Lexology GTDT Market Intelligence provides a unique perspective on evolving legal and regulatory landscapes. This interview is taken from the Anti-Corruption volume featuring discussion and analysis of legal developments, compliance risk and the role of enforcement authorities within key jurisdictions worldwide.
1 What are the key developments related to anti-corruption regulation and investigations in the past year in your jurisdiction, and what lessons can compliance professionals learn from them?
The Prevention of Corruption Act 1988 (POCA), the primary anti-corruption law in India, underwent a significant overhaul when it was amended in 2018. The amendment was mainly to bring POCA in line with the UN Convention Against Corruption 2005 and introduced specific liability for corruption and bribes, both for individuals and companies. This changed the previously one-sided ambit of liability under the POCA wherein express liability was primarily on recipients of improper payments and other undue advantages. Persons giving a bribe under coercive circumstances have been provided a limited exemption upon reporting to authorities in a timely manner. The Prevention of Money Laundering Act 2002 was also amended to include the aforementioned offences under the POCA.
The Companies (Auditor’s Report) Order 2020 (CARO 2020) issued by the Ministry of Corporate Affairs in February 2020 aims to strengthen the corporate governance framework for companies in India. CARO 2020 mandates enhanced due diligence and disclosures on the part of auditors and has been designed to bring in greater transparency in the financial state of affairs and whistle-blower complaints received by companies.
In terms of investigations, there has been a steady rise in the number of crackdowns on bank frauds, fugitive economic offenders and other ancillary economic offences. There appears to be a shift in the government stance to anti-graft and good governance.
Compliance professionals, whether internal or external, will have to reorient their practice to cover not only external risks posed by third parties and fraudsters, but also the internal risks. Some of these issues could be addressed by ensuring an elaborate compliance framework backed by unambiguous policies, a strong tone at the top and transparency with stakeholders at all levels.
2 What are the key areas of anti-corruption compliance risk on which companies operating in your jurisdiction should focus?
Due to the overlap of central and state laws, as well as various regulatory compliances to deal with, corporates in India often opt to work with third -party consultants and advisers who are better equipped to handle local nuances. However, engaging with third parties comes with an increased compliance risk.
Further, companies in India need to bridge the gap between having a compliance framework and policy, and on the ground implementation, especially in high-risk industries, such as pharmaceuticals, infrastructure, manufacturing and food processing. Highly regulated sectors have a large number of regulatory touch points, with substantial discretionary powers lying with authorities, thereby directly correlating to an increase in operational risks.
Companies in India also have to account for risks arising from extraterritorial legislations such as the United States’ Foreign Corrupt Practices Act (FCPA), the UK Bribery Act (UKBA) and other foreign anti-corruption laws. There have been numerous actions taken under the FCPA against companies for corrupt activities in India, either directly or through a third party.
Companies operating in India need to undertake regular routine and comprehensive risk and threat assessments, and implement their learnings in a meaningful manner to ensure that their policies and compliance measures make a discernible impact.
3 Do you expect the enforcement policies or priorities of anti-corruption authorities in your jurisdiction to change in the near future? If so, how do you think that might affect compliance efforts by companies or impact their business?
We are seeing a steady increase in both regulatory stringency and enforcement actions against a variety of economic offences and we expect these trends to continue in the next few years and beyond. There has also been an increase in the actions taken by the investigating authorities in seeking out economic offenders who have fled the country in an attempt to escape legal implications.
In light of the amendment to the POCA and other related developments, the authorities are likely to crack down on corporate misgovernance and deal strictly with economic crimes. Compliance efforts by companies should ideally be bolstered as they shore up against any actions that could expose them to liability in the future and take into account any and all laws, both within India and overseas, which are applicable to them.
4 Have you seen evidence of continuing or increasing cooperation by the enforcement authorities in your jurisdiction with authorities in other countries? If so, how has that affected the implementation or outcomes of their investigations?
Data on cooperative action is limited and usually not instantaneously reported in the public domain in India. However, we note steady and continuing FCPA enforcement actions against companies for violations in India, across various industries and sectors.
Further, there have been recent instances of authorities taking note of potential violations of the POCA due to enforcement actions taken by the US Department of Justice and the Securities and Exchange Commission under the FCPA. While enforcement may not be as strong or substantial as under the FCPA, a corporate entity facing scrutiny under foreign anti-corruption laws cannot preclude any action under Indian laws.
5 Have you seen any recent changes in how the enforcement authorities handle the potential culpability of individuals versus the treatment of corporate entities? How has this affected your advice to compliance professionals managing corruption risks?
