LiabilityLiability of undertakings
What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?
A member of the entity’s management shall ensure that the company fully complies with its public law obligations. Therefore, for instance, if the entity breaches its legal obligations due to its CEO’s bad faith or unreasonable actions or omissions that resulted in company losses, such losses may be recovered from the CEO. The company will be restricted from indemnifying the CEO for his or her actions or omissions that result from the company’s breach of its public law obligations.
Do undertakings face civil liability for risk and compliance management deficiencies?
Entities or individuals may, in general, be held liable for the violation of civil law obligations that consist of compliance requirements arising out of the contracts or existing under law.
Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?
The administrative liability of legal entities for corruption offences has been introduced to the Code of Administrative Offences by Federal Law No. 280-FZ of 25 December 2008 in view of ratification of the United Nations Convention against corruption (UNCAC) of 31 October 2003, the Criminal Law Convention on corruption (Strasbourg, 27 January 1999) and the adoption of the Federal Law On Counteracting Corruption.
Article 19.28 of the Code of Administrative Offences provides for the liability for illegal transfer, proposal or promise of property valuables to a domestic official or an authorised representative of a commercial or any other entity, as well as to an official of a public international organisation on behalf or in the interests of a legal entity, and unlawful rendering thereto of monetised services. The article provides for two qualifying elements: large-scale and extra-large-scale with regard to committed actions (equivalent to illegal gratification in the amount of 1 million roubles and 20 million roubles respectively). In 2016, article 2.6 of the Code of Administrative Offences was added with a new part, determining that a foreign legal entity that committed, outside the Russian Federation, an administrative offence provided for by article 19.28 of the Code of Administrative Offences, which was aimed against the interests of the Russian Federation, is subject to administrative liability on a common basis. The limitation period for liability for the offence provided by article 19.28 of the Code of Administrative Offences is equal to one of the maximum periods established by the Code of Administrative Offences - six years after the committed offence.
Currently, the minimal amounts of liability (1 million roubles, 20 million roubles and 100 million roubles) are provided for transfer, proposal or promise of illegal gratification on behalf or in the interests of a legal entity. Furthermore, article 19.28 provides for obligatory confiscation of money, securities, other property or cost of monetised services and other property rights constituting the subject of gratification.
Application of article 19.28 of the Code of Administrative Offences interprets an offence committed in the interest of a legal entity as an action by result of which a legal entity attains any business goals; satisfies its current or potential needs; achieves any benefits or advantages; or relief (mitigation) of liability or obligations. A Russian law enforcer therefore has a wide range of instruments for demonstrating the involvement of a legal entity in corruption offence.
Despite the fact that voluntary actions undertaken by a company to prevent corruption actions by its employees are not always taken into consideration by the law-enforcing bodies, due implementation of such measures may be one of the few defences of a legal entity in court. Legislative initiatives aimed at reforming of the practice of use of article 19.28 of the Code of Administrative Offences testify to the fact that the main condition for mitigation of or relief from liability may be active cooperation with the law enforcement authorities aimed at efficient investigation of the corruption offence.
Nevertheless, it is important that the company and its structural subdivisions are responsible when fulfilling their duties as envisaged by article 13.3 of Federal Law No. 273-FZ On Counteracting Corruption, aimed at development and application of anticorruption measures. An integrated approach is required for the organisation of internal control and creation of an efficient system for prevention of corruption, for example, by introducing compliance programmes as well as readiness for a prompt legal defence of one’s interests if the law enforcement authorities bring any charges.
A main financial sanction that may be imposed by Federal Antimonopoly Service in Russia is an administrative fine. The amount of such fine may range from 1 per cent to 15 per cent of a company’s annual turnover in the affected market (0.3 per cent to 3 per cent for price-regulated markets and ‘mono-product’ companies), and in case of collusion relating to public tenders, 10 per cent to 50 per cent of the starting price of the affected tender. One common feature of all such fines is that they are issued pursuant to the Code of Administrative Offences, and the Code expressly provides that administrative liability is fault-based. This means that a company may be held administratively liable - and be ordered to pay a fine - only if the unlawful conduct (anticompetitive behaviour in this instance) was the fault of the company.
Personal data protection compliance
Breach of the established legal order for the collection, storage, use or distribution of personal data may entail the following administrative sanctions:
- warning or administrative fine, 300-500 roubles (for individuals);
- warning or administrative fine, 500-1,000 roubles (for officials); or
- warning or administrative fine, 5,000-10,000 roubles (for legal entities).
Do undertakings face criminal liability for risk and compliance management deficiencies?
For the purposes of this question, it should be borne in mind that, according to the Criminal Code of the Russian Federation, only individuals may be subject to criminal liability.
Anti-corruption related criminal offences set out in the Criminal Code of Russia include:
- receiving a bribe (article 290);
- bribing an official (article 291); and
- completing commercial bribery (article 204).
These articles were clarified and detailed in the summer of 2016.
Article 178 of the Criminal Code of the Russian Federation establishes criminal liability for cartel activities that prevent, restrict or eliminate competition.
Personal data protection compliance
Under article 137 of the Criminal Code of the Russian Federation, unauthorised and illegal collection or distribution of personal data or privacy data may lead to the following criminal sanctions:
- a criminal fine of up to 200,000 roubles;
- salary amount for the period of 18 months;
- forced labour for 360 hours;
- correctional works for 12 months;
- compulsory works for two years, with or without disablement for three years;
- arrest for four months; or
- imprisonment for up to two years.
Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?
In 2013, the Supreme Arbitrazh Court of the Russian Federation issued Decree No 62 on losses recovery from management bodies of a legal entity directly allowing the possibility to recover from a company’s management losses that became a result of that management’s abuse of its power.
Generally, board members and CEOs in Russia are directly liable to the company and indirectly liable to shareholders for actions performed in bad faith or unreasonably against the interests of the entity. CEOs and board members are, by default, not liable to third parties. Management must prove that their actions and decisions were made in good faith and in the company’s best interest.
Additionally, the CEO bears subsidiary liability for company debts in case of its insolvency if:
- he or she fails to submit the petition when the company becomes insolvent; or
- his or her acts or omissions cause the company’s insolvency.
The aforementioned causes of insolvency may as well be connected to the failures on risk and compliance management of the respective entity.
Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?
Yes, the CEO and responsible members of management also bear personal administrative liability for a sufficient number of administrative offences. Personal administrative liability of the entity’s management may, in general, entail fines, dismissal or disqualification.
Under the Code of Administrative Offences, the management of the entity (whose duties include responsibility for compliance procedures of the company) may incur personal administrative liability for each violation of the statutory regulations, performed by the entity.
Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?
Under the Criminal Code of the Russian Federation, any person who is governing the activity of the entity (including the CEO and members of the management board who are responsible for compliance issues) can be held criminally liable for any violation of statutory provisions that constitute a criminal offence. Criminal sanctions in such cases may include a fine, community service or imprisonment.