Liability

Liability of undertakings

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

Article 716a CO lists the non-transferable and inalienable duties of the members of the board of directors, highlighting their responsibility for the overall management, organisation and (global) compliance of the company. On this statutory basis, the external auditors must provide the board of directors with a comprehensive report on the financial statements and the internal control system of the company (article 728b CO).

Under articles 717 and 754 CO, the members of the board of directors and also the members of the executive board are required to manage the company with an increased degree of diligence (members of the board of directors) or with diligence. This standard requires the members of the board of directors or of the executive board to implement effective risk and compliance management systems.

Do undertakings face civil liability for risk and compliance management deficiencies?

Yes. On an extracontractual basis, third parties are entitled to claim civil damages from companies if the damage has been caused by employees or other auxiliaries who were not diligently selected, instructed and supervised or if the company does not prove that the employer took all necessary precautions to prevent the harmful conduct (article 55 CO). A similar provision exists regarding causal contractual liability (article 101 CO).

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

One example of administrative consequences for risk and compliance management deficiencies is the sanctions set out in article 49a of the CartA. In case of infringements against the CartA, companies can raise the compliance defence, in other words they can produce evidence that the infringement occurred despite the company’s best practice risk and compliance management. COMCO refers to a number of international standards and best practice guidelines as a benchmark for state-of-the-art compliance management (eg, ISO 19600 and Organisation for Economic Cooperation and Development and International Chamber of Commerce guidelines). If a company successfully raises the compliance defence, it will not suffer sanctions.

Institutions that are subject to FINMA’s regulatory financial market supervision may face specific regulatory consequences in case of risk and compliance management deficiencies. FINMA has a broad range of tools to enforce its regulations:

  • precautionary measures;
  • orders to restore compliance with the law;
  • declaratory rulings;
  • directors’ disqualification;
  • cease-and-desist orders and bans on trading;
  • publication of decisions;
  • confiscation of profits; and
  • revoking of licences and compulsory liquidation.

In the application of these regulatory enforcement measures, FINMA is guided by the aims of Swiss financial market laws, namely the purposes of protecting creditors and investors, ensuring fair market conduct, and maintaining the good standing and stability of the (Swiss) financial system.

Do undertakings face criminal liability for risk and compliance management deficiencies?

Pursuant to article 102 SCC, businesses face corporate criminal liability for organisational weaknesses (the failure to prevent criminal conduct by employees). Under paragraph 1, if a felony or a misdemeanour is committed by employees in the exercise of the company’s business in accordance with its purpose, the felony or misdemeanour is attributed to the company if it is not possible to attribute the offence to a specific employee as a result of inadequate organisation by the company. In the case of paragraph 1, the business is liable to a fine not exceeding 5 million Swiss francs (see question 4).

In addition, the company can be convicted under paragraph 2 if the offence committed falls under a list of serious criminal offences, such as bribery and money laundering. If a predicate offence is established and if the company failed to employ all necessary and adequate measures to prevent it, it is criminally liable for its organisational failure. Fines can amount to a maximum of 5 million Swiss francs and the company is obliged to disgorge illicit profits.

Liability of governing bodies and senior management

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

Under article 754 CO, the members of the board of directors, senior management and all persons engaged in the liquidation of a limited company face civil liability towards the company, the shareholders and creditors for any loss or damage arising from any intentional or negligent breach of their duties of diligence. One of their key statutory responsibilities is to ensure compliance with the law by all employees. It is important to note that it is not only the members of the company’s formal governing bodies (ie, the members of the board of directors and the members of the executive board) that can be held liable, but also factual members of governing bodies who have not been formally appointed, yet exercise significant influence over the company’s management.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

Senior members of management only face administrative or regulatory consequences for such breaches in regulated industries, such as the financial industry. Senior members of management at financial institutions regulated by FINMA can face administrative and regulatory consequences should they fail in their duty of diligence. FINMA can take administrative or regulatory measures against managers, such as disqualifying a director, adding a manager to a watchlist and issuing a business conduct letter. FINMA can enter an individual’s information in a database known as the watchlist if the individual’s business conduct is questionable or does not meet the legal requirements. The watchlist is used for assessing relevant information for compliance prerequisites, namely personal details; excerpts from commercial, debt enforcement and bankruptcy registers; criminal, civil and administrative court decisions; and reports by auditors and third-parties appointed by FINMA. Furthermore, under specific circumstances, FINMA can send a business conduct letter to those registered in the watchlist. A business conduct letter does not qualify as a decision; it merely states that FINMA reserves the right to review compliance with the diligence requirements should the manager change position. In the event of a disqualification, FINMA may ban individual directors responsible for serious violations of supervisory law from acting in a senior function at a supervised institution for up to five years.

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

Individuals are criminally liable if they fail to implement effective risk and compliance management and turn a blind eye to mismanagement (article 158 SCC), embezzlement (article 138 SCC), money laundering (article 305-bis SCC) or bribery (article 322-ter et seq SCC), and so on. Failure to prevent serious criminal offences, such as bribery, is a corporate crime (see questions 9 and 13).