I INTRODUCTION

Swiss law demands that senior corporate executives (i.e., the members of governing bodies and top management) manage their companies diligently and in good faith. In particular, corporate executives are required to prevent the criminal conduct of employees in any business matter. Implicitly, corporate executives have a duty to investigate any actual or suspected misconduct by members of corporate bodies or employees.

Various federal and cantonal agencies are competent to investigate corporate offences as well as offences committed by corporate employees or company agents.

Suspected or actual corporate criminal offences fall within the competence of the cantonal or federal public prosecutors. Some cantons, such as Zurich, have special prosecutors in charge of investigations of corporate offences.

At the federal level, the Office of the Attorney General (OAG) is the competent investigative and enforcement agency for Switzerland's national security matters. In particular, the OAG investigates suspected or actual violations of Switzerland's sovereignty and neutrality, its economy, or violations representing a severe threat to Switzerland's population, the country's stability, or the integrity of the democratic system as well as cases which are linked to several jurisdictions. In particular, the OAG investigates cases of white-collar crime, including those involving corruption, money laundering, insider trading and market-price manipulation.

In corruption cases, the OAG is competent to investigate the misconduct if: (1) it involves Swiss federal authorities; or (2) if the suspected crime has been committed abroad. The OAG has the typical investigative powers of a public prosecutor (i.e., the power to search, seize and arrest).

In cases where the offences of insider trading, market-price manipulation and money laundering are committed by a financial institution, which fall under the supervision of the Swiss Financial Market Supervisory Authority (FINMA), and if the suspected or actual misconduct violates administrative law, FINMA is the competent authority for conducting the investigations. In cases of suspected money laundering, criminal investigations are conducted by the OAG or (in domestic cases) a cantonal prosecutor, whereas FINMA or a financial sector self-regulatory organisation (SRO) are responsible for the supervision of the implementation of anti-money laundering legislation and effective risk and compliance management at the financial institutions supervised by them.

Suspected regulatory breaches, in the financial sector, for instance, are in most cases investigated by independent examiners (specialised law firms and consulting and audit companies), which are selected and supervised by the competent regulator.

Competition law is enforced by the Federal Competition Commission (COMCO). COMCO has a standing executive secretariat (the Secretariat) which conducts the investigations and prepares the materials for COMCO's decisions. The Secretariat has far-reaching investigative powers. It may conduct dawn raids, seize evidence and interview management and employees of undertakings in cases of suspected cartels, illicit vertical restraints, abuse of dominance and violations of the merger control regime. COMCO may fine undertakings with a maximum monetary sanction of 10 per cent of their combined turnover in Switzerland during the past three years.

Switzerland's legislative framework reflects socio-economic and ethical considerations as well as the view of the particular parliamentary majority. Recently, the prosecutorial functions have been granted increased power and resources, in particular with regard to the enforcement of financial market regulations, stricter anti-money laundering legislation and the fight against cartels. The evolution since the beginning of the financial crisis in 2007 reflects the will to protect Switzerland's reputation and to promote market and business integrity.

Under Swiss statutory law, undertakings are, as a rule, not obliged to cooperate with investigative authorities. This is a consequence of due process principles, in particular in dubio pro reo (when in doubt, for the accused) and nemo tenetur se ipsum accusare (no duty to self-incriminate). However, the investigative authority may mitigate sanctions or refrain from sanctioning an undertaking in cases of full cooperation. Limited cooperation or refusal to cooperate with investigative authorities is, in most cases, not a viable option because liability is unclear and undertakings under investigation are interested in a swift investigation and resolution of the matter to gain legal certainty. Also, the public expects undertakings to behave as good corporate citizens and cooperate with enforcement agencies.

II CONDUCT

i Self-reporting

As a rule, there is no obligation under Swiss law for undertakings to self-report suspected misconduct and no statutory framework for self-reporting. However, there are some exceptions where statutory law contains reporting obligations or a leniency mechanism is outlined.

