How tightened corruption laws affects compliance management systems

Susanne Hofmann Data Protection Officer, PwC Switzerland and Liechtenstein 24 May 2018

With the revision of the Criminal Law on Corruption, the criminal responsibility of companies and their management is gaining in importance. Against this backdrop, companies cannot rely solely on their internal compliance rules and regulations, given the considerable requirements in terms of internal implementation, control and sanctions regulations.

Scandals involving serious corruption and bribery are commonly associated with multinational corporations, although SMEs in particular are facing growing challenges in connection with private bribery. All levels of management and employees are responsible and must make an active contribution to the fight against corruption.

Since 2016, private bribery and the bribery of public officials have been regulated by the Swiss Criminal Code ("SCC") and prosecuted ex officio (offence requiring public prosecution). By removing the link to unfair competition, distortion of competition is no longer a pre-condition, whereby the scope of application has been considerably expanded and the fight against corruption and bribery strengthened.

Principles of the revision

The new provisions are regulated by Art. 322octies and Art. 322novies SCC . The provision on the bribery of private individuals applies to any person who offers, promises or gives an undue advantage to a person or third party in order that the person carries out or fails to carry out an act in connection with his official activities which is contrary to his duties or dependent on his discretion. The provision on accepting bribes applies to any person who demands, secures the promise of, or accepts an undue advantage for himself or for a third party in any of the circumstances mentioned above. The requirement of a tripartite relationship remains a central criterion. The interests of third parties may be violated by employees or agents who do not comply with their legal or contractual fiduciary duties, for example. The breach of the fiduciary duty arises, for instance, by favouring an overly expensive supplier due to the receipt of tickets for the World Cup final.

Companies based in Switzerland which operate internationally must also take appropriate measures for foreign subsidiaries or branch offices, since even a partial violation of the bribery act in Switzerland may result in criminal prosecution. Merely using a Swiss bank account may be sufficient for criminal liability to apply. Foreign law - such as the UK Bribery Act 2010 - may also be applicable to subsidiaries, branches or business transactions with a foreign connection.

Companies can be found liable for the actions of their employees

(Subsidiary) liability under the criminal law may apply to companies (Art. 102 para. 1 SCC – secondary corporate criminal liability) if the offence cannot be attributed to a specific natural person due to deficiencies in the organisation of the company (e.g. no appropriate compliance programme, which can usually prevent corruption). The criminal liability of companies and natural persons, as regulated by Art. 102 SCC, obliges companies to institutionalise the necessary internal measures to prevent corruption and bribery. In the case of active private bribery (para. 2) where the company is accused of not having taken all the necessary and reasonable organisational precautions to prevent bribery or corruption, the company is punished independently of the actual perpetrator (referred to as cumulative criminal liability). 

This provision covers for example active private bribery due to insufficient implementation and control of the group's internal guidelines, (e.g. conflicts of interest, insufficient implementation of the gift and invitation guidelines, insufficient due diligence of suppliers) to prevent payments to suppliers. In order to avoid or minimise such cases, appropriate risk mitigation measures must be taken on the basis of a risk analysis, e.g. due diligence of brokers or suppliers.

Delegation of duties does not protect the Board of Directors and Management

Pursuant to Art. 716a of the Code of Obligations (“CO”), the Board of Directors is responsible for the ultimate supervision of the persons entrusted with managing the company, in particular with regard to compliance with the law, articles of association, operational regulations and directives. By defining the company's values, the Board of Directors determines the fundamental conditions for a compliance organisation. The Board of Directors delegates its operational implementation to the management, which ensures the company’s compliance with the law by delegating the support and monitoring of employees to the compliance function (cascade delegation). There are also similar cascade delegations for other corporate forms.

Despite this cascade delegation, the overall organisational responsibility for an appropriate compliance organisation remains with the management. Members of management may be held personally responsible for the damage caused by a breach of their duties. This description of personal responsibility under corporate law applies to corporate bodies, limited liability companies, credit societies, insurance companies and cooperatives (similar responsibilities also apply to associations and foundations).

Since a felony or misdemeanour may also be committed by a failure to comply with a duty to act (Art. 11 SCC - Commission by omission), holders of the highest organisational responsibility who have been informed of corrupt behaviour and refrain from acting can be held personally liable. It remains to be seen how liability will be assessed in the event of knowledge of an inadequate anti-corruption management system. It is quite plausible that the omission article (Art. 11 SCC) will still apply in the event of a violation if it can be demonstrated that the Board of Directors was aware of the existence of an inadequate anti-corruption management system and accepted the existing risks (e.g. information from the Chief Compliance Officer about an inappropriate anti-corruption system and the associated criminal risks) or that it was not aware of this fact when it should have been (missing compliance reporting to the Board of Directors).

Compliance management system and practical implementation

Observing the revised anti-corruption criminal law and establishing the associated compliance organisation are becoming increasingly difficult for SMEs. Particular challenges are posed by complex supply chains, the export of products, limited compliance resources and the increased requirements of international business partners, which necessitate appropriate compliance and anti-corruption programmes from their representatives for their own protection.

An appropriate organisation for compliance with the law, articles of association, operational regulations and directives can be ensured by a compliance management system. As the "Alstom case" impressively demonstrated in 2011, the requirements for compliance measures are high, and merely issuing directives and guidelines is not sufficient. Instead, appropriate measures must be enforced and reviewed. In addition, regular reporting to the company's top management (usually the Board of Directors) must take place. The organisational measures to be taken depend on the industry-specific and company-specific risks (e.g. international / national field of activity, company size) and the associated laws, regulations and best practice.

The difficulty in the practical implementation of a compliance management system lies in the transformation of the theoretical basis into a pragmatic operation that fits the company structure. The scope of the compliance management system can be defined more precisely by means of a risk analysis. This risk analysis must be prepared taking into account the desired and existing business model (including business partners), the sales channels and the geographic area of activity. On the basis of this analysis, appropriate guidelines, work instructions, processes, due diligence for risk exposed contractors and training must be established. An appropriate monitoring, reporting and sanctioning system is required to ensure that regulations are implemented. This cannot be achieved without appointing adequate compliance staff (e.g. size and know-how) with the necessary competence for enforcement and controls (independence of the compliance function). Should a company conclude from such a risk analysis that the compliance function cannot fill a full-time position, it is also possible to outsource the tasks to an external body.

How PwC can help

If you want to ensure compliance in the area of anti-corruption or want to review or expand your existing anti-corruption system, we will be happy to provide you with active support as a partner:

  • We help you carry out a risk analysis and verify compliance with your obligations in accordance with local and international regulations.
  • We provide you with a clear and comprehensive report showing the results of our risk analysis.
  • We support you in the practical implementation of a suitable compliance management system.
  • We assist you with the development, improvement and implementation of your organisation, policies, guidelines, procedures, training and controls.

Share this post:      


Susanne Hofmann

Data Protection Officer, Zurich, PwC Switzerland and Liechtenstein

+41 58 792 17 12


Contact us

Stefan Haag

Stefan Haag

Director, Accounting Consulting Services, PwC Switzerland

Tel: +41 58 792 71 29

Bruno Gmür

Bruno Gmür

Technical Partner Financial Services Banking, PwC Switzerland

Tel: +41 58 792 7317