea. The lack of credible documentation in this area posed a significant weakness to Atea’s demonstration of reliability.

Thirdly, we found that certain aspects of the assessment would not be possible to document with any level of accuracy by Atea. This was particularly the case for the assessment of the appropriateness of the personnel measures taken, such as whether persons that had been involved in the corruption should have been removed from their positions, or from Atea entirely. The assessment became particularly difficult, since parts of the management personnel might have known about the illegal practices but at the same time demonstrably worked actively to terminate them. Generally, we found it prudent to show restraint in connection with making these conflicting considerations on the behalf of Atea.

Despite the shortcomings in Atea’s documentation, we concluded that Atea had documented reliability in the context of s138 of the Act, and consequently should not be excluded from participating in future tenders. In our conclusion, we emphasised that Atea had undertaken a multitude of initiatives and concrete actions to improve its compliance system, particularly with respect to anti-corruption.

By introducing the concept of ‘self-cleaning’, the European legislators had opened a ‘back door’ for organisations that would otherwise face debarment because of corruption and other serious corporate criminality. A back door that arguably may depend more on financial and organisational resources to undertake a rigorous self-cleaning, than actual willingness to change and undergo the necessary cultural change. We understand this concern, which could be alleviated by stringent, clear-cut rules to be applied uniformly throughout the EU. The current reality is, however, very different, as expressed in the preamble to Directive 2014/24/EU:

‘… it should be left to member states to determine the exact procedural and substantive conditions applicable in such cases. They should, in particular, be free to decide whether to allow the individual contracting authorities to carry out the relevant assessments or to entrust other authorities on a central or decentralised level with that task…’

In addition to the procedural flexibility expressed in the preamble, the criteria for determining reliability are themselves discretionary by nature. The almost inevitable result is that the assessment of reliability following self-cleaning comes to vary significantly between the EU countries.

Based on our information, Atea had invested very substantial resources into the self-cleaning prior to actually submitting the documentation, and during our assessment process, which lasted several months, Atea’s tendering activity ground to a virtual halt. The lesson for the in-house lawyer is clear: beyond the damaging criminal and reputational consequences of a corruption case, a self-cleaning process is extremely costly and time-consuming, even at top-management level. The outcome is uncertain, and even if re-entered to tender, the business will ultimately suffer.

Money laundering represents one of the key challenges in the fight against serious crime, especially considering its stealth nature as well as its cross-border dimension. There is an underlying link between money laundering and other crimes, such as corruption offences, human trafficking, drug trafficking or the financing of terrorism. One of the most significant and alarming issues to be taken into consideration is that money laundering supports the development of other serious criminal activities and also allows and encourages the growth of organised crime enterprises.

Romania, as a member state of the European Union, is committed to taking the required measures to prevent and tackle this form of criminality, by transposing the EU’s relevant set of directives and adopting a national legislation meant to limit the development of money laundering and the financing of terrorism.

Even before acceding to the EU, the Romanian state had ratified the 1990 Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime, followed by the ratification of the comprehensive 2005 Council of Europe anti-money laundering (AML) and counter-terrorist financing (CTF) Convention.

If Romania and every other state were to succeed in creating an integrated system providing effective mechanisms to hinder money laundering operations, aiming at eventually rendering them impossible, it would undoubtedly deprive the criminal world of one of its most prolific instruments for illicit gains. Essentially, having an efficient legislation on preventing and combating money laundering may determine the decrease of criminality levels.

Rationale behind the newly-adopted Romanian AML legislation

Seventeen years since the last AML law was adopted a new piece of legislation, namely Law no 129/2019 on preventing and combating money laundry and terrorism financing as well as for amending and supplementing certain legal acts (the 2019 AML Law), was adopted in Romania. Enacting this new law was a necessary step to transpose relevant EU secondary legislation, namely: (i) Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) no 648/2012 and repealing Directive 2005/60/EC and Directive 2006/70/EC (the AML 4 Directive) and (ii) Directive (EU) 2016/2258 amending Directive 2011/16/EU as regards access to anti-money-laundering information by tax authorities.

Romania, as with all EU member states, must incorporate the EU directives into national legislation accordingly and in a timely manner, under penalty of possible infringement proceedings. It is perfectly conceivable why the EU should manifest such keen interest in establishing a unitary AML regulation in the member states, given the fact that money laundering can deteriorate the stability and integrity of the financial sector and can threaten the EU’s internal market.

Enhanced obligations regarding the disclosure of beneficial ownership information The 2019 AML Law brings about numerous changes and supplements compared to the old legislation. One of the most significant improvements relates to the ultimate beneficial owner (UBO). The UBO is defined by law as any natural person who ultimately owns and controls the client or the natural person on whose behalf a transaction, an operation or an activity is performed. UBOs are natural persons that manage, control or benefit from a legal person and they may be identified in accordance with the legal criteria provided in a non-exhaustive manner.

It is well known that money laundering can be committed in numerous ways: through cash transactions, bank accounts, electronic bank transfers, external operations, credit operations or investment-related transactions. Given this diversity, it may prove extremely difficult, if not virtually impossible, to eradicate the phenomenon.

However, a step forward in this direction was made by establishing an obligation, pursuant to the 2019 AML Law, incurring on privately-owned legal persons and the fiduciaries registered in the territory of Romania, to obtain and hold adequate, correct and up-to-date information on their UBO and to make them available to the supervisory and control authorities upon request.

The recipients subject to the 2019 AML Law must provide information relating to the UBO to the reporting entities in the following instances: (i) if they, acting as fiduciaries, establish a business relationship or carry out an occasional transaction where the value exceeds the threshold provided by law as well as (ii) if the reporting entities carry out ‘know-your-client’ proceedings.

Moreover, the legal persons must submit annually, or whenever a change occurs, a statement regarding the UBO, in order to be registered with the appropriate Central Registry of UBOs (set up under the National Trade Registry Office for legal persons registered with the trade registry, the Ministry of Justice for associations and foundations and the National Tax Administration Agency for fiduciaries). The legal persons concerned, through their legal representative, are required to submit a written statement indicating the identification data of their UBO within 12 months of the date of entry into force of the 2019 AML Law.

Since the purpose of money laundering is to conceal the illicit origin of assets or monies, this legal measure makes it easier for the criminal investigation bodies to identify who benefits from the proceeds of crime. This measure has a preventive function as well, considering the transparency conveyed by the public records in this respect.

These obligations would be obviously ineffective without a sanction. Thus, the Romanian lawmaker provided that failure to comply with the obligations referenced above incurs liability for contraventions (notwithstanding the circumstances where they have been committed so as to constitute criminal offences), the persons found liable being subject to a warning or a fine.

Strengthening the legal framework with respect to UBOs creates greater transparency, which is a sine qua non condition for AML/CTF control.

