legal compliance for doing businessin united kingdom and europe
TRANSCRIPT
AWARENESS PROGRAM – Jayjit Biswas CA, CISA
Legal Compliance for doing businessin United Kingdom and Europe
COVERAGE
1. Labour Law Issues2. UK Bribery Act3. Data Protection Act4. Data Retention Act 5. Regulation of Investigatory Powers Act6. Digital Economy Act
2
European Establishment
If a physical location is required registration of the business will benecessary
Subsidiary company - separate legal entity from its parent company, butcan be fully owned and controlled by the parent
Subsidiary – Liability Issues•Shareholders (i.e. Indian Parent) not generally liable for acts of thesubsidiary company
•Liability is limited to the share capital of the subsidiary Productliability is a different regime
•Directors or other company officers may be personally liable in certaincircumstances (e.g. fraudulent or wrongful trading)
3
Work permits for non-European nationals
European labour laws are applicable to employees residing and working in the amember state regardless of whether (1) they are employees of a Europeansubsidiary or a branch of a US parent; or (2) they are European nationals or non-European nationals
Employees working in Europe have a variety rights – varies from country to country:
1. Working Time Directive (Max hours spent working during any week (Germany, Finland, Spain – 40 hours per week. Ireland 48 hours per week)
2. Holiday – 31 days in Germany, 29 days in Ireland, 30 days in Spain, 20 days in UK
3. Anti-discrimination laws (similar to those in the US)4. Notice – In UK - 1 weeks notice for each year of service (up to 12 weeks
minimum after 12 or more years)5. Unfair dismissal claims (In UK right not to be unfairly dismissed arises after 1
year. Max compensation payment £61,300)
Labour law issues
4
Consolidated/replaced several separate laws involving bribery, corruption
Including laws signed by Queen Victoria
Clarified ambiguities in existing laws, e.g. bribery through third parties
Enhanced penalties, promises of enhanced action
Response to criticism of UK’s limited efforts against bribery, e.g. BAE matter
Implementation delayed twice
Concerns about scope of the Act
Ambiguities re business hospitality, entertainment
Concerns about prosecution for facilitation payments
Serious Fraud Office (SFO), Ministry of Justice (MJ) issued final guidance – not detailed
Effective 1 July 2011
UK BRIBERY ACT 2010
UK Bribery Act 2010 - background
5
Prohibits solicitation/receipt/payment of bribes to public officials/businesspersons
Distinct crime of bribing foreign public officials
Use of third parties in carrying out bribery covered
Exempts bribery by UK officials in intelligence and defense work
Creates new violation – company’s failure to prevent bribery anywhere globally
No distinction between large bribes and facilitation payments – size doesn’t matter!
Global jurisdiction
UK citizens, residents, UK registered/based companies (partnerships, corporations)
Any company based anywhere if it “carrying on a business” in the UK
Companies protected if they have “adequate procedures” against corruption
Six categories of adequate procedures
Harsh penalties: unlimited fines, 10 years imprisonment
UK Bribery Act 2010 - overview
UK BRIBERY ACT 2010
7
Section 1 – “bribing another person”
A offers/promises/gives financial or other advantage to B
In return for B doing/having done improper work related activity
Section 2 – “being bribed”
B solicits/agrees to receive/accepts an advantage in return for improper work activity
Section 6 – bribing foreign public officials (FPO)
A offers/promises/gives financial or other advantage to FPO
Intending to influence FPO in his/her work
NO ELEMENT OF IMPROPER WORK ACTIVITY NEEDED
SIMPLY “INFLUENCING” FPO TO GENERATE SOME COMMERCIAL ADVANTAGE
And intending to obtain/retain business or business-related advantages
Local written law does not require FPO to be influenced/to act in the intended way
E.g. – FPO officially responsible for receiving payments of fees for bid submissions
UK BRIBERY ACT 2010
Key elements of the Act – 3 bribery offences
8
• Extra-Territoriality
General and FPO bribery offences: if any part of the offence is committed inthe UK or if committed overseas by a person with a close connection to theUK
Corporate bribery offence: it is irrelevant where the acts/omissions whichform part of the offence take place.
Applies globally to companies who carry on any part of their business in theUK
UK management companies
UK chartering brokers/insurance offices
Companies with UK agents/distributors?
UK BRIBERY ACT 2010
9
Actions by third parties, e.g.
