A number of agencies are empowered to investigate corporate conduct. Among these are the Danish Public Prosecution Authority (encompassing the State Prosecutor for Serious Economic and International Crime and the Danish Money Laundering Secretariat), the Danish Financial Supervisory Authority, the Danish Data Protection Agency and the Danish Competition and Consumer Authority.
The Public Prosecution Authority deals exclusively with cases concerning criminal investigation and prosecution. Its primary responsibility is to decide on whether to pursue criminal prosecution and to appear before the courts in criminal cases.
The State Prosecutor for Serious Economic and International Crime (SEIC) is a special unit within the Public Prosecution Authority that investigates and prosecutes cases concerning particular economic crimes, that is, where the economic crime is of significance, part of organised criminal activity, based on extraordinary business measures or is otherwise of a qualifying character. Examples of cases dealt with by the SEIC are bribery and corruption and other closely related offences, competition law violations and money laundering. The SEIC is also responsible for handling international criminal cases, such as genocide, crimes against humanity and other serious offences in which the criminal act has been perpetrated abroad and the investigation and prosecution presupposes cooperation with foreign institutions and authorities. The SEIC has very broad investigative powers and has a special position in Denmark owing to its specialised powers.
The Money Laundering Secretariat is the Danish financial intelligence unit (FIU) and sits within the SEIC. The main responsibilities of the Secretariat are receiving, analysing or communicating notifications to businesses when there is a suspicion of money laundering. Certain businesses, such as financial institutions, are subject to a number of inspection and reporting duties under the provisions of the Money Laundering Act in order to prevent money laundering. The Secretariat also receives notification of money laundering from public authorities. Upon receipt of a notification of potential money laundering, the Secretariat determines whether to request that the police initiate further investigations to lodge an indictment; the police decide whether to carry out any investigations. The Secretariat can, when needed, assist the police in obtaining information from Interpol or other countries' FIUs. It also handles transit cases (i.e., where there are no personal or legal entity ties to Denmark) with no involvement by other authorities.
The Financial Supervisory Authority (FSA) operates under the auspices of the Minister for Economic and Business Affairs and supervises financial businesses in Denmark. The primary task of the FSA is supervision of financial undertakings. It also supervises the securities markets and conducts regular inspections of the relevant financial institutions. The FSA can issue warnings, impose injunctions and, in severe cases, is empowered to revoke necessary business licences. If the FSA detects illegal activity, it will report the business to the SEIC for further investigation.
The Danish Data Protection Agency (DDPA) monitors businesses in order to ensure compliance with the Act on Processing of Personal Data. The DDPA can initiate its own investigations if the agency suspects a violation of the law. It also receives citizen complaints, and, after receiving these, can decide whether specific data-processing measures are in accordance with the regulations. The DDPA is empowered to inspect private businesses (and public authorities) to make sure that the processing of data is carried out in accordance with the Act on Processing of Personal Data.
The DDPA conducts inspections several times a year. If it discovers a violation of the Act on Processing of Personal Data, it is empowered to issue a ban on further data processing. In some cases, the DDPA will report the violation to the police, which then takes over the investigation.
The Danish Competition and Consumer Authority (DCCA) enforces the Danish Competition Act. It is an authority within the Ministry of Business and Growth of the Danish government. The DCCA handles the daily operations of the administration of the Competition Act on behalf of the Competition Council. Unlike most other enforcers in Europe and elsewhere, the DCCA cannot issue fines but must forward cases to the public prosecutor. In limited cases involving minor infringements, it is authorised to make administrative determinations, such as dawn raids. Investigations may be triggered in different ways, but typically by reports or complaints from competitors and consumers. The DCCA may also carry out investigations on its own initiative, if it suspects that a certain company has violated the Competition Act. The DCCA regularly carries out dawn raids in Denmark. Investigation and prosecution of criminal cases must be undertaken by the SEIC as the DCCA does not have authority to investigate or prosecute criminal cases before the courts.
The various authorities are empowered with different investigatory tools. The SEIC has very broad investigation powers, and those regarding dawn raids are much broader than the powers of the DCCA; the SEIC may seize documents during dawn raids, but the DCCA is only allowed to take copies of the information it wants.
Political agendas and domestic priorities have no impact on the prosecutorial functions. The authorities act independently and without any political influence.
A business under investigation has no obligation to cooperate with the authorities and taking an adversarial stance is both a realistic possibility and common.
Criminal investigations are handled exclusively by the authorities, that is to say, internal investigations by a business entity are not admissible in court. The authorities are obliged to remain neutral and objective in the course of their investigation and to share the information obtained through this investigation with their subject.
The Danish Criminal Code is the codification and the foundation of criminal law in Denmark. It is divided into a General Part of 97 sections and a Special Part of 208 sections. The main legal source of the rules of jurisdiction in Denmark in civil and commercial matters is the Danish Administration of Justice Act.
