The impact of Act No. 91/2016 Coll. concerning criminal liability of legal entities on business environment is being underestimated. If the topic is interesting at all, most people accept the prevailing opinion that this is just another bureaucratic law that will hardly have any effect, not to say real impact (such as the law on reporting criminal activities, i.e. whistleblowing) and that it will affect only those companies that are involved in criminal activities. This, however, must not be accepted. Namely, the law extends the established procedures and interpretations of terms, such as liability of executive and representative bodies (in Slovak: štatutárne orgány) and other persons, confidentiality obligation, business secret, compensation for damages, etc.
Finding a link between criminal activities and consequences affecting commercial law or civil law relationships has been accomplished in the sense of this regulation, at least at the theoretical level (even if not quite consistently). Practical side of the application of this new law is yet to be seen, the scope of its applicability being immense.
In terms of its substance, a very similar law has been introduced in the Czech Republic back in 2011. Nonetheless, Slovakia opted to take the path of what was called ‘indirect criminal liability’, where causal relationship with an act committed by particular individual had to be evidenced. It is quite possible that scarce application of the tools offered by this law resulted, at that time, prompted the business milieu to adopt the view that the topic was in fact of little interest to ordinary business people. However, direct criminal liability has been applied in Slovakia since 1 July 2016 ant it is necessary to expect that the number of criminal prosecutions of legal entities will gradually and inevitably increase.
If we focus on the Czech Republic as a country with a very similar way of thinking, language and culture, it will turn out that the country witnessed criminal prosecution of 19 legal persons solely in the first year of the law’s effectivity. After additional four years, this number increased to more than 580 cases of prosecution of legal entities in one year. The assumption that the law would concern solely “business criminals” has also not proven true in the Czech Republic. Most criminal prosecutions concerned economic crime (e.g. tax evasion), property crime (such as usury, complicity) and acts against the environment (environmental crimes).
According to the report published by the Czech Office of the General Prosecutor, the significance of the law concerning criminal liability of legal persons has kept growing. Total number of cases of prosecution of entire companies, firms and institutions is also on the rise. According to the data published by the General Prosecutor’s Office, concrete criminal prosecution has been initiated in vast majority of cases. In some cases, indictments were submitted and concrete judgements were awarded. For example, only a minimum of cases were terminated by some form of discontinuation of criminal prosecution in 2014.
Having regard to territorial and cultural proximity of the Czech Republic, trends prevailing at the European level and wording of the Slovak law dealing with criminal liability of legal entities, there are no grounds for believing that this would be significantly different in the Slovak Republic.
Only if legal entity is prosecuted?
Being a party to criminal proceedings does not necessarily mean that a company is involved as the prosecuted, accused or indicted entity. The Rules of Criminal Procedure define also the position of the aggrieved party, or what is called ‘involved party’. Obviously, it is not necessary to deal in more detail with what it means to be accused or even aggrieved party, even if this terminus technicus may acquire certain specific traits where legal entities are concerned. However, the term ‘involved person’ is not associated very often with legal entities among lay persons. This is not quite justified, as this position is no novelty to the criminal law. Nonetheless, the law dealing with criminal liability of legal persons introduces the term ‘involved person’ to a new dimension and contents.
‘Involved person’ is a person whose property/thing may, is to be, or has been seized according to a motion. This is associated with the general obligation to provide collaboration (Section 3 of the Code of Criminal Procedure) and the obligation to surrender a thing (Section 89 of the Code of Criminal Procedure). “Anybody having in his possession a thing important for the purposes of criminal proceedings shall surrender that things, upon request, to police officer, prosecutor or the court; if the thing is required to be secured for the purposes of criminal proceedings (author’s comment: of any kind), the person is required to surrender the same to those authorities on their request.” This obligations does not apply solely to documents or other things the contents of which relate to circumstance that are not allowed to be subject to interrogation, save for cases where the obligation to keep the thing/issue secret, or where the confidentiality obligations has been lifted. It must be kept in mind that confidentiality obligation in this sense is only the confidentiality obligation imposed by law. Thus, this would not apply to any confidentiality obligation under contract/agreement.