These provisions are also in accordance with the Financial Action Task Force (the FATF) AML/CTF recommendations, which emphasise that countries need to take proper measures to ensure that the authorities have access to accurate and timely information pertaining to the UBOs in order to prevent the misuse of legal persons for money laundering or terrorist financing.

Preview of future legal action

Through the 2019 AML Law, which is in accordance with the AML/CTF European trends and international standards, Romania provided the criminal investigation bodies with new legal instruments to work with in identifying the perpetrators of this category of offences.

For law enforcement bodies to benefit from efficient measures to combat money laundering, legislation needs to be constantly updated so as to anticipate the new ways in which the criminals may act. Having an economic dimension and an important influence on the stability and integrity of the financial sector, it is paramount that lawmakers take into consideration the contemporary financial instruments.

As such, in order to respond to present challenges, the European Parliament and the Council have adopted the fifth AML Directive, namely Directive (EU) 2018/843 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU. This act enhances the AML 4 Directive, adding provisions, among others, referring to cryptocurrencies, a topical issue in contemporary society. The EU member states, including Romania, have an obligation to transpose its provisions until 10 January 2020.

As the mechanisms of money laundering continue to become increasingly more sophisticated, Romania, as well as all other states, has a duty to continuously adapt its legislation to the new challenges arising from the money laundering phenomenon, in order to improve its chances to efficiently fight against it.

Quotes: ‘Money laundering is for drug dealers and terrorists. We do not have any exposure’; ‘We have never checked against AML lists. Competitors don’t do it. Why would we?’; ‘Lawyers just don’t understand business. That’s just scare tactics’; ‘Yeah, we do have compliance. They don’t generate any revenue’; ‘We here in compliance can preach. But we cannot stop business.’

If these quotes sound familiar, you are in good company. They come from CEOs, legal counsel and CCOs of German companies, very visible corporations as well as hidden champions, big and small alike, and show a noteworthy underappreciation of the pitfalls companies face. But also of the opportunities they have.

The European Commission has recently pledged itself to further tackle money laundering as it feels the Financial Intelligence Unit as well as Europol have not been successful enough in fighting money laundering. That, against the backdrop of 2017’s AMLD4 and 2018’s AMLD5 (that will take full effect in January 2020) which require much from all kinds of companies (including SMEs). Germany has adopted the directives (AMLD5 will be implemented through a new AML Act by the end of 2019).

Money laundering in Germany is a criminal offence that has been around for quite some time now and has hardly been fiercely enforced by investigators. Partly because their ability to uncover money-laundering schemes have been limited by data protection legislation and weakly-recognised reporting obligations. This is changing rapidly, as AMLD4 and 5 have created a tight system of compulsory mechanisms within companies that will make money laundering much more likely to come to light.

When we think money laundering, we most commonly think of organised crime and terrorism. That is what he criminal offence was meant to address in the first place, when it was introduced in 1995. However, nowadays you will have committed money laundering when you at least help concealing proceeds of crimes from trafficking and the like, but also fraud, theft, tax evasion, patent law offences, capital market offences and many others. The nasty part here is: you do not even have to know that something you accept from another person stems from criminal activity, as long as you at least negligently assess its origin. If you could at least have known that your business partner got his money from one of those crimes (think tax evasion eg), and you accept it nevertheless, you could be guilty of money laundering and therefore be charged.

Probably many people will be surprised by the scope of the offence but still think ‘We never had a criminal investigation. Why should it happen to us now?’ (or along those lines). That is, of course, what most of our clients have thought before they were raided by prosecution. And given that the (just the German) Financial Intelligence Unit has multiplied its personnel (by a factor of 20 just within 2019) along with the fact that AML obligations within companies have become much stricter through AMLD 4 and 5, this attitude does not show a proper risk assessment that is fit for the future.

Denominators and trends

Thinking AMLD 4 and 5, almost everyone will know of the €10,000 cash threshold (used to be €15,000). Accepting cash above that line will trigger AML obligations, among which are identification of business partners, documentation, etc. Many will also generally know when they have to file SARs (Suspicious Activity Reports) and what KyC-measures (Know your Customer) have to be taken and when. But did you know that most companies under the new AML laws will have to have a continuous risk assessment? Did you know that there is a risk of personal liability for AML officers but also for board members as well as low-level employees if the company fails to have a proper AML compliance system?

It is not only AML laws that are about to change. One hot topic in Germany right now is the introduction of a proposed corporate criminal liability. The bottom line for AML cases – very different from criminal investigations in the past – is this: German criminal law will widen its extraterritorial reach. Companies will be prosecuted in Germany if their employees and some of their business partners commit a business crime in another country. Even if the company (especially the board) itself did not know of the crime. Also, the principle of legality will be introduced for the prosecution of companies. That means that prosecutors will have to investigate. There is no leeway. They will have no choice but to prosecute.

AML usually comes in three steps. Placement (where you mix clean money with dirty money), layering (when you move money around to disguise its origin), integration (where you spend the money on luxurious, expensive items). AML legislation aims at these three steps. Investigators see trends here: according to a recent Europol AML report, two of the most important issues for AML in the near future will be the use of shell corporations in real estate and the use of crypto currencies (both addressed explicitly in AMLD5). The former gets its claim to fame from the so-called Panama Papers. The well-known scandal showed the use of shell corporations that have been established in, for example the Cayman Islands. Those companies get loaded with money and then buy expensive real estate without having to apply for a loan at a bank. Therefore, they avoid bank scrutiny and the AML mechanism of integration can be effectively handled. The latter is easily explained, too. If you have a piece of code (crypto currency) that is worth a lot of money and can be transferred to anyone in the world without the use of banks, the supervisory and reporting function of the banking system cannot take effect and therefore the ‘layering’ aspect of money laundering becomes very easy.

Good measure and best practice

However, the problem for most companies will not be willing participation in a money laundering scheme. But what if prosecution believes you should have known, and you negligently did not know, that money you accepted resulted from a criminal offence? We need to realise that any company can (unwillingly) be used for money laundering by criminals. And if the company then failed to file an SAR – even negligently – it will have committed an offence (either criminal or administrative, both can be costly). If, for instance, one of the debtors starts paying from an account that belongs to another company – with no known affiliation to the debtor – that will raise a red flag. There are many of those scenarios that have to be flagged in any given company and therefore would call for an SAR.

This is where good compliance management really comes into play. It should be competent enough to reduce the risk of (negligently) falling for an AML scheme. AMLD 4 and 5 present rather specific obligations that the CMS would have to abide by, as does the AML Act 2018.

