In late 2017, the Irish government published a suite of measures aimed at strengthening Ireland's response to corporate misconduct. During the next 12 to 18 months, significant changes may be made to the investigative and prosecutorial regimes that govern corporate Ireland.
In November last year, the Irish government published Measures to Enhance Ireland's Corporate, Economic and Regulatory Framework.2 The focus of the framework is combating white-collar crime. The actions put in place by the government have been developed to augment the existing regulatory and legislative framework in the area of corporate, economic and regulatory crime. The planned measures serve as a further commitment by the government that Ireland is open for business and is a secure place in which to do business.3
There are a number of bodies, regulatory and otherwise, which are empowered to investigate corporate conduct in Ireland including An Garda Síochána (the police), the Office of the Director of Corporate Enforcement (ODCE), the Office of the Revenue Commissioners (the Revenue Commissioners), the Competition and Consumer Protection Commission (CCPC), the Data Protection Commission (DPC), the Health and Safety Authority (HSA) and many other regulators. Offences are either summary (minor) or indictable (serious). In general, regulatory bodies are authorised to prosecute summary offences. However, the Office of the Director of Public Prosecutions (DPP) is the relevant body for the prosecution of criminal offences on indictment. The DPP has no investigative function; the relevant regulatory or investigating body prepares a file and submits it to the DPP for consideration. It is then solely at the discretion of the DPP as to whether a case will be taken in respect of the suspected offence. The Central Bank of Ireland (CBI) also has investigatory and regulatory powers, including powers of inspection, entry, search and seizure, in respect of financial institutions under the Central Bank Act 1942, as amended.
The investigation of criminal offences is primarily the function of the police. The police have a wide range of powers, which include: to approach any individuals and make reasonable enquiries to stop and search; to seize evidence; to enter and search premises; and to detain and arrest. There are a number of specialist units that support the police with investigations into corporate misconduct, including the Garda National Economic Crime Bureau (GNECB), the Criminal Assets Bureau (CAB) and the Garda National Cyber Crime Bureau (GNCCB). The GNECB investigates economic crime, including fraud, the CAB investigates the suspected proceeds of criminal conduct and the GNCCB is tasked with the forensic examination of electronic data seized during the course of criminal investigations.
The ODCE is afforded a wide range of investigative powers under the Companies Act 2014 and is responsible for enforcement of company law, including by way of fact-finding investigations, prosecutions for suspected breaches of company law, supervision of companies in official and voluntary liquidation and of unliquidated insolvent companies, restriction and disqualification of directors and other company officers, supervision of liquidators and receivers and the regulation of undischarged bankrupts acting as company officers. In respect of prosecution, the ODCE has the power to prosecute summary offences and to refer cases to the DPP for prosecution on indictment.4
The CBI is responsible for regulating the financial services industry. Its enforcement work can be divided into two processes: an administrative sanctions procedure by which the CBI investigates breaches of financial services law by regulated firms and individuals; and a fitness and probity regime pursuant to which individuals in designated positions within regulated firms must be competent, capable, honest, ethical and of integrity, and financially sound. The CBI's investigative powers include compelling the production of documents, compelling individuals to attend interviews and conducting on-site inspections.
The Revenue Commissioners is the government agency responsible for the assessment and collection of taxes. It also has investigative and prosecutorial powers, which include: to enter and search premises; to inspect goods and records; to take samples; to question individuals; to remove and retain records; to stop, search and detain vehicles; to seize and detain goods and conveyances; and to search and arrest individuals. The investigation and prosecutions division is responsible for the development and implementation of policies, strategies and practices in relation to serious tax evasion and fraud offences. It has a wide range of powers, which include: to conduct civil investigations;5 to conduct investigations into trusts and offshore structures, funds and investments;6 and to obtain High Court orders.7 Of particular significance is the power to obtain information from financial institutions and procure search warrants to this effect.8
The CCPC is responsible for enforcing competition and consumer protection law and holds extensive powers of investigation in relation to suspected breaches of competition and consumer protection law. The CCPC has powers of entry and search and seizure, including the power to search any premises used in connection with a business.9 Its search powers are not confined to a company's offices but extend to the homes of directors or employees.
