Compliance programmes and the operation of law enforcement authorities
Activity of law enforcement authorities concerning irregularities of a criminal nature can result in heavy losses to a company’s finances and image. Certain investigative and procedural measures (such as a search of corporate premises, seizing items or detaining people) can have a negative impact on the company’s business and reputation. The consequences can be even more serious if these measures lead to filing of allegations, indictment and conviction of high-ranking company officials. This is yet another argument for maintaining an effective compliance programme.
Irregularities in a company can lead to broad and deep interference in the organisation’s operations by the prosecutor’s office, the Police, the Internal Security Agency, the Central Anti-Corruption Bureau, the National Revenue Administration, and other law enforcement authorities. This can occur in particular if as a result of criminal activity by high corporate officials or other persons affiliated with the company, the company obtains illegal benefits (for example signs a lucrative contract as a result of corrupt actions by its representatives, or obtains an undue tax advantage as a result of prohibited tax practices by a customer or supplier). For this reason, it is worthwhile to minimise the risk of occurrence of irregularities and the resulting criminal-law measures through an effective compliance programme.
Criminal compliance programme
Implementation of a compliance programme with respect to activity of law enforcement authorities should primarily:
- Combat the risk of occurrence of violations of law that can have criminal-law consequences
- Eliminate or reduce the negative consequences of any violations that have occurred
- Improve the functioning of the crisis management process
- Raise awareness of people in the organisation on what is lawful and ethical behaviour
- Reinforce the organisation’s image as an entity operating in compliance with law, ethics, and high business standards.
Procedures serving these aims include in particular:
- Anticorruption procedure
- Procedure for verifying customers and suppliers
- Procedure for reporting irregularities and violations of law
- Procedure for conducting internal investigations
- Guidelines for proceeding in the event of measures pursued by law enforcement authorities.
These procedures should be tailored to the operations of the specific organisation. Before they are implemented, a map of risks should be drawn up based on an analysis of potential threats of legal violations associated with the company’s business. But mere adoption of procedures is not enough. It is essential to apply them, monitor compliance with the procedures, and periodically review them and conduct training on the areas covered by the procedures.
From the perspective of actions by law enforcement involving searches and seizures, the guidelines on how to act in the event of measures by law enforcement authorities are particularly relevant. They are aimed mainly at:
- Limiting the disruption to the company caused by such measures
- Regulating the behaviour of employees and persons at the company responsible for cooperating with the authorities (creating a roadmap for how to proceed)
- Ensuring protection of business secrets and other legally protected confidential information.
These guidelines may also govern issues involving the company’s communications strategy in connection with measures pursued by law enforcement authorities, both within the company and in dealings with third parties (e.g. the media and the company’s customers and suppliers).
Protection of whistleblowers
Implementation of a compliance programme for reporting irregularities and violations of law is linked with the issue of protection of whistleblowers making such reports.
For now, protection of whistleblowers in Poland is done sector by sector, pursuant to implementation of relevant regulations from the European Union. For example, there is an obligation to protect whistleblowers on the part of companies operating a regulated market and providers of transactional information services under the Trading in Financial Instruments Act of 29 July 2005 and obligated institutions under the Anti Money Laundering and Counter Terrorism Financing Act of 1 March 2018).
In a limited respect, protection of whistleblowers was also included in the controversial proposals for the Act on Transparency of Public Life and the new Act on Liability of Collective Entities for Punishable Acts. But neither of these proposals has completed the legislative process and become law in Poland.
To date, there has been no general obligation under Polish law to ensure the legal protection of whistleblowers (although such persons could seek to protect their rights for example through civil litigation). However, extensive protection of whistleblowers was adopted recently in the EU’s Whistleblowing Directive (Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law).
The directive establishes minimum standards for protection of whistleblowers across a range of fields, such as public procurement, goods and services, financial markets, transportation safety, environmental protection, public health, consumer protection, privacy and data protection.
These standards include in particular an obligation to establish channels and procedures for internal reporting and taking remedial measures. This obligation is imposed on legal entities from the private and public sectors. In the private sector it applies in general to entities employing at least 50 people (but with numerous exceptions). These entities are also required to maintain a register of whistleblower reports. The directive also prohibits retaliation against whistleblowers and requires sanctions to be imposed on entities guilty of retaliation.
EU member states are required to introduce regulations essential to implement the directive by 17 December 2021, or 17 December 2023 with respect to the obligation of private-sector entities employing from 50 to 249 people to establish internal reporting channels.
Even apart from the directive, implementation of solutions for protecting whistleblowers in organisations is worth considering, as whistleblowers can provide a valuable source of information on possible irregularities within the company. Early discovery of irregularities and implementation of measures to investigate and redress the consequences of violations can help minimise financial and reputational losses to the company.
Jakub Znamierowski, adwokat, Business Crime practice, Wardyński & Partners