In this lie opportunities: A company who is demonstratively a ‘good corporate citizen’ will not only be better at preventing AML offences. They will also have a proper edge vis-à-vis business partners who require good compliance, as well as vis-à-vis prosecution who must be able to trust in the company’s sincerity at being compliant. Part of every compliance management must be to know all the risk scenarios a prosecutor would look into and train staff accordingly. It takes a lot of experience to find the right risk scenarios for any given company and also assess their likely impact. But in this day and age, closing one’s eyes to the problem is not an option. You cannot hedge a problem if you do not know exactly what kind of exposure you really have.

‘Breach of trust’, an equivalent to ‘Untreue’, ‘abus de confiance‘ or ‘abuse of position’, is a typical white-collar crime in Greece and the main source of criminal liability risk for the boards of directors (BoDs), CEOs and other officers holding a position of trust within a corporation. Hence, the recent amendments to the actus reus of the offence and the procedural requirements for its prosecution are of paramount importance.

By virtue of the previous Criminal Code (abolished 1 July 2019), the actus reus required that the offender being entrusted, either by law or by agreement, with the management of another person’s property knowingly caused a loss to such property. Personal gain is not a prerequisite.

In the majority of cases, prosecution for this offence refers to the BoDs and/or the managing director or other officers entrusted with the financial management of a company.

The ‘minimal’ actus reus, in combination with the non-requirement for a criminal complaint by the alleged victim to start criminal proceedings, had rendered breach of trust an efficient alternative for prosecution of cases where corruption was hard to prove.

Over the years, numerous BoD members of companies/multinationals active in Greece, banks and other organisations in the financial sector have experienced long-lasting trial hearings, trying to prove before court that they took all measures available to safeguard the property entrusted to them. In cases where ‘breach of trust’ referred to a risk-taking activity, it was difficult for criminal courts to draw a line between the acceptable risk, which is inherent in the management of a company, and criminal behaviour.

Both literature and case law have acknowledged this difficulty and suggested additional criteria: for the actus reus of the offence to be met, two further elements should be present: ‘breach of diligent management rules’, and ‘certainty’ that losses actually occurred. When the Greek Penal Code changed, it was the right time to explicitly introduce these elements into the provision.

Indeed, on 1 July 2019, the Greek Penal Code, already 69 years old at the time, was replaced by a new Penal Code introducing a radical reform. Numerous provisions were amended and others were abolished. Since then, additional amendments have been made. The Greek criminal law is changing and the well-established literature and case law are to be seen from a fresh perspective.

The new provision on breach of trust requires that the losses incurred result from a breach of diligent management rules and are defined with certainty.

The business judgement rule is a helpful guide to determine whether there is a breach of diligent management rules. Article 102 of the Greek Law 4548/2018 on the societes anonymes provides that the officers and directors are immune from (civil) liability to the corporation for reasonable business decisions, so long as the transactions are made in good faith, on the basis of sufficient information, and in protection of the corporation’s interests.

Hence, in the case of charges referring to a decision which is considered to be (ex ante) imprudent, a first line of defence for the BoD would be that it acted in accordance with the standard procedures and chose among multiple alternatives, which seemed reasonable at the time.

Even if ‘breach of diligent management rules’ is confirmed, it can only establish criminal liability if it is proven that it led to a loss-making decision and such losses are defined with certainty.

Apart from the above additions in the actus reus of the offence, there was also a two-step amendment to the procedural requirements for its prosecution.

The new Criminal Code provides that if breach of trust is a misdemeanor, ie referring to losses below the threshold of €120,000, it is prosecuted only following a criminal complaint by the alleged victim. This means that, if breach of trust turns against a legal entity, the latter (not its shareholders or any other third party) has the discretion to decide whether it wishes to start criminal proceedings against its BoD, managing director(s) etc. The authority to take such decisions is granted to the BoD and may be further delegated to third persons.

On the contrary, prosecution for felonies (breach of trust leading to losses exceeding €120,000) starts ex officio; in other words, even if the company decides not to start criminal proceedings the prosecutor may initiate such proceedings on their own motion.

The legislator took into consideration that the management of a company could be reluctant to incriminate themselves or the former members of the board and decided that it would be more prudent to leave this initiative to the prosecutor.

This provision gave rise to serious concerns, on the grounds that any third person could bring to the knowledge of the prosecutor allegations of breach of trust against the management of its competitor or counterparty, aiming at weakening their position, as was the case up to then.

More importantly, the banking sector protested, stressing that any decision to restructure a loan or to sell non-performing loans to investors would typically appear to be loss-making (although the alternatives could create even greater losses), thus exposing the banks’ management to criminal liability.

In view of the above concerns, the above provision was re-amended. As of 18 November 2019, breach of trust against financial/credit institutions and organisations in the financial sector is prosecuted only upon a criminal complaint by the alleged victim (ie, the company). For cases already pending before the prosecutor, a specific provision was introduced prescribing that the above organisations may declare within a time period of four months from the time the new law was issued (ie, starting on 18 November 2019) that they wish criminal proceedings to continue.

This latest amendment on breach of trust was welcomed by the financial sector. On the other hand, it is subject to criticism as it refers only to the entities of this area, excluding all other private sector companies. Time will show whether this amendment in its limited scope was the right choice.

Throughout 2019, the US Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) continued to actively investigate and prosecute individuals and corporations under the Foreign Corrupt Practices Act (FCPA) for suspected involvement with political corruption and/or bribery around the world. The US implemented further aggressive measures to fight corruption, including economic sanctions administered by the Office of Foreign Assets Control (OFAC), and civil actions by the US Federal Reserve Board and the Commodity Futures Trading Commission (CFTC).

In addition, US anti-corruption agencies released new guidance to further clarify what the US expects from companies with respect to self-reporting, co-operation, and corporate compliance.

The US FCPA enforcement against corruption

In 2019, the DOJ and the SEC announced more than $1.5bn in corporate settlements of FCPA matters. The DOJ criminally charged individuals and corporations for FCPA violations in connection with the bribery of foreign officials in or from countries such as Brazil, Ecuador, Mexico, Venezuela, Barbados, Haiti, Spain, Russia, Serbia, Bosnia, China, India, Malaysia, Micronesia, Uzbekistan, Saudi Arabia, Morocco, Angola and Mozambique. As in past years, the DOJ focused on corruption in the energy industry. However, it also directed its efforts to other industries such as banking, telecommunications, technology, travel and entertainment and medical devices.

In addition, US courts rendered a number of decisions regarding the scope of the FCPA that will have future ramifications for FCPA prosecutions.

First, in US v Ng Lap Seng [2019], No 18-1725-cr (2d Cir Aug 9, 2019), affirming conviction in an UN-related scheme, the US Court of Appeals for the Second Circuit declined to limit the scope of the FCPA by applying the limitations previously established by McDonnell v United States [2016]. In McDonnell, the US Supreme Court unanimously held that a US public official violates the US federal bribery statute 18 USC §201 only when the thing of value was offered or provided in exchange for an ‘official act.’