There is no general legal obligation to self-report. In determining whether to self-report, the seriousness of the offence and the leniency opportunities should be taken into account.
Cooperating with the authorities can benefit a company that self-reports. Cooperating may lead to a reduction in fines, and in some cases, the public authorities may even decide against commencing criminal charges.
Article 82 of the Criminal Code lists a number of mitigating circumstances for criminal conduct. These can lead to a reduction of the penalty upon conviction. The circumstances are primarily meant for individuals, but can also be relevant for a legal entity, for example, self-reporting or volunteering information on the illegal activities of third parties. It is at the discretion of the court to determine whether self-reporting or volunteering information about third parties should have an influence on the sentencing. Except in matters of cartel regulation, no written policies or guidelines are available as to when self-reporting may lead to benefits for businesses.
Under the Competition Act, a member of a cartel may apply for impunity or leniency. Businesses that participate in a cartel can be punished by fines in excess of 20 million Danish kroner, although if there are mitigating circumstances, the fine may be lower. Executives and board members can be individually fined (usually several hundred thousand kroner) or sentenced to imprisonment for up to six years in very severe cases. Application for impunity is available to members of a cartel under the Competition Act, Section 23a. Impunity may be granted by the SEIC if the cartel member (applicant) is the first to report the cartel to the authorities, the applicant provides information that the authorities were not previous privy to, or the information provides grounds for investigative measures (inspection, dawn raid or police reporting) or grounds for establishing a violation of the Competition Act. The applicant must cooperate with the authorities throughout the investigation, must have ceased any participation in the cartel at the time of application and may not have forced any other business to participate in the cartel. If the applicant is not the first member of the cartel to self-report, the applicant may obtain a reduced fine under certain circumstances; that is, the information provided by the applicant regarding the cartel must add significant value for the authorities relative to the information already available, the applicant must cooperate with the authorities throughout the investigation, the applicant must have ceased any participation in the cartel at the time of application and may not have forced any other business to participate in the cartel. The second applicant in the cartel may obtain a 50 per cent reduction of the fine, the third applicant a 30 per cent reduction and applicants thereafter a 20 per cent reduction. The prosecutor will inform the court of the applicants' participation and fulfilment of the requirements for leniency. Applications will be treated with discretion, but no guarantees of confidentiality can be issued. In cases where the cartel involves other EU Member States, the authorities have an obligation to report the cartel to the EU Commission and provide information about the identity of the applicants for leniency. The DCCA is also obliged to publish information about judgments and fixed-penalty notices issued against cartel members.
ii Internal investigations
A business may conduct its own internal investigation at any time, but there are no legal requirements as to when and how the investigation must be conducted.
The extent of the internal investigation will vary and depend on the size of the business and the level of exposure. Witness interviews and scrutiny of documents are typical in internal investigations; these are typically conducted by law firms (external counsel). The external counsel will have no subpoena powers or otherwise, but must rely on the cooperation of the company and its employees, that is, it must rely on the company providing access to the relevant documents and granting interviews with relevant witnesses. A waiver of privilege would be expected as part of the company's cooperation. It is not unusual for the employees being interviewed to be assisted by independent counsel.
The investigations should be carried out in accordance with the Data Protection Law and Danish employment law. There is no legal obligation for a company to disclose the findings of an internal investigation to the authorities.
Whistle-blowers are a hot topic in Denmark. Increasingly whistle-blower systems have become commonly applied by Danish businesses, as the systems allow the employees a safe place to share their knowledge. Whistle-blower systems are often seen as part of an effective compliance programme as a way the employees can either report an illegal activity within the company or seek guidance regarding potential cases of non-compliance.
Companies that have a whistle-blower system in place must ensure that it complies with Danish data protection rules. With the new General Data Protection Regulation (GDPR) effected, companies must no longer notify the DDPA of whistle-blower systems.
The DDPA is of the opinion that reporting may only take place in cases of serious offences – of suspicion thereof – that can be of importance to the group or company as a whole, or that can be of significant importance to the life and well-being of individuals. This may include suspicion of serious economic crime, including bribery, fraud and forgery.
The DDPA has taken the view that reporting can take place to the degree required by the Sarbanes Oxley Act, namely for irregularities in the areas of accounting, internal auditing and suspicion of corruption and crime in the bank and finance sectors. Other examples deemed suitable by the DDPA include cases of environmental contamination, serious breaches of work safety and serious circumstances involving an employee, such as sexual abuse. However, less serious offences cannot be reported (e.g., cases of harassment, cooperative difficulties, incompetence, absence, violation of guidelines for, for example, attire, smoking or drinking, using email or the internet).
It is important to note that there is no statutory protection for whistle-blowers. The authorities have not implemented any specific incentive programmes for whistle-blowers to come forward.
