Correctly Set Compliance Programme Makes It Possible to Get Exculpated from Criminal Liability

The legal concept of exculpation of a legal entity from criminal liability in criminal proceedings, provided that the legal entity has a functional and correctly set compliance programme, was adopted into the Czech legal system on the basis of inspiration from abroad and has undergone numerous changes over its existence. In contrast to countries such as Spain, France or Italy, the Czech legislation regarding the “possibility to be exculpated from criminal liability using the compliance programme” is very brief. How does the third revised edition of the methodology of the Prosecutor General’s Office and some of the recent court rulings look at this issue?

The matter of compliance is developing constantly and, as a result, keeping up with the times and living up to the most recent trends and requirements is not an easy task for legal entities.
A response to the above matter is contained in the most recent edition of the methodology of the Prosecutor General’s Office, as well as certain rulings of Czech courts that were made by judicial bodies as a response to ever-increasing numbers of prosecuted and sentenced corporate entities.

Procedures for the evaluation of compliance programmes resulting from the methodology of the Prosecutor General’s Office

Although the methodology of the Prosecutor General’s Office is to be primarily used as a manual for law enforcement authorities when applying Section 8 (5) of Act No. 418/2011 Coll., on Criminal Liability of Legal Entities and Proceedings Against Them, it contains numerous recommendations that legal entities should follow, and as such it partially replaces the lack of legislation. The current, already the third edition of the methodology of the Prosecutor General’s Office elaborates on the prior edition primarily in terms of practical recommendations for the procedures of law enforcement authorities. At the same time, these procedures are valuable guidelines for legal entities in the development of their own compliance programmes. The methodology explains what is the background for committing of a crime by a legal entity with a focus on its exculpation from criminal proceedings, states relevant case law regarding this subject and newly also provides an insight into the evaluation of compliance programmes in terms of their effectiveness.

As a reminder, under Section 8 (5) of the Act on Criminal Liability of Legal Entities and Proceedings Against Them, it is possible to release a legal entity from criminal liability; in other words, a corporate entity may exculpate itself from criminal liability. The exculpation is possible when the corporate entity made every effort that can be reasonably required from it to prevent criminal acts from being committed by persons listed in the Act on Criminal Liability of Legal Entities and Proceedings Against Them. Such effort may also include a correctly implemented and, in particular, functional compliance programme that always needs to be evaluated in terms of its comprehensiveness, adequacy and in terms of it being “tailor-made to the legal entity”.

In its methodology, the Prosecutor General’s Office recommends public prosecutors to use a three-step procedure when evaluating compliance programmes:

The first step is the evaluation of measures introduced by the corporate entity with the focus on the committed crime, by applying the “three-pillars of compliance”. First, the pillar of prevention, which entails an evaluation of measures adopted by the corporate entity in terms of predictability of the risk of a crime being committed. The second pillar is the pillar of detection, which aims to evaluate the adequacy and efficiency of measures adopted in the area where the misconduct happened. These primarily include control systems, ethics helpline, whistleblowing, and similar instruments. The last pillar is the pillar of response, which explores how the company responded to the misconduct. The response may be on the level of criminal law, civil law or labour law.

The second step is the evaluation of the general approach of the legal entity to the management of compliance risks, in which it is necessary to get to know the operations of the entire company. Primarily, it is necessary to focus on the quality of management and governance of the corporate entity and the functioning of its compliance programme.

The last step is the evaluation of the corporate entity’s approach to meeting other obligations. This means the meeting of its long-term obligations, primarily concerning tax liabilities, payments of social security and health insurance contributions, or a prior committing of misconducts and crimes, as well as the meeting of the obligation to publish information in public registers (e.g. the publication of documents in the Collection of Deeds in the Commercial Register, as required by law).

The most common features of a poorly functioning compliance programme, as listed by the methodology of the Prosecutor General’s Office, are primarily the following:

  • The failure to state the approach of top management to the adherence to the compliance programme of the company, breaching of the compliance programme by the top management;
  • Outdated, formal and poorly arranged internal policies;
  • Employees do not know where the company’s internal policies are available, and therefore cannot consult them
  • Concerns of the employees about reporting illegal conduct of the company;
  • No response measures against illegal conduct;
  • Insufficient training of the employees and management and their failure to consult internal ethical standards of the company;
  • No notifications, questions, or reminders at the established ethics helpline of the company;
  • Audit was conducted in a formalistic way;
  • The compliance programme was only mindlessly taken over from the parent company by its subsidiary.