Suspected or actual misconduct in the business domain of an undertaking requires management to conduct an internal investigation (diligent management standard). If the internal investigation produces evidence of potential or actual misconduct, the governing body of the undertaking must decide whether or not the undertaking self-reports the misconduct. As a rule, there is no statutory obligation to self-report offences. The reason is that the principle of nemo tenetur se impsum accusare is an implicit fundamental right under Article 6 of the European Human Rights Convention (EHRC). However, in some specific cases (which have not yet been tested in court), there are statutory duties to self-report legal risks (which may, in practice, be equal to an obligation to self-report misconduct). For instance, based on the Financial Market Supervision Act (FINMASA), supervised persons and entities as well as their auditors are required to disclose to FINMA any incident that is of material importance for supervisory purposes, such as the suspicion of money laundering involving significant assets or any that may have an impact on the institution's or the financial market's reputation.2

If an undertaking decides to self-report misconduct and to disclose information in the absence of a legal obligation, specific legal aspects should be considered.

First, the undertaking must comply with the Data Protection Act (DPA), which obliges controllers of data files to keep personal data confidential (typically, undertakings qualify as controllers of employee and third-party personal data). All data relating to a natural or legal person qualifies as ‘personal data'. If the company wishes to disclose personal data resulting from its internal investigation, it may only do so in the event a statutory exception applies or if the data subject provides a waiver. Data protection and data-transfer compliance are of particular relevance in cross-border internal investigations. The undertaking may also balance its legally protected interests against the individual's interest in confidentiality. However, this process is cumbersome and entails a high risk of subsequent litigation.

Second, the undertaking shall consider its duties under employment law, in particular, the employer's duty of care towards the employees.

Undertakings should consider the legal role and priorities of prosecutors and regulators before they self-report suspected or actual misconduct. In most cases, lawyers will seek clarification on a no-name basis from the enforcement agency on what the framework would be in the event of self-reporting.

The benefits of self-reporting and full cooperation with the regulator or prosecutor are that cooperation is considered as a mitigating factor when fines are calculated.

In the Cartel Act, self-reporting is explicitly outlined and the leniency applicant may receive full immunity from the fine. In cartel investigations, leniency applications have become widespread. These applications are typically filed with COMCO's Secretariat within the first hours of an investigation.

In criminal proceedings, defendants may benefit from the expedited procedure and their fine may be reduced as a result of the admission of guilt and their full cooperation. Under the Swiss Penal Code (SPC), prosecution of the case may also be declined when the harm caused by the crime is rectified.3 However, in all cases of criminal conduct, illicit profits must be disgorged.4

ii Internal investigations

The governing body and senior management of an undertaking are required to conduct an internal investigation in cases of suspected or actual (material) misconduct. Swiss law imposes a duty of care and loyalty to the interests of the undertaking on the members of the board of directors and of the executive committee. They must perform their duties with an increased degree of diligence.

Furthermore, the board of directors has the non-transferable and inalienable duty of overall supervision of the persons entrusted with managing the company, in particular with regard to compliance with the law and internal directives.

If the undertaking decides to self-report suspected misconduct, it must consider limitations to the disclosure of personal data under the DPA and under employment law. In Switzerland, an internal investigation does not require consultation or pre-approval by a works council (i.e., a statutory-employee representation body).

Internal investigations will typically focus on the review of electronic communication data and documents and employee interviews.

Employee business communication may, as a rule, be reviewed without the knowledge or consent of the employee if there is a prevailing interest of the undertaking in conducting the review. However, disclosure of personal data to third parties is subject to restrictions under the DPA and employment law, which respectively oblige the employer to protect the employee's privacy, and to apply due process principles in the event of internal investigations.

Under Swiss employment law, employees are required to act in good faith and in the interest of the employer. As a rule, employees are asked to cooperate with internal investigations, based on the general duty to act in the interest of the employer. In consideration of the employers' duty to apply due process principles when investigating employees who may become defendants, employers should inform employees that they may retain independent counsel before conducting interviews. If the employee decides to retain counsel, the related costs may need to be covered by the undertaking if the employee acted in accordance with instructions.