Depending on the specific circumstances, a business may take lawful action (e.g., terminate employment) against employees reporting suspicion of illegal activities if this is done in a disloyal manner, such as involving the media, or in a manner that violates confidentiality obligations. If the business has fired an employee for acting as a whistle-blower and the termination is unlawful, the employee is entitled to damages but not to be reinstated within the business.
Only a few Danish cases have dealt specifically with employees reporting illegal activities. In the 2005 Grevil case (reported in Ugeskrift for Retsvæsen 2006.65Ø), Frank Grevil, a former army intelligence officer, leaked classified information regarding the threat reports from Iraq originating from the Military Intelligence Service, FET, to a journalist from a Danish newspaper. Frank Grevil was dismissed, found guilty of disclosing confidential information and was sentenced to six months' imprisonment.
i Corporate liability
Corporate liability for legal entities is available under Danish law.
Criminal liability of a legal entity is conditional upon a transgression having been committed within the establishment of the legal entity by the fault of an individual connected to the legal person or at the fault of the legal entity itself.
A legal entity can be prosecuted in a similar way to a physical person if the legal basis is present; it must be stipulated specifically in the law that the company is subject to criminal punishment if an offence is committed by the legal entity.
The relevant set of rules is found in Chapter 5 of the Criminal Code, which states that companies and corporate bodies can be subject to criminal liability. Criminal liability must involve the commission of a criminal act or omission by one or more physical persons acting on behalf of the legal entity. It is not a requirement that the person in question is a member of management. The company can be liable for any intentional or negligent criminal act or omission by its employees, contractors and agents acting on its behalf if the act or omission is not abnormal in the context of its usual business, practices and procedures. Generally, it would not be advisable – nor is it normal practice – for the company and individuals to be represented by the same counsel, but it is normal practice for counsel to cooperate on a defence.
A company may be punished only by a fine, whereas individuals may be imprisoned. Imprisonment can generally only be imposed on managerial staff, but under special circumstances subordinate employees can also be charged with the offence.
Plea bargains are not available under Danish law, but an individual or corporate entity can accept a fine based on a fixed-penalty notice from the prosecutor. The amount of the fine will be determined after a consideration of the gravity of the offence, the duration of the offence and the turnover of the company.
A company can also be subject to confiscation, which follows from Section 75 of the Criminal Code. Confiscation is a possible penalty if the company has gained proceeds from a criminal act, and if the Danish Public Prosecution Authority decides on prosecution.
The range of potential sanctions does not vary, regardless of which authority brings the action, but the level of fines may vary depending on the subject matter.
iii Compliance programmes
During the past few years, there have been significant developments in establishing and practising compliance programmes in Denmark.
There is no regulation on compliance programmes nor any sentencing guidelines that take compliance programmes into account.
Compliance programmes primarily ensure that a business complies with the law, but the existence of a compliance programme also has some advantages in cases of non-compliance regarding the penalties. The existence of a compliance programme can serve as an argument against criminal charges or as an argument of mitigation of the penalty, for example, as a reduction of a corporate fine. However, this is only a possibility and is at the discretion of the prosecutor and the courts to assess whether a compliance programme should be a mitigating factor. Generally, it will not be a mitigating factor if senior management has been involved in the offence.
iv Prosecution of individuals
Under Danish law, an employer has a right to decide whether an employee's contract should be terminated. However, the exercise of this right has been limited by statutes and by collective agreements, prescribing that a termination should be based on a fair reasoning. In this context, a fair reasoning means that the termination should either be reasonable according to the conditions of the company or the behaviour or conditions of the employee. Criminal charges against an individual would normally be sufficient for a lawful termination.
The company may coordinate with the employee's individual counsel and it may be advisable for the company to retain the employee until after the criminal investigation has been finalised or even until after a judgment has been rendered. The company will be able to cooperate with the investigation and retain the employee. The company can advance or pay the legal fees of the employee's counsel, but this may create complex tax issues.
i Extraterritorial jurisdiction
Danish law applies when a criminal offence is committed outside Denmark if the suspect is either a Danish citizen or a permanent resident in Denmark, and if the offence is recognised as a criminal act in Denmark.
The Criminal Code specifies that Danish courts have jurisdiction in offences committed outside Denmark, if the offence is committed by either a Danish citizen or a permanent resident in Denmark, or if the citizen who committed the offence becomes a Danish citizen or a permanent resident after having committed the offence.
ii International cooperation
The Nordic countries – Denmark, Finland, Iceland, Norway and Sweden – cooperate closely regarding criminal investigations and crime prevention. On the basis of cross‐national influences between historically interrelated and culturally (relatively) similar countries, this cooperation is successful.