The POCA amendment in 2018 introduced the concept of corporate liability for authorising corrupt payments and bribes. It has also specifically made individuals liable for giving bribes, as opposed to the earlier version of the law wherein the recipient of an improper payment or other gratuity was primarily considered a direct offender and the giver was seen as an abettor. Furthermore, third parties acting on behalf of a corporate entity could also attract penal action upon the entity.
This liability for authorising bribes also extends to members within the company who have a role in the authorisation of the bribe, which could include any number of senior officials of the company, including its directors, officers and any employees.
As this is a relatively recent amendment to the law, we are yet to see distinct trends in how enforcement authorities treat culpability of individuals juxtaposed against treatment of corporate entities. However, our advice continues to stress the importance of a solid compliance framework and a stronger, louder tone from the top.
In addition to these, other ancillary laws are increasingly being enforced, such as the Black Money (Undisclosed Foreign Income and Assets) and Imposition of Tax Act 2015, which targets undisclosed and undocumented changes and penalises them, along with the Fugitive Economic Offenders Act 2018, which marks economic offenders who have either left India to avoid implications or those refusing to comply with legal directives. The Enforcement Directorate, the primary law enforcement agency for economic crimes, has shown a trend of stricter enforcement of these laws, in acting against top-level and C-suite personnel of companies and taking swift action.
There is thus a need for compliance professionals, especially those managing or advising in the management of corruption risks, to emphasise stricter internal controls, an effective and efficient reporting mechanism for timely warnings, regular training and an overall forward-thinking approach to tackle a corrupt culture.
6 Has there been any new guidance from enforcement authorities in your jurisdiction regarding how they assess the effectiveness of corporate anti-corruption compliance programmes?
The 2018 amendment to the POCA introduced provisions to make companies criminally liable for corrupt activities done by or on behalf of them. It also introduced an adequate procedure defence for companies in the form of proposed guidelines for adequate preventative mechanisms. However, the government is yet to clarify what such guidelines entail and it remains to be seen whether they will be introduced this year. Further, the introduction of regulations such as CARO 2020 also indicate that the enforcement authorities expect companies to have mechanisms to deal with whistle-blower complaints effectively and adequately.
Given that many companies in India may fall under the purview of the FCPA, UKBA and laws of other foreign jurisdictions as well, such companies need to ensure that their compliance programmes in India can stand up to scrutiny under such laws.
7 How have developments in laws governing data privacy in your jurisdiction affected companies’ abilities to investigate and deter potential corrupt activities or cooperate with government inquiries?
Laws governing data privacy in India are expected to undergo a substantial revision in the near future as the government is working on regulating data on multiple fronts, including personal and non-personal data. The existing Information Technology Act 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 are consent-based regimes for the collection, processing and transfer of data, which companies have to comply with in order to investigate and detect corrupt activities.
To date, there is no particular hindrance to government authorities conducting anti-corruption investigations, as authorities remain empowered under the law to request and obtain data from companies, including sensitive personal information.
The upcoming law is expected to be more robust in terms of consent requirements, while also carving out some exemptions for internal governance measures and investigative actions. The full extent of the impact of such developments, with regard to corporate actions, can be seen only once the law comes into effect. However, companies should be prepared for a more robust data privacy regime.
The Inside Track
What are the critical abilities or experience for an adviser in the anti-corruption area in your jurisdiction?
An anti-corruption professional in India needs a thorough and comprehensive knowledge of the culture and ethics landscape in India, above and beyond just an understanding of the law and regulations. Given some lacunae in the law and the fact that our laws tend to be in a legislative limbo for extended periods of time, it becomes important to be forward thinking in the approach to problem solving.
Professionals also must be able to dynamically adapt to a constantly evolving regulatory regime.
What issues in your jurisdiction make advising on anti-corruption compliance challenging or unique?
Sheer variance in challenges posed in different industries and sectors in India leads to complex and diverse compliance requirements for companies established in such industries. To add to that, geographical constraints of operating across the length and breadth of a country the size of India makes corporate oversight that much more difficult. Compliance professionals also have to take into account local nuances and challenges when dealing with issues on the ground.
What have been the most interesting or challenging anti-corruption matters you have handled recently?
All anti-corruption matters pose interesting scenarios and challenges. I recently advised a conglomerate on a misgovernance issue that spans various countries and across continents, all stemming from inherently flawed internal processes. It was interesting to see far-reaching legal repercussions of unaddressed policy gaps.
Cases like this reinforce our belief that companies are most susceptible to internal frauds and issues when they take a lax approach to strengthening their compliance frameworks.