Typically, law firms are chosen to conduct the internal investigation, as attorney-client privilege applies to the communication between the law firm and the undertaking, to the communication between the law firm and its agents (for instance accounting and forensic firms, etc.) and to all attorney work product to the extent that the internal investigation serves the purpose of advising the undertaking in its preparation for criminal or administrative defence. It is important to note that Switzerland does not grant legal privilege to in-house counsel or compliance officers. Professional secrecy and the advantages of conducting an investigation by a competent person who is independent from the undertaking are the main reasons for engaging law firms for internal investigations.

iii Whistle-blowers

Switzerland does not have whistle-blower protection laws. In practice, many undertakings have established mechanisms for employees - and partially also for external stakeholders - to report suspected or actual misconduct to an independent body (the compliance officer, an external ombudsperson or an external lawyer). Multinationals often follow the guidance provided by the US Department of Justice and the Securities and Exchange Commission in their FCPA Resources Guide as well as guidance provided by international standards (in particular ISO 19600 - Compliance Management Systems and the OECD Guidelines for Multinational Enterprises).5

In 2015, the Swiss National Council discussed a new whistle-blower protection law. It decided though to ask the Federal Council to revise the legislative proposal because of its overly complex mechanism. This proposal was criticised by NGOs as being a setback because of the lack of the right to report anonymously and the absence of a non-retaliation guarantee for employees who report in good faith.

Since summer 2015, the Swiss Federal Police (Fedpol) has operated a web-based reporting platform for individuals who want to submit anonymous reports on suspected corruption.6 Fedpol reviews each report for criminal relevance before forwarding it to the competent internal office or external agency (e.g., the cantonal police) for follow-up action. Information on irregularities in federal administrative units that do not appear to have a criminal background will be forwarded to the Federal Audit Office for follow-up action. In 2016, 125 reports were filed via the whistleblowing platform.

NGOs, such as Ethics and Compliance Switzerland (ECS), promote best practices regarding whistle-blowing. In 2016, ECS published a Guideline on Whistle-blowing. The guideline contains best practice recommendations and is intended as a tool for officers entrusted with the implementation or review of a speak-up procedure in public or private organisations of any size.7

III ENFORCEMENT

i Corporate liability

The SPC covers corporate criminal offences.8 According to the SPC, an undertaking is liable for organisational weakness if it fails to implement all necessary and adequate measures to avoid money laundering, terrorism financing, participation in a criminal organisation and corruption committed by its employees in the context of the undertaking's business.

The criminal organisational weakness under the SPC addresses the organisational failure to prevent certain severe crimes. Therefore, an undertaking with poor compliance governance (independence, access to the board, adequate resources of the compliance function) and poor compliance management may, in the event of actual misconduct by employees, be subject to criminal sanctions, including - in the event of money laundering, corruption, etc. - disgorgement of all illicit profits.

Furthermore, an undertaking is also criminally liable if a crime has been committed in the process of a business activity and it is not possible, due to the company's organisational weakness, to identify the responsible employee.9

Swiss law also provides for civil liability of the undertaking. Members of the board of directors, senior management and all persons engaged in the liquidation of a limited company face civil liability towards the company, the shareholders and creditors for any loss or damage arising from an intentional or negligent breach of their duties of diligence.10 On an extra-contractual basis, third parties are entitled to claim civil damages from undertakings if the damages have been caused by employees or other auxiliaries who were not diligently selected, instructed and supervised or if the undertaking does not prove that the employer took all necessary precautions to avoid the harmful conduct. A similar provision exists in the Code of Obligations (CO) for causal contractual liability.

ii Penalties

The range of potential sanctions varies depending on the enforcement agency bringing the action: Under the SPC, undertakings may be fined up to 5 million Swiss francs and have any illicit profits confiscated.

With regard to COMCO, undertakings are sanctioned under administrative law if they engage in cartels or illicit vertical restraints, abuse market dominance or ‘jump the gun' merger-control regulations. As a consequence, fines of up to 10 per cent of the undertaking's turnover in Switzerland during the last three years can be levied.11 In addition, an undertaking can be charged up to one million Swiss francs in case of a breach of statutory obligations in merger control cases or up to 100,000 Swiss francs if the undertaking does not fulfil its obligation to submit information.12

Institutions that are subject to FINMA's regulatory financial market supervision may face specific regulatory consequences in case of a regulatory breach. FINMA has a broad range of tools at its disposal to enforce its regulations: precautionary measures, orders to restore compliance with the law, declaratory rulings, directors' disqualification, cease-and-desist orders and bans on trading, publication of decisions, confiscation of profits, as well as withdrawal of licences and compulsory liquidation as a last resort.