Solicitation/promise/payment occurs through intermediaries, e.g. agent, supplier
Boss promises that he/she will ensure his/her employee selects payer’s bid
Improper activity = doing something improper or failing to do something proper
Bribery offences can be committed by
UK citizens, residents
UK based/registered companies if senior management has been involved
Senior managers involved also face prosecution – approval, participation required
Foreign public officials
Bribery of public officials, business partners are both illegal
Key elements of the Act, cont’d – common bribery threads
UK BRIBERY ACT 2010
10
UK government will prosecute under UKBA and UK money laundering laws
Proceeds of Crime Act (POCA)
Money laundering includes
Using/transferring/keeping proceeds of criminal conduct
This could include
Companies transferring from/to UK banks funds intended for bribes
UK companies using the proceeds from corrupt business practices, e.g. profits from projects
UK companies fail to report such proceeds if required by law
Possibly non-UK companies transferring tainted funds to UK affiliates
Easier to prove violations of money-laundering laws than UK Bribery Act
Proceeds of criminal activity
Used by or in possession of UK company or transferred to UK banks
Similar money laundering laws in other countries re tainted funds?
Could these be combined with prosecution under anti-corruption laws?
UK BRIBERY ACT 2010
Money Laundering
11
Applies only to companies
Applies to companies located anywhere globally if they carry on business in the UK
Unclear what exactly comprises “carrying on business in the UK”
Company is strictly liable if an associated person commits bribery offence 1 or 6
Associated person = e.g. employee, agent, supplier, contractor, JV partner, affiliate
No need for senior management involvement – any associated person triggers sec. 7
Bribery can occur anywhere globally – no UK link required
Complete defense if company has 6 “adequate procedures” countering bribery in place:
PROPORTIONALITY – procedures reflecting the bribery risks company faces
TOP LEVEL COMMITMENT – management, directors must promote anti-bribery program
RISK ASSESSMENT – demonstrable assessment of relevant risks, e.g. markets, projects
DUE DILIGENCE – business partners must be checked/approved before collaboration begins
COMMUNICATION – accessible, clear policy & materials; training; confidential reporting ofconcerns
MONITORING/REVIEW – internal/external checks on implementation, acting on violations
UK government’s guidance on adequate procedures not detailed
UK BRIBERY ACT 2010
Section 7 - Failure to prevent bribery
12
Small value payment to low level public official performing routine tasks to
Perform a task that is an ordinary, required element of his/her job
Perform that task more quickly than he/she intends to do
Provide a service that the FP payer is entitled to receive
UK government’s intended enforcement - mixed signals
Illegal, no distinction between amounts of bribes - same as previous UK law
”Prosecution will take place unless” public interest is against it
E.g. THREATS AGAINST PERSONS CAN JUSTIFY FP’s
SFO director recognizes FP’s will not stop ”overnight”
COMPANIES COMMITTED TO AND HAVING A PLAN FOR ELIMINATING FP’S SEEM TO BE SAFE
Companies using FP’s as standard business practices risk prosecution
Payment of FP’s can be added to violations involving bigger bribes – icing on the cake
UK individuals, companies at special risk – APMM recognizes this
UK BRIBERY ACT -2010
Facilitation payments
13
These are illegal bribes of FPO’s if they
Are intended to influence the FPO to provide a business-related advantage
AND there is reasonable connection between what’s given and obtaining the advantage
E.g. the more lavish the hospitality, the greater the likelihood of obtaining the advantage
UK government underscores that ordinary business practices are not illegal
Recognizes that entertainment helps promote business relations
Uses tickets to Wimbledon and Grand Prix as examples of appropriate entertainment
Even approves inviting a spouse!
But warns against lavish entertainment, e.g. 1 day of meetings, 1 week at St. Andrews
Key elements of appropriate hospitality, entertainment, gifts
Clear relation to business activities, including promotion
Intended for legitimate business purposes, e.g. promoting services, enhancing image
Not excessive
Hospitality, entertainments, gifts
UK BRIBERY ACT 2010
14
UK Bribery Act – bribes to anyone
Giving a bribe - UK citizens, residents, companies
Bribe giver wants the receiver to act improperly
And to obtain some business advantage from a public official
Failure to prevent bribery anywhere - companies doing business in the UK
Hoping to obtain some business advantage
US FCPA – bribes to foreign public officials
Bribe giver has corrupt intent and seeks some business advantage
US citizens, residents, companies
Any company engaged in certain US securities registration, e.g. stock exchange listing
Any corrupt act in the US, e.g.
US presence, calls/e-mails to the US, “knowing of” involvement of/participation with US parties
Both – receiver is expected to do something or fail to do something
UK BRIBERY ACT 2010
UK BA – US FCPA – key jurisdiction triggers
15
Policy, guidelines already prohibit bribery of any person
Applying to direct and indirect bribes, e.g. using intermediaries
Rules re hospitality, entertainment, gifts already comply
Business related, moderate value
Facilitation payments
Policy:refuse, pay only if genuinely unavoidable, record payments as FP’s, escalate
APMM is commited to and is developing a plan for eliminating FP’s
Vessel masters increasingly refusing with success, e.g.