The regulatory body previously known as the Office of the Data Protection Commission is now known as the Data Protection Commission (DPC) under the Data Protection Act 2018. It is responsible for upholding the rights of individuals and enforcing obligations upon data controllers under data protection law. If the DPC receives a complaint, it is obliged to investigate the alleged data protection breach. Additionally, the DPC may investigate the unlawful processing of personal data and audit data processors of its own accord. The ODPC secures compliance with data protection law through the service of enforcement and prohibition notices on offending parties. It is an offence for any person who fails to, or refuses to comply with an enforcement notice without a reasonable excuse. The HSA is responsible for ensuring that workers are protected from work-related injury and ill health by enforcing occupational health and safety law. The powers of the HSA include the right of entry, the right of inspection, the right to require the production of records, the right to require the provision of information, the right to take measurements and samples, and the right to require that machinery be dismantled.
The prosecution of corporate crime is not influenced by political agendas; the various investigative bodies are independent of government. Ireland is a low-risk economy and a secure place in which to do business.
The DPP was created by statute with the specific aim of maintaining prosecutorial independence. Section 6 of the Prosecution of Offences Act 1974 makes it an offence for persons (other than an accused, suspect, victim or person directly involved) to communicate with the DPP with a view to influencing a decision to commence or continue criminal proceedings. However, arguably there is a lack of transparency in relation to the decisions to prosecute, or not prosecute, particular crimes, as the DPP does not publish the reasons for a decision on prosecution. The DPP introduced a pilot scheme on 22 October 2008, under which the DPP will publish the reason for its decision not to prosecute in cases where an individual has died as a result of an alleged crime, including manslaughter and workplace death. For all decisions made on or after 16 November 2015, a victim can ask the DPP for a summary of the reasons for its decision.
Businesses are under no obligation to cooperate with an investigating authority, save where provided for by legislation or in response to an appropriate court order. In all cases, businesses should seek legal advice regarding the extent to which they must cooperate and comply with the investigating authority. Voluntary compliance with a request for documents or information may affect the privilege against self-incrimination and any obligations of confidentiality under data protection laws.
There are a number of legislative provisions that impose a positive obligation on persons (including businesses) to report wrongdoings in certain circumstances:
- Section 19 of the Criminal Justice Act 2011 provides that a person is guilty of an offence if he or she fails to report information that they know or believe might be of material assistance in preventing the commission of, or securing the prosecution of, another person of certain listed offences, including many white-collar offences. The disclosure is required to be made as soon as is practicable. Practically speaking, however, the person considering making the report may need to make enquiries to be satisfied that a report is justified. The applicable standard for what information meets the threshold of 'material assistance' in preventing the commission of, or securing the prosecution of, an offence has not yet been expanded on or tested before the Irish courts.
- Section 38(2)(a) of the Central Bank (Supervision and Enforcement) Act 2013 places an obligation on the senior personnel of a regulated financial services body to disclose to the CBI, as soon as is practicable, information relating to a suspicion of, or the commission of, an offence under financial services legislation.
- Section 42(1) of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 provides that certain designated persons have an obligation to report any knowledge or suspicion that another person has been or is engaged in an offence of money laundering or terrorist financing to the police and the Revenue Commissioners.
- Section 59 of the Criminal Justice (Theft and Fraud Offences) Act 2001 obliges the auditor of a company to disclose to the police information of which the auditor may become aware in the course of his or her duties that suggests the commission by the company or entity of any offences under that Act. This obligation is notwithstanding any professional obligations of privilege or confidentiality on the part of the auditor.