Second, in Cicel (Beijing) Science & Technology Co v Misonix Inc [2019], the US District Court for the Eastern District of New York held that documents related to FCPA internal investigations conducted by external counsel are protected under attorney-client and attorney work product privileges and could be withheld from a competitor that sought documents related to the defendant’s internal investigation in a suit claiming unfair competition and other civil causes of action.

Third, in US v Dimitry Firtash and Andras Knopp [2019], a federal judge in the Northern District of Illinois denied a motion to dismiss expressly disagreeing with United States v Hoskins [2018], wherein the Second Circuit held that criminal liability under the FCPA should not apply to a non-resident foreigner if the crime was not committed within the US and the individual was not an officer, director, employee, or stockholder of an American company, or otherwise had no agency relationship with a US person.

Lastly, in US v OZ Africa Management GP, LLC [2019] the US District Court for the Eastern District of New York recently held that, under certain circumstances, the Mandatory Victims Restitution Act (MVRA) applies to FCPA cases. Specifically, the Court ruled that the investors of a company that pleaded guilty to one count of conspiracy to violate the FCPA qualify as victims under the MVRA and requested supplemental briefing to determine the appropriate amount of restitution.

Non-FCPA actions against corruption

First, in 2019 the US government continued using economic sanctions to fight corruption. Notably, President Donald Trump expanded OFAC’s programs of sanctions related to countries that are believed to be under corrupt regimes, including Cuba and Venezuela. As a result, the number of transactions affected by sanctions substantially increased.

OFAC also sanctioned a number of individuals and companies under the Global Magnitsky Sanctions (GLOMAG), including nationals from Mexico, Turkey, and South Africa for their alleged involvement in corruption issues. Pursuant to GLOMAG, OFAC may block the assets of foreign persons and entities believed to be involved in serious human rights abuses or corruption in any foreign country, as well as those who assist or provide material support, including goods and services, to the designated persons or the targeted activities.

Second, federal agencies that traditionally are not under the watch of international corruption, announced actions against it. On 21 February 2019, the Federal Reserve Board permanently barred a former investment banker from the banking industry for improperly offering employment opportunities to individuals referred by foreign officials. Similarly, on 6 March 2019, the CFTC announced that it had open a number of investigations involving foreign corruption in violation of the Commodity Exchange Act, and issued a new enforcement advisory creating a leniency program for companies and individuals who co-operate and self-report corrupt practices to the CFTC.

New compliance guidance

On 8 March 2019, the DOJ announced several revisions to its FCPA corporate enforcement policy, clarifying the requirements for companies to receive full credit for timely and appropriate remediation of FCPA violations. For example, under the revised policy, companies no longer need to strictly prohibit employees from using WhatsApp and other software that generates but does not appropriately retain business communications. Companies are now required only to implement appropriate guidance and controls on this type of software.

On 30 April 2019, the DOJ published its Evaluation of Corporate Compliance Programs, with further guidance on how prosecutors evaluate the effectiveness of corporate compliance programs. In it, the DOJ provides companies a new set of 61 factors, in the form of questions, that prosecutors will consider: ‘in making informed decisions as to whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution.’

On 2 May 2019, OFAC issued its Framework for OFAC Compliance Commitments presenting OFAC’s new recommendations for the design, implementation and update of Sanctions Compliance Programs (SCPs). In it, OFAC set forth the most important factors for assessing an SCP’s success in preventing violations to the regulations and sanctions that are administered by OFAC. OFAC’s guidelines also describe the circumstances that frequently cause SCPs to fail.

Lastly, on 20 November 2019, the DOJ released additional revisions to its FCPA corporate enforcement policy. For example, the DOJ clarified that, to qualify for voluntary disclosure credit under its policy, companies are not expected to disclose all relevant facts at the time of a voluntary self-disclosure. Instead, companies are required to disclose facts known to them only.

Conclusion

In 2019, the US continued to actively fight corruption around the world through criminal and civil penalties, and economic sanctions against individuals and companies believed to be involved in such activities.

In addition, a number of US agencies released additional guidance that will likely require organisations subject to US jurisdiction or that conduct business in or with the US, US persons, or using US-origin goods or services, to update their corporate compliance programmes.

In France, the fight against the great scourges that are corruption, misappropriation of public funds and more generally white-collar crime has led to the emergence of non-governmental organisations (NGOs), constituted in the form of associations, who play the role of public accusers, a role traditionally held by the state prosecutor but without being subject to the same rules of procedure or conduct.

Similar to the state prosecutor, they are involved in prosecutions and, more generally, in trials in France.

French lawmakers were previously reluctant to share (with those private organisations) the state prosecutor’s monopoly in representing the public interest, and it was not until 1972 that they authorised various associations to act and/or to intervene in criminal cases to help sanction offences were they are not directly the victim.

Noting this reluctance, the criminal division of the French Cour de Cassation has often adopted a surprisingly extensive interpretation of the French Criminal Procedure Code, and has ruled that the civil actions by those associations are admissible in many cases.

The actions brought by those associations in white-collar crime cases have been welcomed by the media and the public, but have created a certain unease among French legal practitioners. The collective interest that they allegedly defend is hard to distinguish from the public interest. Some authors dispute the legitimacy of these so-called ‘private accusers’, these ‘pseudo-public prosecutors’, these ‘moralists’ that break the state prosecutor’s monopoly and jeopardise criminal proceedings.

Judgments rendered until 2016 reflected the power of pressure groups. One of the most symbolic judgments was in the ‘ill-gotten goods’ case regarding assets held in France by African leaders. The court ruled that Transparency International France could be a civil party in the investigation for misappropriation of public funds, money laundering, misuse of company property, breach of trust and handling stolen goods ‘because of the specific nature of the goal and purpose of its mission’ (Crim, 9 Nov 2010). That decision even encouraged the French law makers to change the law in 2013, introducing a new provision authorising these associations, if provided for in their articles of association, to engage in the fight against corruption (Article 2-23 of the French Criminal Procedure Code, introduced on 6 December 2013).

However, these associations have not limited themselves simply to cases of corruption (the offence that formed the basis of their authorisation to act in legal proceedings). They have gone beyond that authorisation and have intervened in a wide range of areas including political contributions, financing of terrorism and misuse of company property. In 2018, Anticor was involved in 66 cases (Anticor 2018 activity report, page 4). Sherpa – another association aiming to combat corruption, which focuses more on offences outside France – has also been involved in many cases such as VINCI Russia/Qatar, Samsung France and Lafarge.

Faced with this judicial activism, the French Cour de Cassation has toughened its position and has stopped NGOs from acting in proceedings in which they were previously involved but that fell outside of their authorisation to act (Crim, 11 October 2017; Crim, 31 January 2018; Crim, 17 April 2019). This change should be strongly approved, since it makes clear that NGOs cannot under any circumstances act as a substitute for the public prosecutor’s officers in relation to a prosecution.

