A recent Supreme Court ruling reaffirmed and put even stronger emphasis on the importance of following through with an organisation’s internal compliance processes and practices and ensuring that these actually work.
Facts of the case Supreme Court 2021:6
During a period of three years, a client of a gambling association had spent over 2,000,000 euros on online gambling. Said client worked as an accountant, and over 800,000 euros of the monies gambled had been embezzled from their accounting clients. The accountant was condemned for a number of aggravated embezzlements and embezzlements committed between years 2009 and 2012.
The gambling association had reported about its client’s gambling to the Central Criminal Police’s Financial Intelligence Unit, but had yet still allowed its client’s gaming go on for over nine months after the notification. The gambling association’s managing director was prosecuted for money laundering. According to the prosecution, the managing director and other personnel knew of their client’s profession as an accountant and, therefore, were also aware of the disparity between the client’s gambling stakes and their income and other economic circumstances. Therefore, the managing director had become aware or could have foreseen that it was probable that the monies the client played with were not in their possession lawfully, or that there at least was a strong reason to suspect that to be the case. Despite this, the gambling association’s managing director continued to accept the client’s payments, up until when the client’s gaming account was closed from their own request. The gambling association had justified its passivity by stating that it had been waiting for the Central Criminal Police to give any orders or instructions in consequence of the notification made.
The prosecutor also demanded that a corporate fine of 700,000 euros would be imposed on the gambling association on the basis of a crime committed by the managing director in the gambling association’s operations.
The Supreme Court ruling
Both the District Court and the Court of Appeal had dismissed the charges against the managing director of the gambling association. The Supreme Court were then to assess the question whether the actions in the gambling association’s operations were to be considered as negligent money laundering, and thus there would be grounds to impose a corporate fine on the gambling association.
In the conclusions of its ruling, the Supreme Court found that the gambling association’s personnel had not on their own initiative taken measures to prevent money laundering, even after they had had reason to believe that the monies gambled were not of a lawful origin and a notification of a suspected money laundering had been made. The gambling association’s internal instructions had been inadequate in respect of the measures to be taken after making a notification of a suspected money laundering.
The Supreme Court found that negligent money laundering had taken place in the gambling association’s operations, and that such money laundering had happened for the benefit of the gambling association – as its client’s gambling had created financial benefit for the gambling association. The gambling association had not acted with such care and diligence necessary in order to prevent crime. The Supreme Court imposed a corporate fine on the gambling association.
“The Supreme Court 2021:6 ruling is a primary example of the importance of company’s solid compliance processes and that such processes are followed through.”
Criminal liability of a legal entity
The general prerequisite for a legal entity’s criminal liability is that an organisation’s management has been a party concerned in the matter or has let the crime happen, or that in its operations has not been acting with such care and diligence necessary in order to prevent crime. However, the mere neglect of an organisation’s duty of care is not sufficient for liability, but it is also required that the crime has been committed on behalf or for the benefit of the organisation.
For a legal entity to be found criminally liable, the crime should be committed in its operations, and that the perpetrator should also have a certain relationship to the organisation, namely that they would belong to its management or be employed by the organisation. However, despite this requirement of a certain relationship between the organisation and the perpetrator, a corporate fine may be imposed even if the offender cannot be identified or otherwise is not punished. This had also been the case in the Supreme Court ruling, as charges against the managing director had been dismissed. A legal entity can be found criminally liable in case it is evident that the perpetrator is someone from the organisation’s management or employed by it, but it is impossible to point out one perpetrator.
The importance of internal compliance processes
The Supreme Court 2021:6 ruling is a primary example of the importance of company’s solid compliance processes and that such processes are followed through.
The gambling association was liable under the Act on Detecting and Preventing Money Laundering and Terrorist Financing (the “AML Act”) to report any suspicious transactions, and it had internal methods and instructions on how to prevent money laundering. Its personnel had been trained on the matter, and the responsibilities under AML Act had been delegated within the organisation to a separate Fraud Management Team (the “FMT”). However, it was instructed that clients’ gambling accounts were to be frozen only if the Central Criminal Police’s Financial Intelligence Unit demanded it, and there were no instructions on who would make a decision on freezing a client’s gambling account, should the Financial Intelligence Unit remain silent on the matter, as had happened in this case.
Having documented internal and external instructions, such as code of conduct, is a necessary first step in creating solid compliance processes. However, as this Supreme Court ruling has shown, it is also crucial to ensure that such instructions are implemented throughout the organisation and that they provide concrete guidelines to take sufficient measures when needed.
It should always be borne in mind that compliance is not a mere tick-the-box exercise, but the documentation and processes require ongoing assessment and training. Even extensive and good written guidelines do not work if the employees are not aware of them. On the other hand, even the awareness will not help if instructions are incomplete or outdated.
For many organisations compliance is much more than just an obligation to abide by the laws. It includes considerations related to ethics and sustainability of the business, and at its best compliance is implemented to companies’ culture and daily ways of working. That is also the way to ensure that the processes actually work robustly and that the goals for compliance will be achieved.