Although in practice self-reporting may be a mitigating factor in prosecution, immunity or leniency based on this conduct is rarely expressly afforded by legislation. However, the list of sanctioning factors set out in the CBI's Administrative Sanction Procedure includes 'how quickly, effectively and completely the regulated entity brought the contravention to the attention of the CBI or any other relevant regulatory body'.10
The DPP has a general discretion whether or not to prosecute in any case having regard to public interest. Within that discretion is the power to grant immunity in any case. Any grant of immunity will generally be conditioned on the veracity of information provided and an agreement to give evidence in any prosecution against other bodies or individuals. There are no specific guidelines governing the granting of immunity in general. However, in the realm of competition law, the CCPC, in conjunction with the DPP, operates a Cartel Immunity Programme (CIP) in relation to breaches of the Competition Act 2002, as amended. Applications for immunity under the CIP are made to the CCPC. However, the decision to grant immunity is ultimately at the discretion of the DPP.
A person applying for immunity under the CIP must come forward as soon as possible, and must not alert any remaining members of the cartel to their application for immunity under the programme. Further, the applicant must not have incited any other party to enter or participate in the cartel prior to approaching the CCPC. It is important to note that immunity under the CIP is available only to the first member of a given cartel who satisfies these requirements.
Once an application for conditional immunity has been granted, a positive duty is imposed on the applicant to cooperate fully with the investigation, on a continuing basis and at no expense to the CCPC. In particular, the applicant must reveal all cartel offences in which he or she was involved and provide full disclosure in relation to same. If the applicant is a company or corporation, the application for immunity must be made by the company in its separate legal capacity. Failure to comply with the requirements set out in the CIP may result in conditional immunity being revoked by the DPP.
ii Internal investigations
There is generally no restriction on a business initiating an internal investigation, particularly in relation to suspected criminal conduct. The company is only under an obligation to share the results of an investigation with the relevant authorities where it is required under a court order, statute or self-reporting obligation (see Section II.i). In considering such matters, the advice of external legal counsel is usually engaged.
An internal investigation usually makes use of a wide range of evidence – hard-copy and electronic documentation, witness interviews, computer forensics and financial records are all open to an internal investigation.
There has been some clarification of issues surrounding fair procedures in recent case law. In Joyce v. Board of Management of Colaiste Iognáid, the High Court held that natural justice principles do not apply at the initial stages of an investigation, such as the initial consideration of an issue, but are engaged when formal proceedings from which findings may be drawn commence.11
If witness interviews are conducted, the employees in question have no statutory right to legal representation. However, if an employee or witness is, or may become, the subject of the investigation, the employer should consider advising the employee or witness to have legal representation to be sure of being afforded fair procedures rights and to prevent any later legal challenge to the investigation process. However, this should be assessed case by case.
Any requirement to disclose documents obtained through an internal investigation to the authorities is qualified by legal professional privilege. Documentation may attract legal professional privilege, either in the form of legal advice privilege or litigation privilege. Legal advice privilege arises in communications between a lawyer and a client where there is no actual or potential litigation, but the client is seeking advice and not merely legal assistance. In Miley v. Flood,12 the High Court confirmed that legal professional privilege can only be invoked in respect of legal advice and not in respect of legal assistance. Litigation privilege applies to communications between a lawyer and a client made in the context of contemplated or existing litigation. It is the broader form of legal professional privilege and also covers communications with third parties, such as experts.
Privilege over any document is a right of the client, which he or she may choose to waive. In general, the disclosure of a privileged document to a third party will waive privilege. Following the decision in Fyffes v. DCC,13 the courts will allow disclosure of an otherwise privileged document to a third party for a limited and specified purpose without privilege being waived. In these circumstances, it is essential that the entity making the disclosure seeks assurances by way of a confidentiality agreement that the recipient will not disclose the privileged documents and will use them only for the specified and limited purpose for which they have been disclosed.
Therefore, in the context of regulatory investigations, legal professional privilege is relevant when considering the power of regulatory authorities to inspect documentation and compel the production of documents.
