Reporting of Unethical Misconducts: Compliance Requirements for Doing Business in India
In the post-pandemic era where businesses are expected to move into an expansionary phase, it becomes extremely important for companies to keep their compliance check-box ticked. In a country like India where bribery, corruption, and fraud risks are rampant, obligations to report such misconduct on companies are rather confusing and spread across multiple statutes. However, if not reported appropriately, it may cause serious repercussions for companies. Thus, we have discussed the major reporting obligations on companies in case they come across certain misconduct by their employees, agents, officers, or third parties.
Post-pandemic, when businesses are expected to move into an expansionary phase, it becomes extremely important for companies to keep their compliance check-box ticked. In a country like India where bribery, corruption, and fraud risks are rampant, companies’ obligations to report such misconduct are rather confusing and spread across multiple statutes. However, if not reported appropriately, it may cause serious repercussions for companies. Thus, we have discussed the major reporting obligations on companies in case they come across certain misconduct by their employees, agents, officers, or third parties.
Reporting of bribes paid by employees, officers or third parties
India’s primary anti-bribery law, the Prevention of Corruption Act, 1988 (PCA), prohibits both giving and taking of bribes, though its scope is limited to bribery of ‘public servants’ (essentially, government officials, though in certain cases private-sector employees may also qualify).
A pressing question that often arises from internal investigations at companies, is whether the commission of certain offences under the PCA, relating to bribe-taking by public servants, should be reported to any authority? Indian law essentially states that any person (including a company) who is aware (i.e., has information supported by a certain degree of evidence, and not based on mere logical assertions) of the commissioning of offences under Sections 161 through 165A of the Indian Penal Code, 1860 (IPC), is obliged to report it to relevant authorities. These provisions were India’s colonial-era bribery offences, which were repealed and re-enacted under the PCA. However, there were no corresponding changes to the aforesaid reporting obligation to accommodate the PCA’s introduction. Indian courts have also not conclusively answered this conundrum. While certain High Courts (penultimate appellate courts) have held that this reporting obligation does not extend to offences under the PCA, the Supreme Court (India’s apex court) has contrastingly observed that offences under PCA are indeed reportable. Thus, while it may appear that the Supreme Court may be more inclined towards considering certain PCA offences to be reportable, on the other hand, it is also arguable that the said observation was merely in passing and not an operative part of that judgment.
Ultimately, a company’s obligation to report such offences also depends on the company itself being ‘aware’ of such offences’ commission – in India, a corporation is liable for offences involving intent (such as, the above PCA offences) only when certain officials, who are its ‘directing mind and will’, had the relevant criminal intent. While case-laws are yet to detail the breadth of officials who qualify as such, it is arguable that the board of directors will ordinarily qualify as the ‘directing mind and will’. Given this, MNCs with cross-border compliance functions particularly may consider structuring India-level investigations so as to not involve the local board of directors until and unless needed.
Reporting of instances of compulsion to pay bribes
It is not uncommon in India for employees, agents, or other associated persons of the company to be compelled to pay bribes to obtain or retain business for the company – for example, when public servants demand bribes to release payments on already allocated projects. In such cases, Section 8 of the PCA mandates reporting to appropriate authorities within seven days from the date of giving such bribe. If so reported, the company may not be liable for the offence of bribe-giving under the PCA.
Fraud reporting obligations
The Companies Act, 2013 (CA) does not explicitly require companies to report bribery and corruption. However, auditors of a company (appointed under the CA) are obliged to report ‘fraud’ at the company to the central government if the fraud detected is above certain monetary limits. The CA also defines ‘fraud’ somewhat widely, such that instances of bribery (government and commercial) may constitute fraud depending on facts. Nonetheless, as per a guidance document issued by ICAI (the professional regulator for auditors), the auditor may be obliged to report only if he is the first to identify/note such fraud while performing his duties. Therefore, if the management detects any fraud, and intimates the same to auditors, auditors are not required to flag such instances to the central government.