However, NGOs have identified another area in which they can take action.

The French act of 9 December 2016, known as the Sapin 2 Act, created the CJIP (convention judiciaire d’intérêt public), a French version of a deferred prosecution agreement, allowing the public prosecutor to reach a settlement with a company indicted on counts of corruption, influence peddling, tax fraud, money laundering and any related offence. A CJIP, which cannot be formed with natural persons, has the effect of ending the criminal proceedings if the company indicted fulfils its obligations under the agreement, including the payment of a public interest fine (which cannot exceed 30% of the company’s average annual revenue). To date, seven CJIPs have been signed. However, certain anti-corruption associations are using these agreements (published online) to initiate criminal proceedings against the executives of the companies involved, when the public prosecutor has decided not to prosecute.

Abrupt changes in approach and contradictions in case law, such as those described in this article, are a well-known feature of the French criminal justice system. Currently, France’s highest court seems determined to curtail the NGOs’ powers in relation to criminal proceedings. As a result, companies should not hesitate to oppose to unlawful actions brought by these organisations and to seek their exclusion from criminal proceedings.

The authors of this article obtained the precedent-setting rulings that excluded Anticor from the Bygmalion case in 2018 and Sherpa from the Lafarge case in 2019.

Following up on our previous article regarding internal investigations in Italy, issues that arise when the internal investigation concerns a white-collar crime are also worth addressing. When there is knowledge (or suspicion) that a crime has been committed within a company and a criminal proceeding is pending (or may be brought), internal investigations become particularly important and sensitive.

In these instances, an internal investigation, if both proper and timely, allows the company not only to preserve documents and information, but also to consider defence strategies or, depending on the circumstances of the case, remedial programmes and/or self-reporting actions.

In practice, at the outset the company should carefully assess the structure and scope of the investigation.

In principle, the company can opt for investigations that are not governed by specific statutory rules (standard investigations) or for ‘defence investigations’ pursuant to the procedural rules in Articles 327-bis and 391-bis to 391-ter of the Italian Code of Criminal Procedure.

While standard investigations can be carried out by both in-house and external counsel, only external counsel formally appointed for the purposes of pending or prospective criminal proceedings are entitled to carry out defence investigations. Defence investigations must be conducted and documented following specific statutory requirements. In particular, witness interviews require a formal invitation and explanation of the interviewee’s rights (eg, right to remain silent) and duties (eg, obligation to tell the truth); and the interview must be minuted verbatim and/or tape-recorded.

Defence investigations not only offer stronger protection of legal privilege, but they also allow counsel to use the results of the investigation as admissible evidence in the pending or prospective criminal proceedings. The difference with standard investigations is particularly evident when considering witness statements. In contrast to standard investigations, if information is gathered in accordance with the procedural rules of defence investigations, the statement can be then (i) produced as evidence during the public prosecutor’s investigations or at the preliminary hearing, and/or (ii) used to challenge any different account that the interviewee may provide if examined in the trial.

There is no clear-cut answer to the question of whether one option should in any case be preferred. The answer will depend on the overall context of the specific case and ultimately on the purpose of the investigation (eg, whether the investigation is essentially a fact-finding exercise or whether the primary goal is to secure evidence in pending or prospective criminal proceedings).

Another related issue that must be addressed at the outset of the investigation is whether the purpose is to conduct an independent, impartial assessment or to gather evidence in support of the defence.

Under the Italian legal system, there is no requirement or expectation that an internal investigation is impartial. Indeed, with respect to defence investigations it is quite the opposite, since Article 327-bis of the Italian Code of Criminal Procedure empowers criminal counsel to conduct investigations aimed at collecting evidence supporting the defence.

As discussed above in relation to the structure of the investigation, the choice will depend on the specific circumstances of the case (eg, whether the company’s primary need is to defend itself and its managers in a criminal proceeding or to carry out a full-fledged assessment of potential misconduct and then determine whether to implement remedial actions, such as strengthening internal controls, taking action against personnel involved or, potentially, reporting to authorities).

Furthermore, having to deal with white-collar crime and conducting related internal investigations raises issues of compliance with data protection legislation. Obviously, conducting internal investigations entails processing of personal data of the individuals involved. Therefore, compliance with data protection rules (such as those concerning the legal basis applicable to the data processing, the information that data subjects must be provided with, data security, retention periods and so on) has to be ensured in this context.

The applicability, starting from 25 May 2018, of EU Regulation 2016/679 (GDPR) increased the relevance of data protection issues, particularly due to (i) the magnitude of the fines applicable in the case of non-compliance, and (ii) the data subjects’ increased awareness of their rights under data protection legislation.

It is important to point out that Italian legislation that amended the Italian Privacy Code after GDPR came into force confirmed a provision pursuant to which personal data processed in violation of data protection legislation ‘cannot be used’ (unless, if used in court, applicable procedural rules provide otherwise).

On a different level, the commission of a crime could directly affect personal data, when it causes ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data […]’ (ie, a data breach pursuant to Article 4(12) of the GDPR). This may be particularly common when cyber crimes are at issue. In this respect, data protection requirements impose to put in place adequate security measures based on the standards set out in the GDPR. To this end, pursuant to Article 32 of the GDPR, the technical means and the overall organisation of data processing must ensure an appropriate level of security for personal data, which must be assessed based on the risks of potential breaches. Therefore, the risks to confidentiality, integrity and availability of personal data have to be considered in advance, in order to design and implement adequate safeguards, which must apply throughout the whole data processing chain. In particular, third-party vendors must be selected carefully after conducting a review, and audits where necessary, of the adequacy of their security arrangements.

EU regulators and, in certain cases, the affected individuals, must be promptly notified of data breaches that qualify as relevant under the GDPR (Articles 33 and 34). However, with respect to data breaches originating from the commission of a crime, this notification should ‘take into account the legitimate interests of law enforcement authorities where early disclosure could unnecessarily hamper the investigation of the circumstances of a personal data breach’ (Recital 88 of the GDPR). As the Article 29 Working Party noted, this may mean that, in certain circumstances, and on the advice of law enforcement authorities, communication of a data breach (particularly to the affected individuals) may be delayed until such time as it would not prejudice such investigations.

White-collar crimes have not only increased in scale but have also become increasingly sophisticated. Individuals, companies, and financial institutions have been outflanked by criminal attacks. Furthermore, with advancing technology and complex transactional structures, the proceeds of white-collar crime have become easier to dissipate and move. Accordingly, alongside combating the criminals, finding new and effective ways to trace, secure, and recover assets is now firmly at the top of corporations’ agendas.

This article elaborates on the current legal framework applicable under Turkish law on asset recovery from a criminal and civil law perspective. It aims to address different advantages and outcomes for the victim.