The Protected Disclosures Act 2014 (the Protected Disclosures Act) is the key piece of legislation in relation to reporting suspicions of illegal activity. It is the first comprehensive piece of legislation governing whistle-blowing, where previously only piecemeal provisions existed. Public sector bodies must now put in place whistle-blowing policies that meet the requirements of the Protected Disclosures Act; and where private sector businesses have policies in place, they must review them to ensure they are aligned to the provisions of the Protected Disclosures Act.
Part 3 of the Protected Disclosures Act sets out the protections offered to those who make protected disclosures. If a worker makes a protected disclosure, the employer in question is prevented from dismissing or penalising the worker, bringing an action for damages or an action arising under criminal law, or disclosing any information that might identify the person who made the disclosure. Further, the Protected Disclosures Act makes provision for a cause of action in tort for the worker for detriment suffered as a result of making a protected disclosure.
Section 5 of the Protected Disclosures Act defines a 'protected disclosure' as a disclosure of relevant information, made by a worker, which, in his or her reasonable belief, shows a 'relevant wrongdoing' and which came to his or her attention in the course of his or her employment. Section 5(3) of the Protected Disclosures Act defines a 'relevant wrongdoing' as:
- relating to the commission of an offence;
- non-compliance with a legal obligation (except one arising under the worker's employment contract);
- a miscarriage of justice;
- endangerment of health and safety;
- damage to the environment;
- misuse of public funds;
- mismanagement by a public body; or
- concealing or destroying information relating to any of the above.
The definition of 'worker' in Section 3 of the Protected Disclosures Act is also quite broad in its scope and covers employees (including temporary and former employees), interns, trainees, contractors, agency staff and consultants.
The Protected Disclosures Act also sets out a procedure for redress for a worker who makes a protected disclosure. If the matter is part of an unfair dismissals claim by the worker and a rights commissioner of the Labour Relations Commission finds in favour of the worker, it can require the employer to take a specified course of action or require the employer to pay compensation of up to 260 weeks' remuneration to the worker.14
Although the motivation for making a disclosure is irrelevant, the protections as set out above are not available to those who deliberately make false disclosures as these are not considered to meet the test for having a reasonable belief that a wrongdoing has occurred. This provision aims to protect businesses from malicious and ill-founded claims.
The Protected Disclosures Act closely reflects, and brings Ireland in line with, international best practice in the area. In achieving its principal aim of protecting those who make a protected disclosure from reprisal from their employers, it places a significant burden on employers in all sectors to ensure they have adequate policies in place and conform to their requirements.
i Corporate liability
The Interpretation Act 2005 provides that in all Irish legislation, any reference to 'persons' includes references to companies and corporate entities. Therefore, a company can, in theory, be subject to criminal or civil liability in the same manner as an individual and can be liable for the conduct of its employees and officers. However, corporate liability has predominantly been restricted to offences where a fault element (mens rea) is not required, namely those of absolute, strict and vicarious liability. Many regulatory offences carrying corporate liability are established as such offences.
For example, Section 343(11) of the Companies Act 2014 (the Companies Act) imposes absolute liability in circumstances where a company fails to send its annual financial accounts to the Company Registrations Office, and provides that the company shall be guilty of an offence.
In contrast, Section 271 of the Companies Act provides that an officer of a company shall be presumed to have permitted a default by the company, unless the officer can establish that he or she took all reasonable steps to prevent the default, or was unable to do so by reason of circumstances beyond his or her control.
Additionally, the Competition Act 2002 imposes vicarious liability by providing, for the purposes of determining the liability of a company for anticompetitive practices or abuse of a dominant position, that the acts of an officer or employee of a company carried out for the purposes of, or in connection with, the business affairs of the company shall be regarded as an act of the company.
