In the first six months of 2014, Russia has moved ahead on a number of initiatives said to target bolstering the country’s national security in the financial and data privacy areas.  In the shadow of increased tension between Russia and the West, legislative proposals aimed at “domesticating” funds earned in Russia or by Russian nationals, as well as personal information about Russian nationals,  have passed various legislative hurdles and appear to be on their way to enactment. This article provides a brief summary of those initiatives, focusing in particular on their potential impact on anti-corruption compliance efforts of companies and business units operating in Russia.

  1. De-Offshorization Initiatives

For reasons often related to tax optimization, the use of offshore structures by Russian nationals and companies have long been an ever-present, and lawful, feature of the Russian business landscape. Notwithstanding the lawfulness of using offshore companies, the offshoring of Russian business unsurprisingly has been subject to much criticism in the Russian national media and among top Russian officials and has been viewed as reducing the country’s tax base and undermining Russia’s security and its legal regime.1

The call for de-offshorization initiatives gained strength starting in 2011, when Vladimir Putin, Russia’s Prime Minister at the time, announced that offshorization deprives the Russian government of the right to manage the national economy  and constitutes a serious threat to national security.2    In December 2012, in his annual address to the Federal Assembly, President Putin emphasized the need for a comprehensive set of measures designed to reverse the offshoring of the Russian economy and instructed the government to enact corresponding laws and regulations.3 He reiterated that view in his 2013 address, and a series of steps aimed at returning to Russia what are seen as Russian businesses was included in the list of 2013 Policy Priorities of the Russian Government.4

This spring, the first significant legislative proposals aimed at limiting offshorization were introduced, including amendments to Russian tax law, proposed on March 18, 2014 by the Ministry of Finance, and the National De-Offshorization Plan, adopted in April 2014.  In general terms, these de-offshorization proposals aim to remove tax advantages associated with the use of offshore companies and to provide incentives for Russian beneficiaries of offshore structures to abandon them and “repatriate” funds to Russia.5

The tax legislation revisions are currently under consideration by the relevant Russian government bodies6  and may be amended before they come to the floor of the Russian Parliament this summer.  The legislation is expected to take effect, in one form or another, on January  1, 2015.  The draft legislation has been the subject of much debate and criticism in the Russian business community, which has already resulted in softening of some of its requirements, such as introducing a 3-5 years’ transition period, during which some of the legislation’s provisions would not apply.7

Further, earlier this month, President Putin proposed legislation that would prohibit government officials involved in decisions relating to Russia’s sovereignty and national security from opening or holding bank accounts in foreign banks.8 The proposal builds on a 2013 law that enacted the same prohibition, but applied it to only the most senior government officials, such as heads of ministries and federal agencies. Although the list of officials subject to the new legislation has not yet been published, it is likely to be much broader.  The proposed legislation also requires high-level government officials to disclose transactions the aggregate amount of which exceeds the official’s income over the past three years, and also applies that requirement to spouses and children of such officials.

Although the results of Russia’s de- offshorization efforts remain to be seen, if successful they could have substantial impact on Russia’s anti-corruption efforts.  First, offshore structures located in jurisdictions with strong confidentiality protections and weak anti-money laundering and related legislation are widely perceived as serving as safe havens for illegally obtained profits, including proceeds from corrupt transactions.9    If offshorization is indeed curtailed – rather than just driven into ever more complicated ownership structures – it could help reduce corruption or at least make it more difficult for government officials to conceal funds.

Second, and most importantly for companies operating in Russia that seek to abide by Russian and non- Russian anti-corruption laws alike, successful de-offshorization could lead to greater transparency of their Russian business partners, including sales agents, consultants, and other intermediaries.  One of the de-offshorization plan’s initiatives is to create a register of beneficial owners of all companies operating in Russia, which is intended to allow government authorities and others to obtain reliable information about the ownership of companies.  If successful, that would help remedy one of the recurring problems of conducting due diligence on Russian companies, namely the lack of transparency of ownership that can stop a due diligence effort in its tracks.

  1. “Domestication” of Data

As it seeks to counteract the offshorization of funds, Russia has also introduced a set of what could be even more controversial initiatives, aimed at counteracting the “offshorization” of data and information.  That effort has been advocated by the Russian government as a means to safeguard personal information of Russian nationals and protect Russian national security, but has been criticized by commentators as an attempt to restrict freedom of speech and impose government control on the Internet.

In the latest development on this  issue – and the one that may well have a serious impact on non-Russian companies operating in Russia – on July 4, 2014, the Russian Parliament adopted an amendment to the Federal Law No. 152-FZ on Personal Data, which was approved by the Council of Federation on July 9, 2014.10   If signed by President Putin, the amendment will become effective on September 1, 2016. With certain limited exceptions, the law requires all “personal data operators” to maintain identifying information about their Russian users on servers located in Russia.11

Public discussion of the law and arguments for it have focused on information stored at social networking sites, electronic mail services, airline booking websites, and similar Internet portals that handle personal information of millions of users.12   The amendment as drafted, however, may have a much broader impact and affect every company in Russia that stores information about its Russian clients or employees, including emails of its employees, on servers that may be located or transferred abroad.  For example, a U.S. company operating in Russia that operates a centralized email system located outside of Russia – or that backs up servers located in Russia on foreign servers – can be viewed as within the scope of the legislation and may run afoul of it.

This may present challenges for companies subject to government investigations or inquiries outside of Russia, which may be required to produce to foreign regulators various documents, including emails, of Russian employees. In addition to the already difficult task of complying with the pre-amendment provisions of the existing Law on Personal Data, such companies may need to make sure that the various steps in the data collection and review process take place using or on Russian servers, even when consents of personal data subjects for such collection and review have been obtained.

Further, the sponsors of the legislation have stated that it is aimed at providing an opportunity for Russian nationals to request that their personal data be deleted from search websites and similar services, on the heels of the European Court of Justice’s “right to be forgotten” decision.  It is not clear whether Russian nationals could take that rationale a step further and request, for example, deletion of their personal data from work emails located on employers’ servers, after employment terminates.  If so, that would create a further hurdle for the companies operating in Russia that are subject to foreign regulator inquiries, or even to routine corporate disclosure or similar obligations outside of Russia.

De-offshorization and data domestication can be seen as two sides of the same policy coin, aimed at strengthening Russian security and control over its money and data, but the two initiatives may operate at cross-purposes when it comes to efforts by companies operating in Russia to conduct external due diligence or internal investigations.  While de-offshorization, if successful, may result  in greater transparency of Russian business, data domestication and attendant limitations on companies’ ability to handle data of their employees and third parties may further complicate their anti-corruption compliance efforts in Russia and abroad.