Confidentiality Obligation and Business Secret
Where a confidentiality obligation agreed under a contract/agreement is concerned, significantly broader implications are involved. The impact of disclosure of data affected by the confidentiality obligation is rather broad. This does not primarily mean disclosure of confidential information to law enforcement authorities (contractual provisions usually allow for disclosure of confidential information to such authorities/courts). Rather, disclosure of information to all persons that may probably have access to the investigation/case file is concerned. Likewise, this is not about compensation for damages that might be claimed in the case of leak of information that should not have leaked from the file (although some legal discourse is possible with this respect). Rather, it is the impact of the disclosure of information, once they will have leaked from the case file. Risks associated with the leak of so obtained information is immense. The more sensitive the information, the more carefully it should be handled also in terms of prevention, i.e. before any criminal prosecution not even related to the particular company might occur.
Under the obligation to provide collaboration set out in Section 3 of the Code of Criminal Procedure, all persons (including legal persons) are required to provide collaboration to law enforcement authorities and courts in the course of performance of their respective tasks related to the criminal proceedings (again of any type). Moreover, requests of this type must be handled in a timely manner (i.e. as and when requested by the competent body/court). These provisions will not affect the obligation (i.e. disclosure will not constitute a breach on your side) to treat any secret fact/circumstance, trade secret, bank secret, tax secret, postal or telecommunications secret as confidential. Thus, the court or any law enforcement authority is entitled to request from you also those types of information to be entered in the case file. Protection is secured through single (1) legal provision determining who and in what stage of the criminal proceedings has the right to request data/information meeting the above characteristics; this legal provisions sets out a general obligation to protect such data/information (however, without any particular contents). Another thing that needs to be considered is the fact that the law allows law enforcement authorities to deliver to each other documents and other information also in the electronic form, without setting out the obligation to at least encrypt so exchanged data in order to prevent their misuse.
Until the effective date of the law concerning criminal liability of legal entities, the above regulation might have been theoretically sufficient. If, however, one considers that each firm/company carries out its business in a unique way, applies its own particular procedures, methodologies, protected data, know-how, calculations, perhaps licences, protected patents or recipes, potential risk associated with the disclosure of such data takes monstrous and theoretically even destructive dimensions. Unless preventive measures are taken by the affected company, continuing functioning in the regime of “standard” handling of the company’s data and documents turns to the Russian roulette.
Liability other than solely criminal …
The law concerning criminal liability of legal entities has introduced direct criminal liability of a legal entities that is not conditional upon evidencing any act or conduct of any particular individual. It is quite clear that this has an immense impact on control and preventive mechanisms applied inside companies. If law enforcement authorities do need to investigate a correlation between the act of certain individual in the sense of fulfilment of the elements of any particular body of the crime (there are 78 of them), then a threat to, or violation of an interest protected by that particular body of the crime will be primarily investigated and the underlying act or conduct will be reviewed thereafter.
In the case of occurrence of an act or conduct described by the body of the crime and if such act or conduct can be in general assigned to a legal person (act of, or conduct by what is called ‘qualified person’ that can be the company’s employee, executive and representative body (štatutárny zástupca) or even any person having an agreement with the legal person in place, such as mandate agreement), the act or conduct itself is deemed an act of, or conduct by the legal entity itself (regardless whether such particular individual was or was not authorized to act, or acted beyond his/her powers). Consequences of violation of the penal law in the form of accomplishment of elements of a crime are exhaustively listed; a very probable scenario would be imposition of a pecuniary penalty up to EUR 1,600,000.
Let’s assume that a company is convicted and pays the penalty. Damages amount to EUR 1,600,000. There is a potential right to recourse for the same amount – EUR 1,600,000. Having regard to objective liability mainly of executive and representative bodies of capital companies, therecourse is claimable against such person as a result of their breach of the obligation to manage the company with due professional care, unless such persons prove that they have indeed proceeded with due professional care and acted in good faith. The burden of evidence is therefore borne by such persons, statutory representatives.