The methodology also discusses the issue of who is to prove the existence of compliance programmes in criminal proceedings: the corporate entities themselves or law enforcement authorities? The wording of the previous methodology of the Prosecutor General’s Office (the second revised edition of 2018) de facto described the transfer of the burden of proof onto legal entities. It implied that legal entities should actively defend themselves in criminal proceedings and “cooperate” with law enforcement authorities in order to fulfil the necessary precondition for exculpation, i.e. “making every effort”, as stipulated in Section 8 (5) of the Act on Criminal Liability of Legal Entities and Proceedings Against Them. The current methodology of the Prosecutor General’s Office modifies the former conclusion on the transfer of the burden of proof onto the legal entity. As a result, the new methodology of the Prosecutor General’s Office indicates that proposing that something be produced in evidence  (e.g.  the existence of a compliance programme) by a legal entity in criminal proceedings is the corporate entity’s right rather than an obligation. The responsibility for proper clarification of the matter lies with the law enforcement authorities, which are obliged to search for evidence both in favour and against the accused legal entity (principle of inquisitorial procedure), and therefore also the evidence of the existence and sufficiency of the compliance programme. Relevant facts on the exculpation of a legal entity from criminal liability have to be discussed, ex officio, by law enforcement authorities rather than the legal entity itself. Compliance programmes thus do not become less important and will continue to be a necessary condition for the “exculpation” of a legal entity from criminal liability; however, it will always depend on the process strategy of the defendant, whether and to what extent it will provide evidence on their existence in the criminal proceedings. Although it can be expected that companies will continue to cooperate with law enforcement authorities, an explicit refusal of the reverse burden of proof in the current methodology of the Prosecutor General’s Office can be undoubtedly seen as beneficial and adhering to the fundamental principles of criminal proceedings from the perspective of the legal entity as the defendant.

 Practical recommendations for compliance programmes resulting from court rulings:

The issue of compliance and criminal liability of legal entities is no longer completely new in the Czech Republic and this fact is reflected in the gradually forming case law regarding this matter. Courts seek to gradually specify what a compliance programme should generally look like, and therefore how a legal entity should behave to meet the requirement of “making every effort” stipulated by Section 8 (5) of the Act on Criminal Liability of Legal Entities and Proceedings Against Them.

In this regard, we see the ruling of the Regional Court in Prague, which discussed the setup and form of a compliance programme in a comprehensive manner, as important. The statement of reasons in the above ruling indicates that in order for the legal entity to avoid criminal liability (and for an individual, e.g. a specific employee, to face criminal liability instead), it is necessary to have a compliance programme containing specific and individual measures, made-to-measure to the legal entity. The corporate entity itself needs to assess what risks arise from its activities and which persons might commit crimes that may be imputed to the legal entity. The setup of control mechanisms able to uncover the type of criminal activity in question and the related use of sanctions of the corporate entity against the wrongdoers is evaluated as very important.

Another very important aspect in evaluating a compliance programme of a company is the corporate culture of the corporate entity, which, according to the court, is the most important factor impacting the compliance with internal regulations and ethical behaviour or the legal entity. The corporate culture includes principles of good governance and management of a corporate entity. The corporate culture may be both written (a code of ethics) and unwritten, passed over in the form of training or the management’s governance style (“tone from the top”). The court emphasises not only the comprehensive character, but especially the enforceability of the processes set in the company: “It is not only important to find out what the corporate culture is like in the particular corporate entity, what its content is, or whether the governance system adheres to specific standards; the most important aspect is how it is actually enforced and promoted and what example is given or which direction is pursued by the management. As such, it is not only the issue of number and scope of administrative measures adopted by the legal entity to prevent crime from being committed but most of all their actual effectiveness and enforceability.”

The court also commented on what individual levels should be established in the compliance programme, mentioning the preventive aspect as the first level, comprising measures focusing on limiting and eliminating factors that would otherwise result in a crime being committed. The prevention level should be followed by a detection level, which comprises measures focusing on the detection of committing or preparation of a crime in a legal entity. The last level should involve a response measure, which relates to the detection level. In the court’s opinion, the individual levels should follow from each another and complement one other.

Last but not least, the court emphasises the role of the legal entity’s governance in relation to the company’s compliance. The court clearly states that if the activities of members of the corporate entity’s statutory bodies, who take part in the introduction and control of compliance programmes, is imputed to the corporate entity, then not even the existence of a compliance programme and a good corporate culture will lead to exculpation in most cases. If members of a statutory body commit a crime which can be imputed to the legal entity and the crime was committed in the interest or as part of the activities of the corporate entity, such conduct directly contradicts compliance programmes and the corporate culture that the members of the statutory body introduced with an aim to prevent such conduct. In these cases,  Section 8 (5) of the Act on Criminal Liability of Legal Entities and Proceedings Against Them will rarely be applied, as the illegal conduct of these persons representing a legal entity constitutes the will of the legal entity itself. As defined in the ruling, the exception could be an excess of a statutory body, which could only be the case when “it would be in conflict with force majeure measures, out of control of the particular statutory body, i.e., for example, in conflict with the effective measures adopted and supervised by the general meeting as the supreme body of a company or in conflict with the measures stated in the Articles of Association and supervised by the general meeting”.