No FP’s but business continues with slight or no delays or other obstacles
BU’s identifying areas where FP’s are major problems – then identify solutions
E.g. still threats of jail and other harassment, expensive delays (USD 250.000/day)
APMM working with e.g. UN Global Compact, trade groups to eliminate FP’s
Recognizing that elimination requires global coooperation between business and government
Handytankers partners following APMM policy
UK BRIBERY ACT 2010
Group Anti-corruption program – does it comply?
16
Adequate Procedures: “Six principles”
Six Principle
s
1. Risk Assessment
2. Top Level Commitment
3. Due Diligence
4. Clear Policies & Procedures
5. Effective Implementati-on
6.
Monitoring and Review
UK BRIBERY ACT 2010
17
1.Proportionate procedures
Already using practices used by other global companies
These adequately address risks under UK, US, other key legislation
2.Top level commitment
Executive Board approved policy
Increasing involvement by the Board of Directors
Clear support for anti-corruption program by top management
Group CFO supervises Group compliance generally
3.Risk assessment
Systematic approach
Undertaken based on markets, projects, countries, parties
Levels of due diligence, contract clauses are risked based
Identifying FP problem areas
UK BRIBERY ACT 2010
Adequate procedures
18
4. Due diligence
Systematic, comprehensive approach
Large suppliers, all JV’s, agents, government owned businesses are vetted
Questions sent, responses reviewed and verified – standard procedures
Using US-based TRACE organization to conduct due diligence
5. Communication
Policy, guidelines, Group compliance contract clauses, other materials cascaded globally
Training: in person for key staff, comprehensive e-learning underway
Whistle-blower system (since January 2011) supplements existing means of reporting
Anonymous or by name; 40 languages; phone or online; available globally
6. Monitoring, review
All BU’s have provided implementation status reports
Reported violations investigated under Group investigation guidelines
Benchmarking against best practices; updating information; knowledge sharing
UK BRIBERY ACT 2010
Adequate procedures
19
20
Penalties
(1)An individual guilty of an offence under section 1, 2 or 6 is liable—(a)on summary conviction, to imprisonment for a term not
exceeding 12 months, or to a fine not exceeding the statutory maximum, orto both,
(b)on conviction on indictment, to imprisonment for a term notexceeding 10 years, or to a fine, or to both.
(2)Any other person guilty of an offence under section 1, 2 or 6 is liable—(a)on summary conviction, to a fine not exceeding the statutory
maximum,(b)on conviction on indictment, to a fine.
(3)A person guilty of an offence under section 7 is liable on conviction onindictment to a fine.
(4)The reference in subsection (1)(a) to 12 months is to be read—(a)in its application to England and Wales in relation to an offence
committed before the commencement of section 154(1) of the CriminalJustice Act 2003, and
(b)in its application to Northern Ireland,as a reference to 6 months.
UK BRIBERY ACT 2010
DATA PROTECTION ACT 1998
Overview
Possible exposure to large amount of data processing from variedgeographical region having different data protection laws especially EuropeanUnion Data Protection Act.
EUDP - The right to privacy is a highly developed area of law in Europe. All themember states of the European Union (EU) are also signatories of theEuropean Convention on Human Rights (ECHR). Article 8 of the ECHR providesa right to respect for one's "private and family life, his home and hiscorrespondence,” subject to certain restrictions. The European Court of HumanRights has given this article a very broad interpretation in its jurisprudence.
21
Privacy Issues
Restrictions on transfer of personal data outside the EEA
To comply with European legislation, if a US company wishes to transferpersonal data to the US from Europe it may only do so:
If the data subjects have consented; or
If the company receiving the personal data is Safe Harbour Certified(approx 550 US companies are certified); or
If there is a contract in place that ensure that the company receivingthe personal data has adequate protection in place.
DATA PROTECTION ACT 1998
22
DATA PROTECTION ACT 1998
The Data Protection Act 1998 came into force in March 2001, replacing theData Protection Act 1984.
The EU Data Protection Directive (also known as Directive 95/46/EC) is adirective adopted by the European Union designed to protect the privacy andprotection of all personal data collected for or about citizens of the EU,especially as it relates to processing, using, or exchanging such data.
The Data Protection Act is how the UK implements the European Directive.
