Demand has increased for crime prevention programmes to help companies estab-lish proper control mechanisms. Incentives to commit fraud or act unethically re-main high, and the risk of non-compliance with legislation has never been higher. The development and implementation of an international compliance programme must be the initial step to avoid liabilities. Understandably, multinational compa-nies are becoming more and more concerned about compliance because of the in-creasingly stringent legal requirements and rising efforts to indict individuals and companies.

How to design a compliance programme

In designing a compliance programme, one should consider the worst-case scenario and how the compliance strategy will be evaluated by the authorities. A US Department of Justice memorandum to US States Attorneys of 28 August 2008 states:

The critical factors in evaluating any compliance program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program encouraging or pressuring employees to engage in misconduct to achieve business objectives.

The core questions prosecutors ask are:

  • Is the company's compliance programme well designed?
  • Is the programme being applied earnestly and in good faith?
  • Does the compliance programme work? Have any remedial actions been uncovered by the programme? Have there been revisions to the programme in light of lessons learned?

Prosecutors try to determine whether a compliance programme is merely a "paper programme" or whether it was designed, implemented, reviewed and revised effectively. In addition, prosecutors determine whether the company has provided staff with enough resources to audit, document, analyse, and use the results of the company’s compliance efforts.

Prosecutors also determine whether the company's employees are adequately informed about the compliance programme and are convinced of the company's commitment to it. This allows the prosecutor to decide whether the company has implemented a truly effective compliance programme and thus charge only the company's employees and/or agents, or to mitigate charges and sanctions against the company.

Anti-Corruption law in CEE

Regional law firms like Schoenherr must also consider those CEE countries not bound by EU law. In many of these jurisdictions, compliance and anti-corruption advice are just words at this stage. For instance, some non-EU countries have refused to ratify the OECD Convention to combat bribery, including: Albania, Bosnia & Herzegovina, Croatia, Macedonia, Moldova, Montenegro, Serbia, and Ukraine. Turkey, on the other hand, ratified the Convention in 2000 and amended its legislation accordingly in 2003.

A number of countries have adopted tough anti-bribery legislation. The UK Bribery Act 2010, entered into force on 1 July 2011, increased demands on companies to re-evaluate ethical guidelines and understand the risk of bribery in all facets of business. This set the standard for anti-bribery in CEE. Schoenherr has recently produced a primer that gives an overview of the anti-bribery legislation in: Austria, Albania, Bosnia & Herzegovina, Bulgaria, Croatia, Czech Republic, Hungary, Kosovo, Macedonia, Moldova, Montenegro, Poland, Romania, Serbia, Slovakia, Slovenia, Ukraine, and Turkey.

The legal framework for the criminalisation of bribery has been significantly amended on several occasions to align national legislation with the standards of the Criminal law Convention on Corruption and its Additional Protocol. It is surprising how strict the anti-bribery laws are.

Yet, despite these commendable efforts, several deficiencies remain.

Bribery of public officials

Both passive and active bribery of public officials are prohibited, even if the public official acts in accordance with his duties. So bribing a public official awarding a procurement contract to a company is illegal even if the official did not violate his duties. The only exception is Austria, where the Criminal Code requires that the acceptance of the bribe also violates the official public service code. Further, the corruption of members of parliament and their employees is not punishable in Austria.

Who is a public official?

It is often hard to assess when a company is considered state owned or performs public functions; there is little case law on corruption offences. For example, in Austria, only employees of companies that are controlled by the European Court of Auditors or comparable national or international institutions, and that provide services predominantly to each countries legislative or judicial administration, are considered public companies.

Many CEE countries use a stricter approach and terminology: "companies where the state has a decisive influence" (Czech Republic); "enterprises entrusted with public functions" (Poland); "public authority" (Serbia, Montenegro). These standards leave plenty of room for interpretation. In Turkey, employees of state owned companies are not considered public officials.