iii Compliance programmes

Diligent management of any organisation requires best practice risk and compliance management. This is reflected with regard to public and private undertakings in the SPC: undertakings that have implemented and are maintaining all adequate and necessary organisational measures to prevent corporate misconduct are not subject to sanctions under the corporate criminal offence. The OAG, when assessing corporate compliance management, relies on international standards and generally accepted best practices. Equally, COMCO considers compliance-management system standards and international guidelines when calculating and mitigating cartel fines. In case of infringements against the CartA, undertakings can raise the compliance defence, that is, they can produce evidence that the infringement occurred despite the undertaking's best practice risk and compliance management. In the financial sector, FINMA requires regulated institutions to establish independent risk and compliance functions based on risk and compliance policies that must be formally approved by the board of directors and the executive committee. FINMA demands that financial institutions and undertakings apply best practice efforts to manage and control risk, including compliance risks. COMCO, in its public guidance, references a number of international standards and best practice guidelines such as ISO 19600 and OECD and ICC guidelines. Required or recommended elements of such systems include a clear compliance mandate or policy, access of the compliance function to the board and its independence from line management, adequate resources, clear structures, tasks and responsibilities, clear reporting lines and measurement of effectiveness and continual improvement.

Best management practices are typically described in international standards or generally accepted guidelines. Best-practice risk management is outlined in ISO Standard 31000 - Risk Management13 and, alternatively, in the COSO Enterprise Risk Management Framework.14 Best-practice compliance management systems (respectively, in the former wording: compliance programmes) are described in ISO Standard 19600 - Compliance management systems and in international guidelines, such as the OECD Guidelines for Multinational Enterprises.

iv Prosecution of individuals

In the event that employees are prosecuted for misconduct in business matters, the undertaking should coordinate employment-related decisions with the regulator or the enforcement agency. Employees under investigation should under no circumstances be terminated unilaterally by the undertaking. This can be construed as a lack of cooperation by the undertaking because the regulator or enforcement agency may face difficulties in interviewing or interrogating the witness.

Ideally, an employee under investigation will appoint independent counsel and the undertaking's counsel will communicate with the employee's counsel (to the extent permitted by law). Once the investigation is closed, the undertaking can take employment-related decisions and implement them. However, under Swiss employment law, the undertaking must apply due process principles in its dealings with employees, in particular granting them the right to be heard.

The undertaking must, under certain conditions, pay for the employee's legal fees if the employee acted in accordance with internal regulations and instructions.

IV INTERNATIONAL

i Extraterritorial jurisdiction

In some instances, Swiss law has an extraterritorial reach: under the SPC, bribery of foreign officials and employees is a criminal offence. Undertakings, including foreign parent companies of Swiss subsidiaries, can be sanctioned under the corporate offence of the SPC if they have not taken all adequate and necessary measures to prevent employee misconduct, in particular bribery of foreign officials, in their Swiss subsidiary.15 Generally speaking, the SPC provides for some corporate offences to be investigated and sanctioned in Switzerland even if committed outside the country, for instance, in the case of bribery of foreign officials.

With regard to competition law, offences that have an effect in Switzerland can be investigated and sanctioned by COMCO, even if they originated outside Switzerland.16

In order to implement the financial market laws, FINMA may conduct reviews of supervised financial institutions and their subsidiaries, even if the latter are located abroad.17

ii International cooperation

Swiss authorities are generally interested in and willing to cooperate with their foreign counterparts, both in formal statutory processes and in an informal way. Such cooperation includes international administrative assistance (for foreign administrative proceedings) and international legal assistance (for foreign court proceedings). Switzerland is a member of Interpol and - although not a member of the European Union - is fully associated with the European Union's Schengen framework. Also, Switzerland and the EU signed and implemented the first second-generation cooperation agreement in competition matters.18

In terms of formal international legal assistance in criminal matters, Switzerland is a signatory to the European Convention on Extradition of 1957, including its Second Additional Protocol, dated 1978. In addition, Switzerland has signed numerous bilateral treaties in order to improve mutual legal assistance with other countries.19

Assistance may be granted to countries that are not party to any applicable treaty based on the Federal Act on International Mutual Assistance in Criminal Matters of 1981 (IMAC). According to this federal law, legal assistance is granted under the condition of reciprocity.

