Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Whistleblowing and self-reporting

Whistleblowing

Are whistleblowers protected in your jurisdiction?

At present, Russian law contains only one specific provision on the protection of whistleblowers. Article 9(4) of the Anti-corruption Law states that civil servants or state officials who report on corruption violations will enjoy state protection. This protection is afforded in accordance with the general Russian legal provisions granting protection to participants in criminal cases (in particular, the Criminal Procedure Code, Federal Law 119-FZ on State Protection of Victims, Witnesses and Other Participants in Criminal Proceedings (August 20 2004) and Federal Law 46-FZ on State Protection of Judges, Public Officials of Law Enforcement and Controlling Bodies of (April 20 1995)).

However, on December 13 2017, the State Duma adopted in its first reading amendments to the Anti-corruption Law which introduced measures aimed at the protection of any individuals who report on corruption offences to their employer's representative, the prosecutor's office or the police.

Self-reporting

Is it common for leniency to be shown to organisations that self-report and/or cooperate with authorities? If so, what process must be followed?

Self-reporting

Under Article 4.2(3) of the Administrative Offences Code, the voluntary disclosure of an offence to the competent law enforcement authority qualifies as an extenuating circumstance. This means that the amount of the fine imposed on an organisation for violation of Article 19.28 of the Administrative Offences Code (unlawful remuneration on behalf of a legal entity) will be reduced. However, the court has sole discretion as to the scope of reduction of the fine.

According to Articles 204 (bribery in a commercial organisation), 204.1 (mediation in bribery in a commercial organisation), 291 (bribe taking by a civil servant) or 291.1 (mediation in bribery of a civil servant) of the Criminal Code, the bribe giver is released from criminal liability if he or she:

  • actively enabled the discovery or investigation of the crime;
  • was subject to blackmailing by the bribe taker; or
  • following commission of the crime, voluntarily informed the competent law enforcement authority of the bribe taking.

Following the adoption of the proposed legislative changes according to which criminal liability is extended to legal entities, organisations that self-report may also benefit from these leniency provisions.

Cross-border reporting The reporting to non-Russian law enforcement authorities regularly requires the transfer of protected data from Russia to foreign jurisdictions. The collection and cross-border transfer of such data is subject to extensive Russian regulation.

In particular, emails, WhatsApp messages, SMS and other correspondence by Russian employees are protected by the ‘privacy of communication’ principle. Unless the Russian company adopted internal rules on the use of office communication means for business purposes only, the collection and transfer of such data requires prior written consent by the relevant employees.

The transfer of personal data of Russian employees also requires the relevant employee's written consent to the transfer (which may, by way of precaution, also be reflected in the employment agreement). In case of a cross-border transfer, such a transfer must be specifically allowed by the consent. Since the employee's consent can be difficult to obtain in practice, the relevant data may have to be depersonalised before the transfer. Further, a data transfer agreement must be signed between the employing Russian company and the foreign recipient. In addition, due to Russian data localisation requirements, the primary database for personal data transferred abroad must be set up in Russia and, before the transfer of any new data, be updated accordingly.

On the other hand, Russian law has no general attorney-client privilege. A concept similar to this privilege exists only as ‘advocate secrecy’ in relationships between clients and advocates (ie, lawyers who passed a bar exam to represent clients in criminal and certain civil law court proceedings). Therefore, the protection of the attorney-client privilege does not usually restrict the (cross-border) transfer of data.

Click here to view the full article.