Confiscation in criminal proceedings

Confiscation is regulated under the Criminal Procedural Code (CPC) in respect of immovable assets, rights and receivables, derived from white-collar crimes, including: theft, aggravated theft, breach of trust, fraud, fraudulent bankruptcy, forgery of money, forming an organisation in order to commit crimes, fraud in fulfilling of obligations, bribery by force, bribery and embezzlement as defined in the Banking Act (Articles 22/3 and 4). Even before establishing guilt, immovable assets, rights and receivables can be confiscated during a long-lasting criminal investigation or proceedings to protect the victim from any further harm.

Obviously, this legislative approach works both as a deterrent to white-collar crimes and as a protection for the victim. The mechanism simply eliminates the potential economic benefits of the crime and can be used to prevent criminals moving the proceeds out of reach.

Whether the respective provisions and confiscation procedure can be implemented effectively is the real test of whether this mechanism can deliver its promise in practice.

Article 127 of the CPC sets out that confiscation of assets can be ordered by the criminal court; however, in matter of urgency, the public prosecutor, or, in their absence, the head of law enforcement can also issue an order. In the latter case, the confiscation order would only be of a temporary nature – within 24 hours, a court order approving the public prosecutor’s or head of law enforcement’s order is necessary.

According to Article 128 of the CPC, although finding of guilt is not a condition, confiscation can be used only in the presence of strong suspicion on commission of crime and concrete evidence that such relevant assets are the proceeds of the alleged crime.

Article 128 allows confiscation of the followings owned by the suspect or accused:

a) Immovable assets

b) Transport vehicles of land, sea or air

c) All kinds of accounts in banks or other financial institutions

d) All kinds of rights and credits by real or juridical persons

e) Negotiable instruments

f) Shares in corporations or companies

g) Contents of a rented safe

h) Other assets belonging to the suspect or accused

The same provision sets forth a prerequisite for confiscating the assets, according to which, a report, indicating the value attained from the crime, should be obtained from the Banking Regulation and Supervision Agency, Capital Markets Boards of Turkey, Financial Crimes Investigation Board, Ministry of Treasury and Finance, or Public Oversight, Accounting and Auditing Standards Authority, whichever is relevant. The competent administrative authority is obliged to prepare this report within a maximum period of three months, although an extension of two months can be granted if required in exceptional circumstances.

This final prerequisite renders this mechanism self-evidently disadvantageous for the victim, since during the long-lasting period attributed for obtaining the report, the suspect might easily move the proceeds of crime.

Regardless, if confiscation is successfully implemented, the confiscated assets can be returned to the victim, so long as these are originally owned by the victim and are no longer needed as evidence in criminal proceedings.

Provisional seizure and provisional injunction in civil proceedings

Cumbersome procedure, proving that the assets are proceeds of the alleged crime and potential time loss in confiscation in criminal proceedings would inevitably force the victim to develop more effective strategies and alternative mechanisms for seeking out recovery of assets. Another motivation to move to civil proceedings could be the inability to locate the whereabouts of the suspect especially in crimes with cross-border elements involved, whereby different methods may be applied to notify the absent suspect.

Initiating proceedings before civil courts and requesting interim measures for freezing the criminal’s assets would not only prevent moving or dissipating the proceeds of crime, but also allow the victim to recover its losses suffered due to the alleged crime either based on breach of contract, tort or unjust enrichment depending on the specifics of the respective case.

Turkish law permits two types of interim measures, provisional injunction and provisional seizure, which can be obtained before or during the court phase. In all cases, the courts review and evaluate these requests in an accelerated manner.

Provisional injunction can be requested for any claims except monetary claims. According to Article 389 of the Civil Procedural Code, courts may grant a provisional injunction if:

• serious damage might occur for the applicant due to delay; or
• it would be impossible or difficult to procure a right due to changes in the current situation.

After obtaining a provisional injunction, the requesting party should file the substantial case for claiming compensation from the suspect within two weeks. Otherwise, the provisional injunction is removed.

Provisional injunction aims to secure rights in rem, and mostly property rights by preventing the transfer of assets to third parties rather than securing cash receivables. Therefore, if the applicant requests the court to transfer ownership of any assets, provisional injunction must be the applicable remedy.

Provisional seizure can only be requested for monetary claims which are not secured with a lien. According to Article 257 of the Execution and Bankruptcy Law, if the monetary claim is due, obtaining provisional seizure has no extra conditions. However, the applicant must at least roughly prove to the court the presence of their receivable. Within this scope, if as an example money is transferred to a criminal’s domain by the deceived party in any given case, the victim’s monetary claim becomes due. Therefore, in the given example, the single prerequisite for obtaining provisional seizure for the monetary loss is met.

Provisional seizure must be implemented through the related execution office within ten days from the date of the decision. If the application is done before the lawsuit/execution proceeding, the creditor (victim) must commence a lawsuit/execution proceeding against the debtor (suspect) within seven days starting from the implementation of the provisional seizure.

For both measures, the applicant must provide a deposit, which generally corresponds to 10% to 15% of the claimed amount in practice, for the damages likely to be suffered by the debtor or a third person. The exact collateral amount is at the sole discretion of the court.

If the traced asset is money or a monetary receivable to be secured, the provisional seizure must be the applicable remedy. If the criminal is a debtor in a separate execution proceeding initiated against them by a third party, provisional seizure obtained by this third party will prevail the provisional injunction to be obtained by the victim due to its executory nature. In such a case, the traced asset can easily escape from the victim’s domain and can be paid to a third party who can be a creditor of the criminal in a separate execution proceeding.

Unlike provisional injunction, provisional seizure will not prevent the transfer of assets to third parties. Although third parties can obtain the properties with the provisional injunction, the applicant will be able to execute the court order over them at the end of the proceedings, by requesting the enforcement office to sell the property at auction.

Conclusion

As an inevitable result of being struck by a white-collar criminal, the victim faces the risk of losing its assets, unless an effective asset recovery plan is put in place.

Apparently, due to the adversities identified in the confiscation procedure, the interest of the victim in many cases would be to initiate and pursue parallel proceedings before criminal courts and civil courts to ensure all possible legal remedies are sought for in all available legal avenues. The preferred mechanism would indeed depend on the particularities of the respective case each time. Nevertheless, in all efforts chasing white collar criminals it would be ideal to initiate asset recovery efforts as early as possible, to avoid loss of precious time, which may work in the advantage of criminals, while the victim is manoeuvering among different proceedings.

As the level of sophistication of economic crime has evolved and increased, there has been a growing need to streamline the mechanisms for confiscating its benefits, thus eliminating its economic incentive and inculcating the idea that ‘crime does not pay’. The law went beyond a strict definition of white-collar crime and entered what is seen as an admirable new world.