While Switzerland does not extradite Swiss nationals against their will, Swiss authorities are usually willing to extradite foreigners. According to the IMAC, the grounds for refusal include lack of criminal liability in Switzerland, fallacious charges, application of a statute of limitations, politically motivated proceedings, and violations of the right to a fair trial, as well as the prohibition of inhumane treatment in compliance with Articles 3 and 6 of the ECHR in the foreign proceedings. All objections are procedural in nature, and the merits of the case and the defendant's guilt are not taken into consideration.

In practice, extradition has only been rejected in a few cases, mainly because the requests were inconsistent or because it was found that the reason for prosecution was political. A likelihood of a violation of fundamental human rights in the requesting country is usually not an obstacle for extradition if the requesting country is a signatory to the ECHR. For those countries that are convicted by the European Court on Human Rights relatively often (for instance, Russia and Turkey), Switzerland relies on a (criticised) practice of accepting diplomatic ‘warranties', by which the requesting state guarantees to Switzerland that it will uphold the standards of the ECHR in the specific case.

According to FINMA statistics, cooperation in the white-collar sector most frequently occurs with French, German, US and UK authorities.20

iii Local law considerations

If multiple jurisdictions are involved in an investigation, Swiss undertakings must pay special attention to compliance with the DPA, Swiss employment law and banking secrecy, as well as laws protecting business secrets. Undertakings, when cooperating with foreign public agencies, must also avoid violating Articles 271 (prohibited acts on behalf of a foreign state) and 273 (prohibited economic intelligence in favour of a foreign state or organisation) SPC. For some investigations (such as the investigations of Swiss banks regarding suspected tax offences conducted by the US Department of Justice and the US Internal Revenue Service), the Federal Council has granted special permissions for undertakings to cooperate with foreign states and their agencies.

V YEAR IN REVIEW

By the end of 2016, the Swiss-US tax dispute came to a close. The US Department of Justice's (DOJ) self-disclosure programme provided a path for Swiss banks to resolve potential criminal liabilities in the United States. Swiss banks eligible to enter the programme had to declare by the end of 2013 that they had (or by the end of September 2014 that they had no) reason to believe that they had committed tax-related criminal offences in connection with undeclared US-related accounts. Banks already under criminal investigation related to their Swiss-banking activities and all individuals were expressly excluded from the programme. Eighty Swiss banks were able to reach non-prosecution agreements with the DOJ and five banks were granted non-target letters. The DOJ has executed agreements with 80 banks and has imposed a total of more than US$1.36 billion in penalties against Swiss banks. The DOJ's self-disclosure programme offered Swiss banks an opportunity to treat their risks with regard to US criminal law in a structured and timely manner. With hindsight, it may be regrettable that the ‘fast-track' process for small, regional Swiss banks was abandoned early in the implementation of the programme.

Roughly 50 Swiss banks are now focusing on the German tax dispute. This dispute lacks a structured, transparent process and many banks are uncertain as to the allegations against them and the most effective way in accordance with due process to treat the legal risk.

A major trend in 2016 was the OAG's increased enforcement activities regarding bribery of foreign officials. The OAG arrested and extradited nine FIFA officials to the US in relation to the Department of Justice's FIFA probe. Furthermore, the OAG continued to investigate financial flows through Swiss banks in cases of suspected corrupt payments in the context of the Petrobras and the 1MDB investigations. On 21 December 2016, the OAG issued a summary penal order against Odebrecht SA and its subsidiary Construtora Norberto Odebrecht SA (CNO), which have their headquarters in Brazil. Odebrecht and CNO were found guilty of the failure to prevent bribery of foreign officials under Article 102 Paragraph 2 SPC. The two companies have been held jointly and severally liable to pay Switzerland the sum of 117 million Swiss francs. The company Braskem SA also paid bribes via the same channels as Odebrecht SA and CNO. Odebrecht SA has a majority shareholding in Braskem SA, with another shareholder being the Brazilian state, acting via Petrobras. Proceedings in Switzerland and against Braskem SA have been abandoned as the company is being held accountable in the USA for offences that include the acts of bribery under investigation in Switzerland. However, the Swiss decision to abandon the proceedings involved the company paying compensation of 94.5 million Swiss francs. Accordingly, over 200 million Swiss francs will have to be paid to Switzerland for fines and disgorgement of profits.

