Business corporations have been criminally liable in the Czech Republic since January 2012. A December 2016 amendment has introduced the possibility to exculpate oneself from criminal liability if the company "has applied all efforts that could be reasonably expected from it" to avert an offence. Nowadays, in practice this means setting up a suitable compliance management system ("CMS"). But what should a CMS look like to effectively exculpate a company? To answer this question, the new, second methodology devoted to this topic of the Czech General Prosecutor's Office of August 2018 should be of assistance (the "Methodology").
According to the Methodology, a properly set up CMS means that it is proportionate to the size of the company, to the regulatory requirements, to the internationality and to the line of business, as well as to the company's risk profile or market environment. The CMS must secure against all risks to which a company might be exposed. Of course, this means not only having CMS "on paper". It will always be important that these measures have been set so as to actually avert an offence.
The Methodology identifies the three fundamental elements of each CMS, which are: (i) prevention, (ii) detection, and (iii) response.
1. Prevention
As the most typical precautionary measure, the Methodology states a code of ethics or behavioural rules, while pointing out that it will not be sufficient to simply publish these measures on a website or attach them to an employment contract. Instead, awareness about these measures must be raised repeatedly among the employees themselves. As part of prevention, the Methodology also clarifies the due diligence of business partners (i.e. know-your-third-party / customer processes) as well as screening of employees to reduce the risk of conflicts of interest (i.e. know your employee). Regular induction and refresher trainings are also important, either online or even in person, depending on the size of the company, the risk profile and the sophistication of the participants.
2. Detection
The Methodology further emphasises the need for detection, i.e. determining whether someone violates the compliance measures. This can be done through internal controls and audits or external audits, as appropriate. In order to detect unlawful conduct by the company in time, appropriate communication channels must be set up for anonymous notifications of individual suspicions. Internal or external ethics hotlines or an ombudsman can serve these purposes, but it will always depend on the specific circumstances. At the same time, it is appropriate for each company to have an internal review process in its internal principles. Thus, the company should not only passively wait for the law enforcement authorities, but should investigate the infringement itself, identify the appropriate consequences and correct system errors. In addition, it is important to monitor and review CMS, especially as to whether it is implemented across the entire organisation and all business units, and whether weaknesses are identified, and if possible, options for improvement.
3. Response
The final element of CMS is the response, i.e. the company's ability to respond to CMS violations. This means that companies should clearly identify the consequences of CMS violations and enforce them. As the most typical response measure, the Methodology sets out the determination of the labour law consequences (e.g. a complaint, dismissal, transfer or termination) and remuneration for voluntary notification of CMS violations. In addition, this might include the recovery of damages and reporting to law enforcement authorities.
What about in practice?
Although in practice there are not many cases where the courts have dealt with CMS issues and issues of exemption, the Methodology mentions several criminal decisions that illustrate how the courts are currently dealing with this issue.
In the first case, the High Court in Prague annulled the decision of the Municipal Court in Prague, which decided to exempt a company from a criminal offence only because the company had the obligation to comply with the compliance programme and the code of ethics stated in the agreement to perform work. According to the High Court, the Municipal Court proceeded superficially in its assessment of the exemption of criminal liability, and the existence of the code is only the first necessary step that the company must take, while the second step is to ensure that the code is followed.
In the second case, the High Court in Prague also annulled the decision of the Municipal Court in Prague, which decided to exempt a company only because it had a system for training employees and an ethics code. However, this was not sufficient for the High Court, which stated that "not only formal preventive measures such as internal documents adopted by the company (organisational rules, codes of ethics, etc.), or documented trainings of executives on the content of these documents, but also the fulfilment of such theoretical measures in the real life of the company, i.e. efforts to prevent unlawful conduct, should also be reflected in the control area (detection of infringements) and in the repressive area in the event of an infringement."
The last case which the Methodology elaborates on involved the violent crime of extortion. Here, the High Court in Prague concluded that "if an employee behaves within the scope of his performance as an employee in a strictly criminal manner and commits an act of a violent nature [...], it is clear that he has already breached the most basic rules within the limits of the law, it is hardly required that employees should be explicitly forbidden by internal measure, for example, to rob, steal or rape – but if such acts do occur, consideration should be given to how control mechanisms have been set up in the company (not only by paper internal measures, but also by the actual exercise of control over employee performance) so that senior officials can identify and prevent such acts, or eliminate or reduce the criminal liability of a legal entity […] If the court of first instance points to the smaller size of the legal entity […] and lesser control of employee activity in this way, it must be stated that […] the direct and strictly required liability for the conduct of employees is transferred directly to the statutory body of the legal entity."
Conclusion
It is not easy to exempt a legal entity from criminal liability. Nor is it sufficient to have these measures implemented only formally "on paper", but it is also necessary to actively promote them and check compliance. That is why we recommend seeking your lawyer's advice about a compliance programme. He will not only help you create a tailor-made programme, but will also advise you on further trainings for employees and management, testing compliance with established measures, and responding to violations in case of infringement.
By Rudolf Bicek, Attorney at Law Schoenherr
