What is corporate crime prevention and why is it a necessary "cost"? Depending on the industry in which a company operates in Romania, it is subject to legal obligations whose violation can result in legal liability.
For this reason, an increasing number of companies are implementing corporate crime prevention programs which, if they are properly implemented, can provide real protection for companies in preventing and promptly detecting legal violations related to their activities.
In practice, we encounter more and more situations where the existence of corporate crime prevention programs (compliance programs) saves the company and/or its management or employees from liability, or at least significantly mitigates the negative consequences that often arise in sanctioning procedures initiated by the authorities. Corporate crime prevention proves its usefulness especially in the following areas:
- In the field of business criminal law, given that companies in Romania can be held responsible for acts committed in the course of their business, on behalf of the company or in its interest.
- In the field of administrative liability of companies, which can be heavily sanctioned in relation to, for example, anticompetitive acts committed by their employees or violations of specific regulations (e.g. in the pharmaceutical sector).
It is true that implementing an adequate prevention program requires considerable effort company-side, consumes significant resources and time, and it is a long-term commitment. However, observing how laws in this matter are becoming increasingly strict and recognizing the benefits that a compliance program can bring to a company, we inevitably conclude that this organizational "cost" is rather an investment, without which the occurrence of financial, reputational, and/or legal problems is only a matter of time.
What does implementing a compliance program involve? Like any organism, companies need to adapt to the environment in which they "live" to survive. Therefore, corporate prevention (including crime prevention) can be achieved through the implementation of a compliance program tailored to the target company and its activity.
The implementation of a compliance program must consider the corporate liability model established by each country, the existence of applicable legal peculiarities, the organization's structure, operational flows, and business needs.
The implementation process generally involves stages of varying complexity depending on the organization, and it entails risk assessment, development of internal policies and procedures to ensure efficient supervision and self-control within the organization, continuous training of members of the organization, including in what regards the legal aspects, the existence of internal reporting channels, internal reaction and remedy processes, as well as reassessment and adaptation of the program when necessary.
Although a compliance program cannot provide absolute protection to an organization, it must provide internal mechanisms that can prevent and detect legal violations, mechanisms that are assumed and integrated into the organizational culture through management's diligence.
Trends at the European Union level and their impact on Romanian companies. Because prevention, by definition, means being prepared for possible events, anticipating future events must be present in the configuration of a compliance program as well, including through observing legislative trends at the European Union level, given the increasing European lawmakers' concern in this direction.
It is important for a company to have a compliance program that is constantly adapted to requirements that, although not currently mandatory, will become mandatory in the near future, and the reaction time provided by the Romanian authorities in the transposition process is usually not generous.
Just as an example, on May 3, 2023, the European Commission proposed a new directive on combating corruption through criminal law measures, which, among other things, will require member states to hold companies accountable for failing to prevent certain acts of corruption or against patrimony as specified in the directive, when the lack of supervision or control by the company's management made it possible for the offense to be committed by any person under the company's authority.
Clearly, in these situations, an adequate compliance program will involve supervision or control within the organization and can help prevent companies from being held liable.
About the laws of other states that may be mandatory for companies operating in Romania. Traditionally, criminal law applies territorially (locus delicti), and criminal jurisdiction belongs to the state governing the place where the offense was committed. However, in criminal law, there are also other principles that allow for the extraterritorial application of a state's criminal law (for offenses committed outside the territory of that state).
For example, there are numerous U.S. criminal laws that apply beyond the territory of the United States, and after the initiation of criminal investigations, compliance programs are subjected to an evaluation process by prosecutors (according to the Evaluation of Corporate Compliance Programs prepared by the U.S. Department of Justice - Criminal Division, recently modified in March 2023). Based on this evaluation, prosecutors determine the measures they will take during the investigation of the companies under scrutiny (including whether to impose any sanctions).
This trend is also present in Europe, for example in France, where the Sapin II Law, under certain conditions, applies to subsidiary companies in other countries (including Romania) that have their parent company in France. This law requires these companies to have in place compliance programs to prevent acts of corruption.
A particular trend in this field can be found in the United Kingdom, where relatively recently a new concept of corporate offenses was introduced. Companies can now be held criminally liable for their failure to prevent certain offenses, such as bribery (Bribery Act 2010) or tax evasion (Criminal Finances Act 2017). In all these cases, companies can avoid liability if they can demonstrate that they had implemented "adequate" procedures (under the Bribery Act) or "reasonable" procedures (under the Criminal Finances Act) - the requirement of having prevention procedures is thus legislatively recognized.
Furthermore, just these days, the UK Parliament is discussing the Economic Crime and Corporate Transparency Bill, a legislative act that will introduce a new offense for companies: the failure to prevent fraud when the acts are committed by their own employees, and the fraud has brought benefit to the company. This legislation will also have an extraterritorial effect, applying to both British companies and foreign companies for offenses falling under British laws.
However, according to the new draft, companies can avoid criminal liability if they can prove that they had "reasonable" fraud prevention procedures in place at the time of the offense. These procedures must comply with the requirements of a guidance that will be adopted after the law comes into force.
We can thus observe that compliance programs are becoming increasingly important in the European Union and in other countries that have adopted laws impacting companies operating in Romania. This trend is also being seen more frequently in Romania and requires a corresponding response from companies engaged in economic activities in our country.
Although implementing a compliance program represents a significant effort for every company, regardless of its size, and does not make it invincible before the laws and in relation to authorities with investigative powers, prevention must be taken increasingly seriously by company management. Only this way can the stability of the organization and the sustainability of the business be responsibly ensured.
By Andrei Croitoru, Counsel, Act Legal