On 1 July 2016 revised rules on anti-bribery and corruption law entered into force. The revisions aim at improving the basis to combat corruption in the business sector (so-called private sector bribery). Notably, individuals and companies may be punished cumulatively. Under the new rules, companies and their boards of directors should take appropriate internal measures to prevent private sector bribery.

By Tino Gaberthüel (Reference: CapLaw-2016-24)

1) Overview

For years the fight against corruption has been in constant progress, in Switzerland as well as abroad. The current revisions of the anti-bribery and corruption law have been triggered in particular by corruption scandals in international sports organizations, such as FIFA. However, the scope of the new rules which entered into force on 1 July 2016 goes beyond the sports sector and covers all private business areas.

The key provisions of the revised anti-bribery and corruption rules can be summarized as follows:

• The Swiss Penal Code (PC) includes two new offenses regarding private sector bribery. First, any person who offers, promises or grants an undue advantage to an employee, agent, partner or other auxiliary person of a third party in the private sector in connection with such party’s professional or commercial activity with the purpose to have such party carry out or abstain from carrying out an act contrary to duty or within the party’s discretion will be liable to prosecution (so-called active private sector bribery; article 322^octies para. 1 PC). Second, any person (employee, agent, partner or other auxiliary person of a third party) in the private sector who solicits, accepts or takes an undue advantage (bribe) in connection with such person’s professional or commercial activity will be liable to prosecution (so-called passive private sector bribery; article 322^novies para. 1 PC). Advantages that are contractually approved as well as minor advantages that are common social practice do not constitute private sector bribery and therefore will not be prosecuted (article 322^decies
  para. 1 PC).
• Until now private sector bribery was regulated by the Unfair Competition Act (UCA). A punishment under the UCA required that the bribery lead to a distortion of competition. As a consequence, under the UCA, the supplier of automotive components who – after the conclusion of a supply contract – paid a bribe to the customer’s employee responsible for quality control in order that such employee ignored the deficient quality of the delivered components would not be liable to prosecution. Under the new rules on anti-bribery and corruption law, this link between private sector bribery and unfair competition has been removed. Under the revised rules, bribery of private individuals therefore constitutes a criminal offense regardless of whether it has any effect on competition. Under the new rules, the above-mentioned supplier of automotive components will therefore be liable to prosecution, regardless of whether the supplier is in competition with other suppliers.
• The new private sector bribery offense generally is a so-called public offence (Offizialdelikt), which means that it will be prosecuted ex officio. Only in “light” cases (leichte Fälle) prosecution will require a complaint by the injured party (articles 322^octies para. 2 and 322^novies para. 2 PC). The new rules do not contain a definition for “light” cases. In the parliamentary debate on the revised rules it was mentioned that a “light” case requires that the crime amount is only a few thousand Swiss francs, the safety and health of other persons is not affected, the crime is not conducted repeatedly or by a gang and the bribery is not linked to the forgery of documents. The size and financial state of a company should not be relevant to determine whether a “light” case exists or not. Until a judicial practice will have been developed, there remains some uncertainty regarding this element.
• Besides the individuals involved in the bribery who may be punished with imprisonment of up to three years or a fine, the business itself (irrespective of its legal form) may also incur criminal liability in case of active private sector bribery, provided that the business failed to take all reasonable and necessary organizational measures to prevent corruption (article 102 para. 2 PC). The risk of insufficient anti-corruption measures may be of particular relevance for businesses that do not entertain business relationships with public or publicly controlled enterprises and therefore have not been exposed so far to the risk of bribery of public officials (Beamtenbestechung).
• Prosecution requires that the bribery act took place in Switzerland (articles 3 and 8 PC), whereby it is sufficient that the bribery is performed only partially in Switzerland (e.g., if the promise, offer or acceptance of an undue advantage (bribe) is made in Switzerland). The required link to Switzerland may already be established if the bribing person is staying in Switzerland at the time when such person instructs a money transfer. Further, depending on the specific circumstances, the use of a Swiss bank account may already be sufficient for a punishable offense in Switzerland.

2) Increased risk of prosecution

Under the previous rules of the UCA hardly any procedures relating to private sector bribery were undertaken. The main reason for this may have been that under the UCA a complaint by the injured party was required to start a procedure. Such complaint was rarely made, not least because the affected companies preferred an internal solution.

