The European Public Prosecutor’s Office (EPPO) is an independent body of the European Union (EU) tasked with investigating criminal cases infringing the financial interests of the EU. The EPPO was formally established in 2017 and started operations in 2021. The first and current head of the European Chief Prosecutor is Laura Codruta Kovesi, former Chief Prosecutor of the National Anticorruption Directorate (Directia Nationala Anticoruptie; DNA), the Romanian agency tasked with investigating corruption cases.
Romania has witnessed an increase in the number of cases of fraud involving EU public funds, with approximately 260 ongoing cases involving almost EUR 2 billion. The gist of these investigations concerns fraudulent public procurement operations, followed by VAT and non-VAT fraud, and corruption (including that of public officials). Spread throughout various sectors, the majority of cases concern fraud of EU public funds intended for regional and urban development programs, agricultural and rural development funds, employment, social cohesion and inclusivity funds, and other categories. As of March 2024, 29 individuals from Romania have been charged by the EPPO, seven of which have so far been convicted.
It is expected that this wave of investigations will only increase in the context of the elections in Romania. Such investigations can be launched by both the EPPO and DNA, and, depending on the context and scale, they might significantly affect private companies too. For example, there have been several investigations in Romania in the public procurement sector where large multinationals delivered goods and services to the Romanian government. The DNA claimed that the tender process had been rigged through various methods, such as restricting the characteristics of the products and services so much that the tender process favored only one competitor. The DNA can investigate the public officials involved in a tender process, but it could also claim that the offeror was also involved in the fraudulent scheme. In either case, damages will still be suffered by the private party, at least reputational damages for having its name mentioned in a corruption investigation.
Protection Against Cyber Fraud Should Be a Top Priority for Companies
Another topic that is and seems to remain current is related to cases of cyber fraud. An increase in cyber fraud cases brings again to the forefront the need for companies to invest in protective measures against this type of cyber risk. Cyber fraud can take various forms, but most often involves impersonating decision-makers in a company with the goal of obtaining sensitive information or executing fraudulent transactions.
While cyber risks are an important consideration globally, only 27% of companies from Central and Eastern Europe (CEE), including Romania, consider them a priority. Taking into account the high costs involved with a cyber fraud event, companies would benefit from implementing preventive and protective measures in advance. Once cyber fraud is committed in an EU member state, the money can theoretically be seized at the national level by the respective member state’s anti-money laundering agency. However, not all payments are flagged as suspicious within this system and may therefore pass unchecked, in which case the recovery of the sums lost must then be made through a judicial order. In Romania at least, this is a complex process that can take a long time for a final decision. Companies must create a system of prevention and protection against cyber risks, which should, at minimum, include the following elements: (a) reporting of the incident; (b) gathering and storage of evidence; (c) isolation of the incident; (d) recovery following the incident; (e) gathering of feedback following the incident for the strengthening of the preventive and protection measures already in place.
By Liviu Togan, Partner, Dentons
This article was originally published in Issue 11.5 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.
