Increased global attention to anti-bribery compliance has resulted from two key factors: the enacted UK Bribery Act (2010) and aggressive enforcement of the US Foreign Corrupt Practices Act (FCPA) (1977). Corporations working in Ukraine might have missed another piece of anti-corruption legislation that applies to every business regardless of whether it is headquartered in Ukraine, the US, the UK or none of the above.

Last year, the Act of Ukraine On Principles of Prevention and Combating Corruption of 7 April 2011 (the “Anti-Corruption Act”) was passed and it came into legal effect simultaneously with the UK Bribery Act on 1 July 2011. Since then, anti- bribery compliance is no longer a discussion of a remote impact but a practical requirement for every company doing business in Ukraine.

Simultaneously with adoption of the Anti-Corruption Act, the Criminal Code of Ukraine (the “Criminal Code”) and Administrative Offences Code of Ukraine (the “Administrative Code”) were amended with revised articles that govern corruption related crimes and offences. This revised package of anti-corruption legislation implemented several important features and innovations that are discussed below.

Key Features of Anti-Corruption Statute

In line with the global trend, the Ukrainian anti-corruption statute now explicitly applies to corrupt practices that involve officials of international organizations, foreign governments, foreign courts, international arbitrations, judges and juries, and other officials that are involved in extra-judicial dispute resolution (“public officials”). The broad notion of public officials also includes auditors, notaries, experts and other individuals that professionally exercise certain public functions.

Additionally, private corruption became a specific criminal offence. Since 2011, any illegal benefit provided to a managerial level employee of another company can lead to a criminal prosecution with sanctions of fine up to UAH225,000 (US$28,125).

Similar to UK Bribery Act and FCPA, the Ukrainian Anti-Corruption Act also takes a broad approach in defining anything of value as a possible bribe regardless of its substance, form, or price. The Act specifically refers to “illegal benefits” as monies or other property, facilities, services, preferences or other intangible assets or benefits. Within this broad definition, it appears that unjustified business trips, lavish hospitality, job offers, and other kinds of appreciation promised or provided to a public official or private company officer in exchange for improper conduct may constitute a corrupt act. Moreover, the Anti-Corruption Act explicitly forbids state authorities from accepting any free goods, services or other benefits from business entities or private individuals.

Despite recent heated discussions in the Ukrainian parliament, the Criminal Code still does not provide for criminal liability of companies and thus, remains applicable only to individuals. However, one should be reminded that the corrupt practices are often collective acts where several company employees are aware of or explicitly approved illicit payments or transactions. Therefore, not only direct bribe-givers, but also senior company officials intentionally involved in corrupt practices that benefited themselves or the company may be criminally prosecuted in Ukraine.

Liability Burden Switch

One of the most interesting features of the Anti-Corruption Act that requires a separate overview is the change of burden of anti-corruption prevention and liability. Prior Ukrainian anti-corruption acts were historically focused on the prosecution of corrupt public officials only while the new Act suggests a fresh emphasis on the liability of bribe-givers and a separate offence for private corruption. Particularly, the Anti-Corruption Act requires that if a public official or a private company officer reveals or receives notice of a corruption offence, he or she must exercise available powers to terminate such corrupt practice. Moreover, the company official must immediately notify in writing Ukrainian anti-corruption enforcement authorities about the revealed fact of a corruption offence. Failure to do so may itself result in an administrative offence penalty of UAH2,125 (US$265) for the company officials.

In this regard, it seems reasonable to expect that in addition to anti-bribery investigations against public officials, the enforcement authorities would focus their attention on company officials engaged in corrupt practices or those who failed to comply with legal requirements of bribery prevention or notification of authorities. While such liability switch seems to have good motives, it may affect every company doing business in Ukraine or its officials negatively. Such mandatory reporting may cause full-scale prosecution of company employees by Ukrainian authorities and easily trigger investigations against the parent companies in other jurisdictions as required by relevant anti-bribery statutes. The law also appears to advocate that company officials enhance internal monitoring of employees and institute certain safeguards that prevent corrupt practices. Thus, even if the Ukrainian law does not explicitly require adoption of corporate policies or other processes aimed at corruption prevention, the companies would reasonably need to have such policies and procedures for self-protection.

Innovations of Anti-Corruption Act

The Anti-Corruption Act also provides new substantial rules that affect business processes or require revision of existing compliance policies. First, the Act explicitly states that the legal acts adopted or official decisions made as the result of the corrupt conduct may be on this basis cancelled by a competent authority or court. Additionally, contracts or other similar documents executed on the basis of corrupt action are deemed to be null and void. This means that business opportunities gained because of illicit arrangements would be automatically negated once the corruption offence is revealed. Moreover, the Act provides that incomes or other benefits resulting from corrupt practices or businesses should be confiscated by the state.

Second, companies may also need to review their hiring and employment policies. Under the Anti-Corruption Act, companies are restricted from hiring former government officials who prior to departure from government service liaised with such companies in their official capacity. This limitation is valid for one year after the government official’s employment termination date. Clearly, this means that companies have to ensure proper vetting of candidates regardless of whether they hire headcount employees or contractors under an independent services agreement. The law also provides that an individual formally accused of a criminal offence related to corruption must be suspended from his or her position until the case is resolved by a court which process may take years in practice. Moreover, if the person is convicted for a corruption crime or subjected to a penalty for a corruption offence, such person should be terminated from his or her position.