Legal framework
23
DATA PROTECTION ACT 1998
The aims of the Data Protection Act
• Anyone who processes personal information must comply with the eightprinciples
• It provides individuals with important rights, including the right to find outwhat personal information is held about them
24
DATA PROTECTION ACT 1998
The eight data protection principles
Information must be:
• Fairly and lawfully processed
• Processed for specified purposes
• Adequate, relevant and not excessive
• Accurate and up-to-date
• Not kept for longer than is necessary
• Processed in line with individuals’ rights
• Secure
• Not transferred outline the European Economic Area without adequate protection
25
DATA PROTECTION ACT 1998
Individual rights
• Right of access – individuals have a right to know what informationorganisations hold about them on a computer or in certain filing systems.Individuals can submit a Subject Access Request to see or have a copy ofthis information. This could include their medical record, files kept by publicbodies, or financial information held by credit reference agencies.
• Right to prevent direct marketing – individuals have the right to object totheir personal information being used to target them with unwantedmarketing.
26
DATA PROTECTION ACT 1998
The ICO and data protection
The Data Protection Act makes the Information Commissioner responsiblefor:
• promoting good practice in handling personal data, andgiving advice and guidance on data protection;
• keeping a register of organisations that are required to notifyhim about their information-processing activities; and
• helping to resolve disputes by deciding whether it is likely orunlikely that an organisation had complied with the Act whenprocessing personal data.
27
DATA PROTECTION ACT 1998
Enforcement
If an individual believes they have been the victim of a breach of the DataProtection Act they can complain to the ICO.
The ICO will make a judgement as to whether it is ‘likely’ or ‘unlikely’ thatthe Data Protection Act has been breached.
28
DATA PROTECTION ACT 1998
ICO’s data protection powers
• Conduct assessments to check organisations are complying with the Act.
• Serve information notices requiring organisations to provide the ICO with specified information within a certain time period.
• Serve enforcement notices and 'stop now' orders where there has been a breach of the Act, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law.
•Prosecute those who commit criminal offences under the Act.
•Conduct audits to assess whether organisations processing of personal data follows good practice.
•Report to Parliament on data protection issues of concern.
• Prosecute those who commit criminal offences under the Act.
•Conduct audits to assess whether organisations processing of personal data follows good practice.
•Report to Parliament on data protection issues of concern. 29
DATA PROTECTION ACT 1998
New power to issue monetary penalties
The ICO's new power to issue monetary penalties came into force on 6 April2010, allowing the ICO to serve notices requiring organisations to pay up to£500,000 for serious breaches of the Data Protection Act.
The ICO has produced statutory guidance about how it proposes to exercisethis new power, which has been approved by the Secretary of State forJustice.
30
European Directive passed in 2005 (in record time, following attacks in Madrid& London)
Done under 1st pillar (internal market) rather than 3rd pillar (police/judicial co-operation)
Wording of Directive makes little technical sense – and is therefore beingimplemented haphazardly and inconsistently.
UK transposed this in April 2009
only applies to you if Home Office sends you a notice
notices supposed to be sent to all (public) CSPs
Directive is currently being reviewed.
The data specified in the Schedule to these Regulations must beretained by the public communications provider for a period of 12months from the date of the communication in question.
The Data Retention (EC Directive) Regulations 2009
31
Regulation of Investigatory Powers Act 2000
RIP Act 2000 – Encryption
Basic requirement is to “put this material into an intelligible form”
can be applied to messages or to stored data
you can supply the key instead
if you claim to have lost or forgotten the key or password, prosecution must prove otherwise
Keys can be demanded
notice must be signed by Chief Constable
notice can only be served at top level of company
reasoning must be reported to commissioner
Specific “tipping off” provisions may apply ---- Cancellation of Authorisation
32
Under the UK’s Digital Economy Act 2010 there is to be “graduated response”to notification of file sharing infringements
it is envisaged that only a court will grant access to customer details (or ofcourse a police officer can serve RIP paperwork)
Penalties
(1)The Copyright, Designs and Patents Act 1988 is amended as follows.
(2)In section 107 (criminal liability for making or dealing with infringing articlesetc.) in subsections (4)(a) and (4A)(a) for “the statutory maximum” substitute “£50,000 ”.
(3)In section 198 (criminal liability for making, dealing with or using illicitrecordings) in subsections (5)(a) and (5A)(a) for “the statutory maximum”substitute “ £50,000 ”.
Digital Economy Act 2010
COPY RIGHT MATERIAL
33
Ignorance of the law excuses no man; not thatall men know the law; but because ‘tis anexcuse every man will plead, and no man cantell how to confute him.
John Selden (1584-1654)
So it is good to check the UK laws from thislinkhttp://www.legislation.gov.uk/
34