The harmful effects resulting from certain criminal phenomena – such as corruption or drug trafficking – with major effects on social life and the functioning of the rule of law, as well as the increased difficulties in the burden of proof and, specifically, the link between revenues that emerge from crime, became the root of draconian regulations, particularly at European level. This came up in Portugal through the adoption of Directive No 2014/42/EU, of the European Parliament and of the Council, 3 April, transposed into Portuguese legislation by Law no 30/2017, 30 May, amended Law no 5/2002, 11 January, which establishes measures to combat organised and white-collar crime.

According to this Portuguese legislation (which reflects the transposed directive), the defendant assets that are inconsistent with their lawful income are presumed to have illicit origin, which inverts the burden of proof, leaving it to the defendant to rebut the presumption. Within this legal framework, questions are being raised regarding whether this revolutionary shift in the burden of proof would violate the traditional principles set out in articles 18 and 32 of the Constitution of the Portuguese Republic, namely the presumption of innocence, the right to silence and no self-incrimination, traditionally provided to the defendant in criminal proceedings, such as the accusatory structure and the property right, hand in hand with personal reputation and privacy protection.

As widely known, according to the principles in dubio pro reo and right to silence, both fundamental in criminal proceedings structure, the accused does not need to produce evidence, which is the main and only task of the Public Prosecutor’s Office.

Throughout these legal standards the defendant is burdened with intense and proactive probative activity in the course of criminal proceedings, in which they have not yet been convicted.

It is true that the Portuguese Constitutional Court holds the position that these principles remain untouched. In fact, this same Court is arguing that because it is a ‘grafted procedure in criminal proceedings, the constitutional norms of the presumption of innocence and the right to silence of the accused do not operate’. This is because, ‘what is at stake in this procedure is not to ascertain any criminal liability of the defendant, but rather to verify the existence of gains resulting from a criminal activity. Hence, both the determination of the value of this incongruity and the possible loss of assets resulting therefrom, is not based on a specific judgment of censorship or guilt in ethical and legal terms, nor a judgment of specific danger of those gains being used to commit future crimes, but on a situation in which the value of the offender’s assets, in comparison with the value of the lawful income earned by the offender, gives rise to a presumption of their illicit origin, which must be prevented from maintaining and consolidating the unlawful gains’ (the ruling of the Constitutional Court of Portugal, no 392/2015). This looks like sophistry.

As a matter of fact, there is only one process, and the defendant remains the same. Thus, in the evidence produced by the Court, there is no division between the purposes of liquidation and those of criminal proceedings. The defendant must disclose enough information about their life and business to protect their own assets.

All matters (including those relating to seizure) are part of the object of the proceedings and it is up to the judge to decide on the basis of all the evidence.

One cannot fail to come to the conclusion that the principle of presumption of innocence and the undoubted principle in dubio pro reo is derogated with the introduction of this rule. Having not succeeded in rebutting the presumption of innocence, the defendant will lose the property to the state, according to Article 7 of Law 5/2002.

The extended confiscation decision is based on the presumption that the amount to be declared lost was obtained through criminal activity. This criminal activity may be the one that for which the defendant is convicted or even exceed that scope. Even with an absolute lack of connection between that crime and their fortune, the defendant will see all of their property at serious risk.

The defendant is under the suspicion that they may have committed other crimes, besides those for which they were convicted, since the extended confiscation is based only on a rebuttable presumption.

On the other hand, an extended confiscation order may consist of an ablation to the defendant’s assets, in accordance with the criteria established in Portuguese Law no 5/2002. Just because the incongruent assets may not have a direct connection with the criminal activity, it does not exclude them from confiscation – contrary to what happens in a classic confiscation, under Article 110 of the Portuguese Penal Code.

This legal framework has become constitutionally disproportionate.

The importance of enforcement measures capable of combating organised crime is undisputable. However, the state should only intervene when, in all probability, income or goods obtained through the commission of crimes are at stake.

It is established the court does not even have to be convinced the incongruity comes directly from criminal activity. This is a mere presumption that becomes effective upon conviction.

This issue regarding the distribution of the burden of proof is highly unusual in the Portuguese legal tradition. It is incomprehensible that failure to prove a particular fact will have the immediate effect of proving the contrary. It is time to return to good values.

Recent years have seen an unprecedented focus on audit and auditors in the UK. This has been driven, at least in part, by a number of high-profile corporate failures as well as the perceived widening of the ‘audit expectations gap’, the difference between what users expect from an audit and the reality of what an audit entails.

A significant number of reforms to the statutory audit market were introduced in 2016 as a result of the EU Audit Regulation (537/2014) and Directive (2014/56/EU). These reforms sought to address a number of issues highlighted during the global financial crisis, including competition concerns at the top of the statutory audit market; claims that auditors had not done enough to flag issues of concern in the period leading up to the crisis; and concerns that auditors may be insufficiently independent of the companies that they audit.

Notwithstanding those reforms, significant concerns remain. This has led to a number of reviews being commissioned into the statutory audit sector. These reviews are considering a number of far-reaching reforms, impacting and disrupting not only the audit firms, but also corporates.

Kingman review of the Financial Reporting Council

In December 2018, Sir John Kingman published his independent review of the Financial Reporting Council (FRC), which among other roles, is the UK’s audit regulator.

The government asked Sir John to lead a review of the FRC looking at a range of areas including the structure of the FRC, its culture and processes, its powers, how accountable it is and its impact, resources and capacity.

The review discussed the strengths and weaknesses of the FRC and the constraints on its effectiveness. It sets out 83 recommendations, including that the FRC be replaced with an independent statutory regulator, accountable to Parliament, called the Audit, Reporting and Governance Authority (ARGA). A number of the other recommendations relate to the statutory audit, for example, the introduction of a duty of alert for auditors to report viability or other serious concerns.

Competition and Markets Authority

In April 2019, the Competition and Markets Authority (CMA) published its final report on its statutory audit services market study which it launched in October 2018. This proposed a number of remedies, focussing particularly on audits of companies in the FTSE 350 index. The recommended remedies include:

• An operational split between the audit and non-audit practices of the biggest audit firms in the UK.
• That FTSE 350 audits should be carried out jointly by two firms, at least one of which should be outside the Big Four.
• That audit committees should be more closely regulated by the ARGA. It recommends that there should be minimum standards prescribed for the appointment and oversight of auditors. ARGA would monitor compliance with these standards and have the power to take remedial action where necessary.

This is the second time in recent years that the CMA has focussed on the statutory audit market. In October 2014, the CMA issued The Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Tender Processes and Audit Committee Responsibilities) Order 2014. This contains requirements around audit tendering and Audit Committee responsibilities for FTSE 350 companies.

