In Re (#05 May 2013)

Internal Anti-Corruption Investigations: to Get out of Trouble

Oleg A. Klymchuk, Alexander Weigelt

Internal anti-corruption (anti-bribery) investigation is becoming an increasingly common, integral part of the compliance system of many international and larger local companies, which seriously and globally consider their reputation and negative legal consequences related to that.

The enactment of the UK Bribery Act and US Foreign Corrupt Practice Act has raised additional concerns for businesses operating in Ukraine. This article is dedicated to legal aspects of internal anti-corruption investigations in Ukraine as well as new legal developments in this regard.

Far from being self-entertainment

The effective Anti-Corruption Act of Ukraine was adopted in April 2011 and has mostly remained unchanged since then. Compared with former anti-corruption laws of Ukraine, the existing Anti-Corruption Act of Ukraine has a clear focus on anti-corruption measures to be taken by businesses. Specifically, as soon as certain company officials reveal the fact of corrupt actions or receive notification on the fact of corrupt actions, they must:

(i) Exercise their power to terminate any such corrupt actions; and

(ii) Immediately notify the relevant anti-corruption enforcement authorities of the fact of corrupt actions.

Failure to comply with this legal requirement may lead to administrative fines (about USD 250). However, the mere financial aspect of an administrative fine is a relatively minor concern in such cases. The reputation risk is much more important. Furthermore, the risk of negative legal consequences under the Foreign Corrupt Practice Act and UK Bribery Act cannot be underestimated.

To understand the risks and take the necessary actions it is of utmost importance to carry out a careful and thorough internal due diligence of all existing indications of possible corruption, which is actually impossible without proper internal investigation procedures being implemented.

Procedural issues

Today, the Anti-Corruption Act of Ukraine does not contain a specific procedure for internal anti-corruption investigations. Article 22 (4) of Anti-Corruption Act of Ukraine contains only a general reference to possible internal investigations. How-ever, this reference does not help the business practice much, because: (i) it relates to post-crime internal investigation; (ii) is conducted on the initiative of qualified state authorities involved in anti-corruption actions or upon decision of an employer where a concerned person works; and (iii) is to be performed according to a procedure approved by the Cabinet of Ministers (however, the procedure has not been adopted yet by the CMU).

Neither does the Labor Code of Ukraine stipulate anything specific regarding internal investigations. There are some regulations for official investigations at the government service sector (e.g. Security Service of Ukraine, Internal Intelligence Service of Ukraine). Further, Article 149 of the Labor Code of Ukraine refers only to one instrument of internal investigation — as a requirement for the employer to demand written explanations from the employee concerned. However, the latter requirement for the employer relates only to disciplinary actions (rebuke or dismissal), which is not always well-applicable to anti-corruption investigations.

However, irrespective of the above, businesses are not legally restricted in Ukraine to implement their own internal procedures, under which the relevant internal anti-corruption investigation may be carried out. Similar to business practices in other jurisdictions, three main forms of internal investigations are common:

(i) Light form of internal investigation. Such internal investigation is based on a company order issued by a manager of a company, which defines people involved in investigation, actions of people involved in investigation, and reporting issues. This procedure is not always efficient and bears risks, because it does not cover possible risks related to the investigation (e.g. when a manager of a company itself is a suspected person, or if there are relations between suspected persons and a person involved in investigation, possible difficulties in getting access to necessary data).

(ii) Established investigation procedure (globally adjusted to Ukraine or local) approved by the relevant manager of a company.

(iii) Established investigation procedure as well as internal policies regarding the use of corporate mobile phones, corporate IT-facilities, data protection issues which all are legally and procedurally synchronized with respect to anti-corruption actions. Furthermore, employment agreements contain special clauses regarding the necessity of compliance with all internal rules and policies as well as a properly drafted anti-corruption clause.

However, practice proves that even well-established internal investigation procedures and policies require tailored solutions; depending on the situation (e.g. corporate orders regarding hacker attack that consequently require check of IT-facilities).

Data privacy issues

Usually, an internal anti-corruption investigation requires the gathering of significant amounts of information, which then is to be reviewed to make a correct decision on whether the facts of corruption have proven true or not. In such a case, access to a mobile phone, computer or mailbox (both corporate and private) of a concerned person is needed. However, such needs may collide with constitutional rights regarding personal privacy, which must be respected. Furthermore, the existing Personal Data Protection Act of Ukraine raises additional concerns for business in the given situation.

The best case scenario in the given situation is when an employer has internal policies on the use of corporate mobile phones and corporate IT-facilities by his employees. Such internal policies are usually a good legal reason for obtaining access to corporate mobile phones or to corporate computers.

Furthermore, since December 2012 the Personal Data Protection Act of Ukraine states new grounds for personal data processing — a need of protection of legal interest for data controller (usually employer) and/or third parties, if the need for protection of such interest outweighs the need for personal data protection. We expect that this legal purpose for personal data protection will become relevant for compliance issues (e.g. anti-corruption internal investigations, whistleblowing hotlines, etc.).

With regard to personal mobile phones or personal data carriers (notebook, PC, external hardware, etc.), the employer has no right to get access to them without the consent of the owner. Access to them may be granted only to the relevant anti-corruption enforcement agencies in Ukraine.

Regarding the operation of whistleblowing hotlines in Ukraine, it should be mentioned that there is no special regulation for such hotlines in Ukraine. When forming a whistleblower hotline in Ukraine the relevant entity must comply with general legal regulations regarding personal data processing.

Third parties for anti-corruption investigations

Ukrainian laws do not restrict the involvement of third parties in internal investigations. It is, therefore, possible to use specialized service providers for internal investigations. However, the internal investigation procedure must always consider local requirements and the legal framework for the activity of certain persons and entities.

For example, there is no special regulation for the activities of detectives in Ukraine. Most entities trying to work as detectives (detective agencies) usually operate as security firms (agencies), whose activity is subject to licensing; as collector firms (agencies); or as information agencies in accordance with the Information Agencies Act of Ukraine. Depending on its legal status, such a detective/detective agency will have different room for activities that should always be seriously considered before involvement.

Furthermore, a new player in today’s anti-corruption investigations is the operator of the whistleblowing hotline (usually a service provider located abroad). Their operation in Ukraine often does not comply with Ukrainian legislation on personal data.

In particular, in case of a whistleblowing hotline operating as a personal data base the most likely operator of a whistleblowing hotline will be considered a data processor. This fact affects the necessity of the relevant registration of the whistleblowing hotline operator as a data processor in the Ukrainian Register of Personal Data Bases.

Conclusion

Internal investigations are typically unpleasant and painful tasks. However, internal investigation procedures are of utmost importance for those sectors of business, which are sensitive to corruption (tenders, trade). Internal investigation procedures should not be considered as a universal panacea, but if a company has such a procedure it significantly mitigates the risks related to corruption.

Subscribe
The Ukrainian Journal of Business Law

Subscribe to The Ukrainian Journal of Business Law right now and enjoy the most relevant issues on doing business in Ukraine on your device or in print.

All this for just USD 9.99 a month.

 

Subscribe now