Because of the revised rules on private sector bribery (now prosecuted ex officio) there is an increased risk that the public prosecutor will initiate a procedure. Pursuant to the dispatch of the Federal Council (Botschaft) on the revised anti-bribery and corruption law, the Federal Council expects prosecution relating to private sector bribery to increase.

3) What does this mean for organizations doing business in Switzerland?

Under the new rules, in addition to the individuals offering (or receiving) bribes, the business organization itself might be held directly liable to prosecution if the business failed to take all organizational measures that are required and reasonable to prevent bribery (or if the responsible person within the business cannot be identified; article 102 para. 1 and 2 PC). Consequently, business organizations themselves are exposed to a prosecution risk that is not insignificant. However, unlike the UK Bribery Act, which puts the burden of proof on the business organization to demonstrate adequate policies and procedures, Swiss law requires the prosecutor to prove the organizational deficiency.

In case of a conviction, a business may be subject to a fine of up to CHF 5 million (article 102 para. 1 PC). In addition, profits stemming from a business deal concluded through bribes may be seized (article 70 para. 1 PC). In any event, a criminal investigation on private sector bribery may entail serious reputational damage for the affected business as well as an internal loss of confidence.

4) What should Swiss companies and their boards do?

The requirements for the measures to be taken by business organizations to prevent corruption are high. The public prosecutors set far-reaching requirements for compliance programs of internationally operating business organizations. The mere existence of a control system is not sufficient; it is crucial that such system is effectively implemented in the day-to-day operations and monitored.

Within a company, the board of directors (or equivalent for other legal forms) is responsible for the overall management of the company (article 716a of the Code of Obligations). This task may not be delegated. According to Swiss corporate law, the board of directors must take the necessary measures to ensure that the applicable laws and internal regulations and guidelines are complied with by the entire corporate organization.

Specifically this means:

• The board of directors should conduct a risk analysis which includes, among others, the business model, the business processes and the distribution channels, the business partners as well as the geographic field of activity of the corporate group.
• Based on the risk analysis, the internal corporate structures of the group should be defined and the necessary guidelines and compliance manual or code of conduct should be implemented, covering not only employees, but also agents, representatives and suppliers of the company.
• Further, it should be ensured that the employees are made aware of the risks, are adequately informed about the guidelines and manuals and are trained accordingly (so-called staff trainings).
• Finally, monitoring systems and control mechanisms should be implemented that are appropriate for the company’s risk profile (this may include the set-up of a reporting office for whistleblowers).
• If in spite of compliance and monitoring systems a breach occurs, the board of directors will have to ensure that the cause and dimension of such breach are discovered promptly (to do so may require a so-called internal investigation) and that the necessary measures are taken (including any disciplinary sanctions, revisions to policies and procedures etc.). Regulated entities (such as banks, financial intermediaries, insurers or pharmaceuticals) may have to inform, and involve, the competent regulator.

Besides large multinationals spanning the globe, also small and mid-sized companies (SMEs) have a need for action, whether they operate internationally or not. For internationally operating companies having foreign subsidiaries or distributors and business partners, the challenge is that they need to comply not just with Swiss law, but also with foreign regulations (such as the UK Bribery Act and the US Foreign Corrupt Practices Act).

5) Ongoing review and adaptation; ISO certification

The set-up and implementation of a compliance system which is appropriate for an internationally operating company is a complex and demanding process that needs to be continuously monitored, improved and adapted to the changing landscape. When expanding its business activities, a company will have to assess whether the measures already implemented need to be amended.

Certification of anti-bribery compliance programs will soon be possible under the proposed draft ISO 37001 anti-bribery management systems standard, to be published later in 2016. The ISO standard requires that anti-bribery measures be implemented in a reasonable and proportionate manner taking into account the size, structure, location and sector of activity in which a company operates. Certifiers will assess, among others, whether the organization has adopted a written anti-bribery policy, demonstrates leadership from the top, engages adequate, qualified anti-bribery compliance staff, introduced training programs, conducts bribery risk assessments and due diligence on projects and business associates, adopted financial and business controls, and put in place procedures for reporting and investigation.

While ISO certification is not a guarantee against bribery, it provides evidence that an organization has taken measures to prevent it. As such, certification can be a strong defense against allegations of bribery and better protect the business from the risk of corporate criminal liability.

Tino Gaberthüel (tino.gaberthuel@lenzstaehelin.com)