Monetary limits vary

The question how much a company or its agent can offer a public official is also answered differently. Monetary limits exist only in Albania (EUR 70), Bosnia & Herzegovina (EUR 100-150), Croatia (EUR 68), Moldova (EUR 66), Montenegro (EUR 50), Serbia (EUR 15; based on 5% of the average monthly net salary), Slovenia (EUR 75 or EUR 150 per year).

No monetary limits exist in Austria, Bosnia & Herzegovina, Bulgaria, Czech Republic, Hungary, Moldova, Montenegro, Poland, Romania, Serbia, Slovenia, Slovakia, Ukraine and Turkey.

Commercial bribery

All CEE countries (except Turkey) prohibit active and passive bribery in the private sector, but leniency varies greatly. Only Albania, Bosnia & Herzegovina, Croatia, Czech Republic, Kosovo, Macedonia, Moldova, Montenegro, Romania, Serbia, Slovenia, and Ukraine prohibit active bribery if a business partner is acting in accordance with his duties. It is allowed in Austria, Bulgaria, Hungary, Poland, Slovakia and Turkey.

Passive private commercial bribery hurts the company most, since it enhances the risk that an employee will act for his personal benefit and not for the benefit of the company.

No country provides for specific monetary limits, except Austria, where offering gifts in exchange for an act in violation of somebody’s duties is punishable only when the benefit exceeds EUR 100.

Criminal liabilities of legal entities

Management must consider if the company itself can be criminally liable for offences committed by its employees. In Albania, Austria, Bosnia & Herzegovina, Croatia, Hungary, Macedonia, Montenegro, Poland, Romania, Serbia, and Slovenia, companies may face monetary fines for bribery of up to EUR 5 million.

Reporting obligation

In the following countries, management must be informed that it may be criminally liable if it fails to report offences committed within the company to the authorities: Croatia, Czech Republic, Kosovo, Romania, Slovakia, and Turkey. If management fail to report to the authorities, it is subject to penalty or imprisonment.

Attention must be paid to phrases like "customary", which must be viewed in proportion to local salaries. For example, a small gift in Austria might be a big one somewhere else.

Our recommendations for your compliance programme

To design a one-size-fits-all compliance programme, one must draft regulations that may be much stricter than those in local criminal codes. This may cause some surprise and must be explained as essentially a zero tolerance policy.

Step one

In our experience, the most likely cases for criminal investigations are those that:

  • involve public officials
  • have a strict connection to the US (FCPA risks) or the UK (Bribery Act)
  • involve high ranking public officials

Identify if the company is regularly dealing with public officials. If yes, inform employees who specifically is to be considered a public official. If not, identify classic public officials (politician, state officials, judges, prosecutors, state-owned companies) and instruct employees to consult the compliance officer in case of doubt.

Step two


  • rules on bribery of public officials
  • general rules on gifts (no gifts to public officials)
  • exceptions only upon obtaining special permission from the compliance officer or legal counsel
  • a general rule regarding invitations (only business related; dinner customary and appropriate)

Step three


rules on active bribery of business partners rules on gifts and invitations (strictly business related; not more than EUR 50-100)  

Step four

Create a rule on passive bribery of business partners. Policies will vary depending on the client, but might include a duty to turn over anything that is of more than marginal value (eg chocolates, calendars and flowers) and donate them to a preferred charity.

Step five

Conduct on-site trainings in the local language with local lawyers who can best deal with the questions of local employees.

Step six

Evaluate your business partner in terms of ethical standards, involvement of criminal conduct (if any) or engagement with public authorities or politically exposed persons.

Is the investment worth it?

The consequences of corruption go far beyond the individual case. For a state to function properly, its citizens must have reason to be confident in its integrity. An efficient economy requires fair competition. But corruption undermines confidence in the state and makes a farce of fair competition. There will always be people who will flout the rules of the game. That is why the fight against corruption requires stamina and on-going vigilance, and alertness to new threats to integrity and good governance.

Some things will go wrong. That is inevitable. But a proper compliance programme can prevent a company's liability when things go wrong.