In addition, the Companies (Auditor's Report) Order, 2016, which lists matters that statutory auditors of certain companies must include in their report on the company’s financials, requires that any fraud by the company, or on the company by its officers or employees during the fiscal, must be disclosed in the auditor’s report. Significantly, this order is to be superseded by the Companies (Auditor’s Report) Order, 2020, whose applicability has been deferred till 1 April 2021 due to Covid-19. The latter Order, in addition to retaining the requirement of the former (2016) Order on disclosing frauds in the auditor’s report, has made it obligatory for certain companies to disclose/report all whistleblower complaints received during the year to the auditors for further audit procedures.
Publicly traded companies’ obligations
SEBI (the capital markets regulator), which regulates companies listed on stock exchanges – introduced disclosure requirements in October 2020 mandating listed companies to disclose details of ‘forensic audits’ initiated at such companies. Such details include the event of, and reasons for, initiating a forensic audit, and the final report on that audit received by the company and its management’s comments (if any) on that audit report (excluding instances where such audits are initiated at the behest of a regulator or an enforcement agency). SEBI has since clarified that these requirements apply to forensic audits to detect misstatements in financials, misappropriation, siphoning or diversion of funds, etc., and not audits that would not require any revision to the listed entity’s financials (such as manufacturing practices, etc.).
Irrespective of this clarification, SEBI may have just made it onerous for listed companies to handle internal investigations discreetly: a rogue employee skimming funds for himself is just as characterizable as misappropriation or siphoning of funds as more severe misconduct such as bribery, etc. SEBI’s prescription then means that listed companies may need to inform stock markets of the mere commencement of an investigation, without being able to answer whether there are any findings and any impact on the company. Non-inclusion of clear materiality thresholds for these disclosures too could lead to premature and potentially irrelevant disclosures, that spook investors and cause reputational concerns and related overhang on the listed entity’s stock. In that sense, these requirements depart from already-existing SEBI norms which require listed companies to mandatorily disclose frauds, defaults and arrests of its promoters and ‘key managerial personnel’ (which includes CEOs, CFOs, MDs and full-time directors) (KMP), and, if considered ‘material’, certain disputes, regulatory actions, frauds and defaults by non-KMP personnel. These disclosures are however made upon a determination that such events have indeed occurred.
Insofar as sharing the final report on the forensic audit is concerned, listed companies must also consider legal rights they may enjoy, such as attorney-client privilege over the final report, and potentially, protections against self-incrimination. These assume greater importance since SEBI has so far not publicly indicated whether companies are entitled to receive any credit for self-reporting. Nor are there any policy checks against authorities ‘piling on’, unlike, for example, the U.S. DOJ – on the contrary, multiple authorities commonly open enquiries into the same conduct from different perspectives.
Contractual requirements to disclose misconduct
In contracting with governments (central and state) and government instrumentalities in India, norms vary depending upon the counterparty. Regardless it is typical for government contracting to include, at the minimum, vigilance requirements such as integrity pacts, in which, inter alia, bidders and suppliers must disclose debarments, violations of anti-bribery, anti-fraud provisions, etc. in the preceding three years in any country – akin to bidding norms for multilateral development banks. Certain government bodies, such as departments under the Indian Ministry of Defence, may additionally require bidders and suppliers to disclose payments made or intended, or committed to government officials, agents, intermediaries, etc., in connection with a bid.
In the private sector, we commonly see ABAC diligences seeking disclosures of past misconduct and ongoing investigations for M&A transactions, as well as the use of anti-bribery clauses in which contracting parties sign up to representations and warranties on complying with the PCA and applicable cross-border laws. Additionally, we also see deal-specific covenants where, in the absence of regulatory investigation or scrutiny, parties enjoy walk-away rights, or entitlements to purchase price adjustments, if whistleblower complaints disclosing grave allegations are received, or financial statements are qualified due to unconcluded investigations.
As the anti-bribery legislative and enforcement landscape in India continues to develop rapidly, and regulators continue to respond to multiple instances of large-scale financial frauds amongst established businesses, we expect this trend of disparate reporting and disclosure obligations to continue. General counsels, boards of companies and practitioners will need to think through these varying requirements carefully while operating, and mandating ABAC-related reviews, in India.
Note: The content piece is authored by Kunal Gupta, Partner, with inputs from Shreya Kundu, Senior Associate, Trilegal and Sahil Bansal, Associate, Trilegal
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house
Around The World