Other recent decisions that comment on the individual aspects of compliance programmes and may consequently be used as a source of inspiration in their implementation in companies may be found in the current methodology of the Prosecutor General’s Office:

These, for example, include the ruling of the Regional Court in Hradec Králové (file no. 7 T 11/2015), in which the court referred to the fact that if an illegal act was committed in a company, it does not automatically mean that the corporate entity did not make every effort that can be reasonably required from a corporate entity to prevent an illegal act from being committed. As the ruling states: “(…) any potential measures that are to prevent criminal activities of a legal entity’s employees will always be insufficient to some extent and it is always possible to find a way how to overcome these measures. It cannot be required of corporate entities to assign a person to every employee to supervise that employee and prevent him/her from committing criminal activities.” The court primarily pointed out the necessity of taking into account the necessary level of effort that the company made to prevent illegal acts from being committed as well as the response of the company to possible illegal acts.  

A ruling of the Supreme Court (file no. 31 Cdo 1993/2019) discussed the issue of delegating the performance of the compliance function in a company to a specialised division/department or a person (Compliance Officer / Compliance Department) in connection with the obligation of statutory bodies of legal entities to act with due managerial care. In the above ruling, the Supreme Court states: “When selecting a third party, the Board of Directors must proceed in a due manner, i.e. must make the selection in a manner that would be adopted by another reasonable diligent person, must define a clear task for the selected person, provide all necessary cooperation, manage him/her, and, lastly, must reasonably supervise the exercise of his/her delegated responsibilities, both in person and by using duly set control mechanisms.” It is commonly known that the responsibility for the compliance of the company’s operations with the legal system always lies with the statutory body, pursuant to the obligation to act with due managerial care. As for a company’s compliance activities, which are closely tied to due managerial care, they can be delegated to a specially formed division with a particular expertise in, for example, management and assessment of risks, company compliance and corporate governance. In order for the delegation to include an obvious element of due managerial care, the particular person cannot be selected for purely formal reasons, lacking experience, education, work experience etc.

Another decision regarding the exculpation of a legal entity from criminal liability using a compliance programme is the resolution of the Supreme Court (file no. 7 Tdo 110/2019) which provides its opinion on the actual functionality of compliance and states that a mere formal introduction of a compliance programme, which exists only on paper and is not being enforced or adhered to in any way, cannot and will not result in the exculpation of a legal entity from criminal liability. In its resolution, the Supreme Court states: (…) it was identified that the code of ethics of the defendant was a mere formal act the adherence to which was not enforced in any manner. (…) it is not sufficient for the meeting of exculpation grounds, if the stated measures only exist “on paper”, it must be ensured that they are actually being performed, their adopted measures inspected and their breaches searched for (…).“

The unique nature of a corporate entity and the setup of its compliance programme

To summarise, the specific form of a compliance programme depends on numerous factors. The size of the company and risks relating to its activities are on top of the list. In small and medium-sized enterprises, we can expect sub-measures that do not have to be of formal nature, given the possible family-like nature of the corporate culture, which may prevail in such enterprises more frequently than in large companies. By contrast, in large multinational companies, it will be assessed whether they only adopted and used the compliance programme of their parent company and whether the compliance programme was actually adapted to the unique requirements of the subsidiary. In any event, in the criminal proceedings, a public prosecutor will assess the actual functioning of the measures adopted, taking into account whether they were able to prevent criminal activities or minimise their consequences, as well as how the company subsequently responded to the criminal activities, if any.

A compliance programme that meets the requirements of Section 8 (5) of Act on Criminal Liability of Legal Entities and Proceedings Against Them does not contain rules only on the paper; it is a set of ethical corporate culture, functional preventive, detection and response measures, regular training of employees and top management and clearly stated support from the management (“tone from the top”). There is no “one-size-fits-all” solution for all corporate entities or for proving the “making of every effort” in the criminal proceedings as every legal entity is unique and every entity’s compliance programme will be different.

What does the compliance programme look like in your company? Are you getting started and need assistance in setting it up? Or do you already have compliance processes in place and want to verify whether they meet modern standards, suit the situation on the market and address current (not only) criminal law risks? Or has your company already been investigated in relation to a suspected crime? In that case, do not hesitate to contact us. We will be happy to provide you with comprehensive multidisciplinary consulting services involving legal, technological and process aspects in this domain.

Compliance dReport newsletter

Upcoming events

Seminars, webcasts, business breakfasts and other events organized by Deloitte.

    Show morearrow-right