Third, the Anti-Corruption Act also clearly addresses the issue of which hospitality gifts may be given to public officials. The gifts are possible only if they are not associated with officials’ actions favorable to gift-givers and provided that the gift value does not exceed half of the minimal salary (since July 1, 2012 – UAH551 or US$69). This threshold does not apply to foreign public officials as their gifts shall be regulated by relevant foreign statutes.

Compliance Investigations and Data Protection

Recent global developments of anti-corruption statutes and practices require implementation of effective anti-bribery policies and procedures. Enactment of such policies and procedures triggered regular internal reviews and compliance investigations in Ukrainian companies. It is common practice that companies access various personal data of their employees in the course of internal investigations. In this regard, we note that accessing personal data of employees without due process may be considered a violation of their privacy, which violation would result in several negative consequences for the company, namely the impossibility to prove noncompliance or fraud, a penalty for violations of the data protection legislation, various claims from employees, etc.

The Act of Ukraine On Protection of Personal Data adopted on 1 June 2010 (the “Data Protection Act”) established specific requirements for treatment of individuals’ personal data. In particular, the Data Protection Act provides that an explicit consent of an individual (including, company employees) is required for (i)collection and processing of his/her personal information; (ii)granting access to or transferring of personal information of an individual to a third party, etc. Consequently, an individual may reasonably claim that his/her personal information (i)shall not be transferred to a third party; or (ii)shall be erased from a database, especially when there was no consent for collection or transfer of the personal data.

The Data Protection Act defines personal data as “any data (information) about an individual, by which the individual is identified or could be precisely identified”. Such a broad and rather vague definition allows considering any information related to the employment of an individual, e.g., salary, employment benefits, business trips schedule, etc. as the personal data of such individual. Moreover, one may also argue that information about the facts of employee’s meetings, phone calls, e-mails etc., shall be deemed the personal data about such individual and, thus, fall within the framework of the Data Protection Act. There is always a reasonable counter-argument that discussed information comprises terms of employment or results of employee’s performance. As such, the company is entitled to access and process any such personal information as a matter of operational necessity without any limitations. This notwithstanding, due to the sensitive character of personal information and broad definition set out in the Data Protection Act, the personal data of an employee needs to be treated with special care. Since the Ukrainian laws do not expressly regulate an employer’s accessing an employee’s personal data, including information stored on a corporate e-mail account or laptop or, business telephone records, such matters may be often regulated by applicable corporate policies or statutes.

2012 Action Plan for Every Company

As discussed above, the Ukrainian anti-corruption statute applies to every local company as well as local subsidiaries and representative offices of international holdings doing business in Ukraine. Even if the company already acts in compliance with UK Bribery Act and FCPA requirements, it should review its possible exposure in light of the implementation of the Anti-Corruption Act. Therefore, every company needs to review its in-house rules and to adopt new or revise existing policies to be compliant with the requirements and peculiarities of the Anti-Corruption Act as well as the Data Protection Act.

For this reason, we recommend that companies implement the following action plan:

Step1: Assess Risks. Undertake a careful examination of a company’s specific industry, business practices and market environment which would permit identifying areas of highest corruption risk. As the matter of practice the risk often exists in joint ventures, recently acquired companies, public procurement and tenders, intermediary agents that help with business opportunities or regulatory approvals, etc. Depending on the identified risks, each company needs to elaborate meaningful procedures that would eliminate or mitigate the risk of corrupt practices or violation of anti-corruption statute requirements.

Step2: Implement Procedures. Draft or review anti-corruption procedures which should be clear, effective and workable, and their enforcement must be unflinching. None is perhaps more important than a due diligence policy that enables a thorough review of partners and agents hired to assist with various business activities. The clear guidance on business hospitality, corporate gifts, contracts review and approval process is also essential. Never forget that such procedures need to consider both company-wide anti-bribery standards and requirements of local anti-corruption statutes.

In light of the Data Protection Act requirements and in order to assure a smooth internal investigation process, each company should also review its policies on collection and use of employees’ personal data, which should include: (i)explicit employee’s consent for collection and processing (including transfer to third parties, when needed) of his/her personal data provided to the company at all times; (ii)clear regulation that all information created, accessed or transferred through corporate technical devices shall be used for business purposes only, and not for private communication; (iii)employee’s understanding and consent that all information maintained via corporate technical devices can be monitored by the employer, and that an employee shall not expect such information to be treated as private; and (iv)employer’s rights to check, collect and process all data (including personal employee’s data) located in corporate technical devices at any time, for any reason, and without any additional consent. Such policy would also mitigate potential risks related to the legal standing of evidence collected in the course of internal reviews and investigations and prevent potential claims from employees.

Step3: Train Employees. Institute strong and effective training of its employees on company’s values, policies and procedures. This frequently includes live and online training sessions, periodic presentations delivered by outside consultants and, regular verification of employees’ knowledge of anti-corruption requirements.

And finally, do not bribe. The benefits gained by any illegal arrangement could easily be lost because of the Anti-Corruption Act provisions. Moreover, corruption conduct could result in criminal prosecution or significant penalties imposed by Ukrainian, UK or USA enforcement authorities.