Denmark has ratified a number of conventions to address criminal activity. Among these are the Schengen Agreement 1995, the European Conventions on Mutual Assistance in Criminal Matters 1959 and 2000, and a further number of UN and EU conventions. Furthermore, Denmark is an active member of several international networks, including Europol, the OECD and Interpol.
Extradition is possible under the auspices of the European arrest warrant and pursuant to individually negotiated treaties with countries outside the European Union. Extradition is not common but it does occur.
iii Local law considerations
The Danish authorities are very reluctant to recognise investigatory measures that are foreign to Danish law. The authorities will recognise foreign criminal investigations that comply with Danish law and particularly if the Danish authorities are involved in the investigation.
V YEAR IN REVIEW
The GDPR is a new EU regulation intended to strengthen and unify data protection. It entered into force on 5 May 2016, and Denmark and other EU Member States transposed it into their national laws with effect from 25 May 2018. It replaces the old data protection Directive of 1995.
The primary objectives of the GDPR are to give citizens and residents control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the European Union. One of the more extensive provisions of the new regulation is that businesses must appoint a data protection officer to be in charge of supervising and ensuring an organisation's compliance with the GDPR.
In general, the new regulation aggravates the standards of administration of personal data and imposes a considerably higher level of fines; a serious violation of the regulation can lead to a penalty as high as €20 million or 4 per cent of global turnover.
Despite the increased effort, the Financial Action Task Force (FATF) does not consider Denmark's effort in combating money laundering as sufficient. In its report of August 2017, the FATF criticises Denmark for not having a national strategy to combat money laundering and terrorist financing, and points out that Denmark needs to do more to properly assess and understand the risks it is exposed to. The report also recommends that Denmark enacts an independent and modern money laundering offence that criminalises self-laundering. Businesses may therefore expect further measures by the authorities regarding money laundering. In June 2017, a Bill entered into force to implement the Fourth EU Anti-Money Laundering Directive,2 and thereby implement certain changes to the current regulation on money laundering. The Bill seeks to implement the recommendations made by the FATF. Among other things, the Bill extends the scope of application, amends certain definitions, obligates a business to continuously assess its risk for being involved in money laundering, and entails more thorough customer assessment procedures and changes to the notification procedures. Since the Bill was implemented, the SEIC has received more tip-offs regarding money laundering than ever before.
In January 2017, the Danish High Court imposed a record-breaking fine for money laundering (Eastern High Court judgment of 26 January 2017 in Case No. S-317-16). The fine was 111 million kroner for the laundering of 223 million kroner through an exchange bureau. Two individuals (managers) were each sentenced to six years in prison. The judgment put an end to the activities of both the managers and the exchange bureau. The case is the first of its kind in Denmark, but it coincides with the fact that the authorities have increased their efforts to combat money laundering.
In March 2017, the Danish High Court imposed a record-breaking fine of 13 million kroner for market abuse (Eastern High Court judgment of 23 March 2017 in Case No. S-2410-15). The former chief executive officer (CEO) and chairman of the board of the company were both sentenced to 18 months' imprisonment and their proceeds from divestments of shares in the company (800,000 and 9 million kroner respectively) were confiscated. The case concerned the legality of the purchase of treasury shares between November 2007 and October 2008 in the amount of approximately 100 million kroner. The company's traders purchased the shares at the stock exchange with the purpose of using them as payment in connection with the fulfilment of agreements with third parties and to fulfil options programmes with senior staff, including the CEO and the chairman of the board.
The High Court found that the company by its actions had ensured that the stock price was artificially high compared to the market value and that the activities gave the market wrongful or misleading signals regarding the stock price. The company's traders bought so many shares that the company obtained a dominant position in the market or, through its traders, the company placed orders, for example in closed auctions at the best price, which was significantly above the latest updated price at the stock exchange.
The case is significant in view of the sanctions imposed and because the prosecutor in previous years has failed to obtain convictions in cases involving market abuse.
In June 2017, the Danish High Court found that the founder and board member of a collapsed bank was not guilty of committing fraud in relation to him acting for private interests in commercial matters. The case is significant as the High Court changed the judgment of the district court, which had sentenced the founder and board member to 30 months in prison. The case concerned an issue of options at a price that was too high by 5 million kroner, which led to an increased risk for the debt holders of the company. The High Court, unlike the district court, did not find that the contract behind the share purchase was unusual in a commercial context.
The case is one of several concerning collapsed banks in recent years.
VI CONCLUSIONS AND OUTLOOK
Implementation of the GDPR has received significant attention and this trend is likely to continue.
The Bill implementing the Fourth EU Anti-Money Laundering Directive will also continue to receive attention, as businesses will continuously have to implement new procedures on the assessment of their risk in participating in money laundering.
Generally, we expect that cross-border investigations will be prioritised by the authorities and that the necessary resources will be allocated to the authorities to deal with the complex issues and to cooperate with foreign authorities.