Brydon audit review

In December 2018, the government asked Sir Donald Brydon to lead an independent review into UK audit market in response to the perceived widening of the ‘audit expectations gap’. The review considered a range of issues including the scope and purpose of audit; the audit product; and the legal responsibilities and liabilities of the company and the auditor. The final report was published in December 2019 and made 64 recommendations including in relation to: the prevention and detection of material fraud; communication and transparency within the audit process and audit report; the role of shareholders and other stakeholders; reporting by companies on their approach to assurance and resilience; and the effectiveness of companies’ internal controls over financial reporting.

What does this increased focus mean for companies?

In light of the well-publicised corporate failures of recent years, audit firms are, understandably, increasing their focus on the going concern statement contained in the annual report and accounts, as well as the longer term viability statements contained in listed company reports. This enhanced focus has been reinforced by the FRC publishing a revised auditing standard in connection with going concern statements. The FRC says that this standard means that UK auditors will follow significantly stronger requirements than those required by current international standards and will require greater work on the part of the auditor to more robustly challenge management’s assessment of going concern.

Increased work in connection with going concern is just one example of the greater workload being imposed on the statutory auditor. In light of this, and the knock-on effect on audit team resourcing, and the potential reputational and other risks connected with a statutory audit, in the medium to long term it is likely that corporates will see the fee charged for the statutory audit increase.

An increase in the work required to be undertaken by the statutory auditor is also likely to lead to an increase in the workload of the audit committee, in particular the chair of the audit committee. This is likely to mean an increase in the time commitment required for these roles. When combined with the potential political and media scrutiny if things do go wrong, recruiting appropriately experienced and qualified candidates for audit committee roles may become more challenging, putting pressure on the nominations committee and possibly board make-up and composition more generally.

It is not only investors who may influence a change in statutory auditor. Increasingly, audit firms themselves are stepping down from existing engagements as they more carefully consider issues including: the risk profile of their audit client portfolio; their ability to effectively conduct the statutory audit given increased scrutiny and their resources; and the reputational issues that may arise in connection with an audit engagement. There were several examples of auditors resigning from audit engagements in 2019 following concerns raised with their corporate clients not being dealt with satisfactorily from the audit firm’s perspective.

Compliance with the existing audit tendering and auditor rotation requirements can also create complication for companies and any proposed change of auditor requires careful choreography. Meticulous planning is required if prospective audit firms provide any of an increasingly long list of non-audit services which precludes them from undertaking a statutory audit within a prescribed period. Complications may also arise if not all eligible audit firms choose to participate in a tender process. Participation is by no means certain these days and there has been a noticeable trend of audit firms being reluctant to participate in certain audit tender processes. The transition from one audit firm to another is also an increasingly intricate process, and transition can take several years for the most complex, international businesses.

It is not only politicians and regulators that are focused on audit. Institutional investors are also increasingly focused on audit-related issues and are more readily using their voting rights at company Annual General Meetings (AGMs) to express dissatisfaction at audit-related matters. In 2018, investors at one listed company voted against the reappointment of the incumbent auditor. It is not only institutional investors that are making their voice heard. Increasingly, individual private shareholders are asking questions of the statutory auditor at AGMs, querying issues such as the scope of the statutory audit and the approach it has taken in relation to particular aspects of the financial statements.

During the course of 2020, it will become clearer which of the proposed reforms to the statutory audit market will be taken forward by government and regulators. What is clear is that the statutory audit process is becoming more and more challenging for corporates to navigate, a trend that is only likely to continue.

In the last five years, some Brazilian companies became well known internationally due to their involvement in some of the world’s largest corruption schemes.

As contradictory as it may seem, some of the companies involved in these scandals were highly regarded for their compliance rules and/or were listed in the Novo Mercado segment (which means the new market segment) of the Brazilian stock exchange known as the ‘B3′, which has the highest level of corporate governance requirements.

The direct involvement of these companies in corruption scandals of such magnitude put the credibility of the Brazilian companies at stake in the investors’ eyes.

Which institutional investor and financial institution would like to have their names directly linked to companies involved in Homeric frauds and, sometimes, cross-border schemes? Will Brazilian companies ever be able to gain their trust again? Why did they fail to comply with integrity and corporate governance principles?

These are just some of the questions that we have been reflecting upon since the scandals came to surface.

To mitigate the risk of future ‘bleeding schemes’ from happening again, to preserve public resources, and, perhaps one day, restore the credibility of Brazilian public institutions, and trust among foreign investors, the federal government enacted, in 2016, Federal Law 13,303 (also known as the State-Owned Enterprise Law), which is, as general rule, applicable to state-owned, to state-controlled enterprises and to their subsidiaries (state-owned enterprises).

Important best practices in corporate governance that were already followed by companies listed in the Novo Mercado segment of the B3 were replicated and became mandatory to state-owned enterprises, among which were the periodic assessment of managers and the appointment of independent members to the board of directors of these enterprises. At least 25% of the members of the board of directors of a state-owned enterprise shall not have any relation with the enterprise (including as a client, supplier, manager, staff member) and cannot be married or related to (up to the third degree) the chief of the executive power, to a minister of state, to a state or municipal secretary or to a manager of state-owned enterprise.

Compliance rules were also reinforced by Federal Law 13,303 and since then state-owned enterprises are obliged to create and apply integrity programmes which shall be implemented, monitored and supervised by internal auditors, and statutory audit committees.

Despite criticism, Federal Law 13,303 represents a landmark regarding compliance and corporate governance in the public sector.

As corporate governance principles proved not to be sufficient and not to be embedded in the spirit of certain listed companies, in 2017, after an extensive work conducted by the B3 alongside market participants, listed companies, and the Securities and Exchange Commission of Brazil (Comissão de Valores Mobiliários), a new Novo Mercado listing regulation was approved.

The new listing regulation, which came into force in 2018, reinforces transparency and accountability, and expressly requires the creation of compliance mechanisms and the disclosure of the assessment of the board of directors, its committees, and the executive officers.

In both cases, corporate governance and compliance requirements were strengthened and they are now two sides of the same valuable coin. Codependent guidelines and principles for companies listed in the Novo Mercado and for state-owned enterprises match, as they should have always done.

However, a company’s staff members will not miraculously and voluntarily begin to observe best practices of corporate governance and compliance. Efficient compliance and governance programmes require significant time and investment in constant training, developing integrity programmes, technological resources, monitoring, remediation etc.

The management must do its best to transmit to stakeholders (shareholders, staff members, clients, service providers and suppliers) the company’s values, vision, social responsibility, and corporate governance and compliance rules and principles. The first step a company’s manager must take is to walk the walk and to act as a role model so others feel compelled to follow in their footprints.

Our experience in Brazil proves that if principles are not rooted in the company, and if managers are not looked upon as righteous leaders, corporate governance and compliance programs just become a matter of ‘ticking the boxes’ and ‘just for show’, and, therefore, are likely to be violated.