In May 2016, the OAG opened criminal proceedings against Bank BSI SA and in October 2016 against Falcon Private Bank Ltd based on information obtained from the criminal investigations related to the Malaysian state fund 1MDB and on regulatory offences sanctioned by FINMA in its decision of 23 May 2016. The OAG suspects that both banks failed to prevent money laundering and bribery by their respective employees and violated Article 102 paragraph 2 SPC.

In December 2016, the OAG also opened criminal proceedings against a former employee of private bank Lombard Odier & Co Ltd. The bank itself is under investigation by the OAG for allegedly failing to prevent money laundering under Article 102 Paragraph 2 SPC.

In May 2016, COMCO fined Swisscom, the state-controlled incumbent telecom company, 71 million Swiss francs for having barred competitors from acquiring television rights for sporting events. Later in December 2016 COMCO fined a number of major global banks 100 million Swiss francs for illicit agreements regarding interbank offered interest rates. Further activities of COMCO include the prohibition of anti-competitive contract clauses by hotel booking platforms such as Booking.com, Expedia and HRS.

VI CONCLUSIONS AND OUTLOOK

The science and art of conducting internal investigations and assisting undertakings in multi-jurisdictional external investigations is an emerging legal and managerial expert field, both globally and of course also in Switzerland. Best practices are still under development, and although an increasing number of strategies, including self-reporting, have now been tested and adopted by Swiss undertakings, there are still no clear-cut answers to many key questions. However, this field of law and forensic management is developing rapidly and there are a growing number of cases that provide guidance and best practices have now become more tangible than before. For undertakings, it is crucial to understand the complexity and challenges of international investigations and the need to retain experienced independent experts from the outset to successfully navigate the tricky waters of cross-border internal and government investigations. In doing so, undertakings can avoid foot faults in the very first weeks and months that can result in massive costs and an unnecessary loss of options and flexibility.


1 Daniel Lucien Bühr and Marc Henzelin are partners at LALIVE SA. The authors would like to thank Krisztina Balogh, associate, Daima Vuilleumier and Friedo Breitenfeldt, trainees, for their assistance.

2 Article 29 Paragraph 2 FINMASA and, for instance, Section 4.5 of FINMA position paper of 22 October 2010 on legal and reputational risks in cross-border financial services.

3 Article 53 SPC.

4 Articles 70 and 71 SPC.

5 For ISO 19600 see www.iso.org/standard/62342.html and for the OECD CleanGovBiz Initiative: Whistle-blower protection: encouraging reporting, July 2012 see www.oecd.org/cleangovbiz/toolkit/50042935.pdf .

6 See: https://fedpol.integrityplatform.org/index.php .

7 Guideline Key Success Factors for Implementing an Internal Speak-Up Procedure, Ethics and Compliance Switzerland, see: www.ethics-compliance.ch/wp-content/uploads/2016/07/ECS-
Guideline-Key-Success-Factors-for-Implementing-an-Internal-Speak-Up-Procedure-2-2-1.pdf.

8 Article 102, Paragraph 2 SPC in connection with Article 322 ter et seq., 305 bis, 260 ter, and 260 quiniquies SPC.

9 Article 102, paragraph 1 SPC.

10 Article 754 CO.

11 Articles 49 and 50 CartA.

12 Articles 51 and 52 CartA.

13 According to the OECD, ISO 31000 is de facto the world standard for risk management: see: Risk Management and Corporate Governance, OECD, 2014, p. 16, www.oecd.org/daf/ca/risk-management-corporate-governance.pdf.

14 Committee of Sponsoring Organizations of the Treadway Commission: www.coso.org.

15 See OAG criminal order of 22 November 2011 against Alstom Network Schweiz AG, acting on behalf of Alstom Group.

16 Article 2 paragraph 2 CartA.

17 Article 43 paragraph 1 FINMASA.

18 Agreement between the European Union and the Swiss Confederation concerning cooperation on the application of their competition laws (2014).

19 A public database with extensive information on applicable sources of law relevant for Switzerland's legal assistance in criminal matters can be found at www.rhf.admin.ch/rhf/de/home/rhf/index/laenderindex.html (in German, French and Italian).

20 FINMA, Incoming Requests from Abroad, www.finma.ch/de/durchsetzung/amtshilfe/internationale-amtshilfe/amtshilfegesuche-aus-dem-ausland/.