In the case of breach of contractual relationships (direct violations in relation to act or conduct in question, or violation of the confidentiality obligation as already mentioned above), the right to recourse may be exercised also in the form of indemnification; this type of right of recourse may be exercised also against employees, even if in a rather limited extent. Scenarios related to the exercise of the right of recourse through indemnification are truly manifold and anybody may be involved, in particular if the individual in question is a “qualified person” as determined by the law.
“Qualified Person” … Who?
Qualified person, namely a person the act of whom may result in criminal proceedings conducted against a legal entity can be de facto and de iurevirtually anybody. Act accomplishing the given elements of crime (listed criminal offences) shall be assigned to a legal person, if the act, failure to act or omission is committed by:
a) executive and representative bodies (štatutárne orgány) or their members (executive officers, directors, trustees, managers – depending on the legal entity in question);
b) person carrying out control activities or supervision within the legal person (apart from members of supervisory boards, also persons responsible for any supervision/control activities as part of day-to-day operations of the company);
c) other persons authorized to represent (also under contract/agreement) a legal person or involved in the legal person’s decision-making process.
In addition to the above qualified persons, the law identifies an additional circle of individuals the acts or conduct of whom can be deemed acts of, or conduct by the legal entity itself, namely persons acting within the scope of their authorizations granted to them by the legal person and if such persons were able to commit a criminal offence in particular as a result of insufficient supervision or control by persons named under a) to c) above, including due to negligence. From the legal aspect, the last case means that acts of, or conduct by practically any person(s) can be ultimately deemed acts of, or conduct by a legal entity. Of course, the requirements of the law will have to be also complied with and this will be a particularly hard nut to crack in terms of application of the law. According to the valid and effective wording of the law, acts of ordinary employees can be ultimately deemed acts of the relevant legal entity, unless a default on the part of particular individual is proven.
The law concerning criminal liability of legal entities will affect the functioning of all entrepreneurs (apart from other entities). Companies and firms will be required to introduce relatively stringent and competent forms of preventive measures aimed at release from liability in the case of defaults of particular individuals, elimination of reputation-related risks and mitigation of potential damages caused to the company itself or to its contractual partners.
Phrasing of Section 4 and Section 3 indicates that commission of a crime shall not be assigned to a legal entity if – having regard to the scope of business, manner of committing of the crime, its consequences and circumstances surrounding the committing of the crime – the severity of a failure to comply with the obligation in the course of supervision of control by a body of the company or qualified person is “insignificant”.
This also means that a preventive system to be applied by a legal entity should be reasonably efficient rather than only formal. Only an efficient prevention system is able to cover, or limit also other risks associated with criminal liability of legal entities. Will the adoption only of a guideline, internal policy of internal instruction be sufficient? It may, even if we are of the opinion that only in very limited cases and in the case of simple organizational and competence schemes.
The more complex and sophisticated the internal organization of a particular legal person is, the more detailed and comprehensive prevention in the area of criminal liability will have to be applied at the company level. Measures will have to involve far more than mere preparation and introduction of internal guidelines or instructions dealing with criminal liability. Measures will have to cover issues like: protection of business secret, cases involving police raids, setting up and instructing a team to deal with such situations, appropriate adaptations to contractual and corporate documentation, labour law documentation, cataloguing of specified documents, manner of handling of documents in both hard copy and electronic forms, mechanisms of prevention of damages caused by potential defaults on the part of individuals, and dealing with the consequences of such cases. The scope of activities associates with all of the preceding is rather broad and will have to respect the “individuality”, human resources and specifics of any legal entity in question in relation to its scope of business, acts or failures to act/omissions.
Regardless of the manner of application of the law in real-life context, of successfulness of the theory underpinning the developments in surrounding countries, prevention at least at the level of business secret and procedures for the case of police raids are the absolute minimum every entrepreneur and every legal person should consider.
By JUDr. Lucie Schweizer, Partner, Ružička Csekes s.r.o.
tel: +421 911 737 437, email: firstname.lastname@example.org
Advocate specializing in corporate criminal law, prevention of criminality of legal entities, strategic planning and design as well as risk management.
Source: British Chamber of Commerce