While theoretically a company can be guilty of a mens rea offence, the means of attributing the acts of an employee to a company for the purposes of criminal liability is not settled in Irish law. The Irish and English courts have recognised two modes of importing direct liability to a company: the identification doctrine and the attribution doctrine. The former focuses on the extent to which the individual employee or officer who committed the offence represents the 'directing mind and will' of the company, thereby rendering the company criminally liable. The attribution doctrine, on the other hand, is not concerned with the individual's position in the company, but rather imposes a form of absolute liability on companies where their officers or employees commit offences in the course of, and connected with, their employment. While there is conflicting jurisprudence on the preferred approach, only the identification doctrine has been endorsed by the Irish Supreme Court,15 albeit in the context of the imposition of civil liability on a corporation.
It is unlikely that companies and individuals could be represented by the same counsel, based on the rules governing conflicts of interest in the Solicitors' Code of Conduct, which provides that:
if a solicitor, acting with ordinary care, would give different advice to different clients about the same matter, there is a conflict of interest between the clients, and the solicitor should not act for both.
Irish criminal legislation typically provides for monetary fines or terms of imprisonment for offences. Given the nature of corporate entities, the most common form of sanction against a corporate entity is a fine. However, while less common, legislation also provides for compensation orders16 (whereby the guilty party is required to pay compensation in respect of any personal injury or loss to any person resulting from the offence), adverse publicity orders17 (in the form of publication of the offence and the identity of the entity found guilty) and remedial orders18 (to undo the harm caused by the offence).
Another common sanction against businesses is a disqualification order. Under Section 839 of the Companies Act, where a person has been convicted of an indictable offence in relation to a company, or convicted of an offence involving fraud or dishonesty, that person may not be appointed to, or act as, an auditor, director or other officer, receiver, liquidator or examiner or be in any way, whether directly or indirectly, concerned or take part in the promotion, formation or management of any company.
The CBI also operates the Administrative Sanctions Procedure pursuant to the Central Bank Act 1942, as amended. This legislation bestows a range of sanctions at the CBI's disposal, both monetary and administrative. Part IIIC, as amended, sets out the powers of the CBI to impose sanctions in respect of the commission of prescribed contraventions by regulated financial services providers. The monetary penalty for financial institutions is an amount up to €10 million or 10 per cent of the annual turnover of the regulated financial service provider in the last financial year, whichever is the greater.19 The CBI has used these powers to reach settlements with financial institutions for regulatory breaches; the size of these settlements has increased dramatically since the onset of the financial crisis in 2008. More recently, the monetary penalties imposed between 2015 and 2016 increased by nearly €5 million. This was particularly interesting given that the same number of administrative sanctions cases were concluded in both 2015 and 2016.20 In addition, the CBI has the power to suspend or revoke a regulated entity's authorisation in respect of one or more of its activities.
A wide range of penalties exist under the Competition (Amendment) Act 2012. The maximum prison sentence for an offence relating to anticompetitive agreements, decisions and concerted practices is 10 years, and the maximum monetary penalty is a fine of €5 million.21 Furthermore, the Irish courts have jurisdiction under the Companies Act to disqualify an individual from acting as a director of a company if that individual is convicted of a competition offence on indictment.22
iii Compliance programmes
Compliance programmes are not generally provided for in legislation as a defence to criminal proceedings. The Criminal Justice (Corruption Offences) Bill 2017 has now concluded the legislative process and was signed into law on 5 June 2018 as the Criminal Justice (Corruption Offences) Act 2018. The Act has not yet commenced; however, a commencement order is expected imminently. A notable provision, similar to the content of Section 7 of the UK Bribery Act 2010, is Section 18(2) of the Act. This contains an explicit defence for a business that has committed an offence under the corruption legislation, if it can show that the business took 'all reasonable steps and exercised all due diligence to avoid the commission of the offence'.
If a business is found guilty of an offence, a wide range of factors may be taken into account when sentencing and these are at the discretion of the court. Mitigating factors include whether the company ceased committing the criminal offence upon detection or whether there were further infringements or complaints after the offence was detected, whether remedial efforts to repair the damage caused were used by the company and whether the company itself reported the infringement before it was detected by the prosecuting authority. Additionally, in imposing any sentence, the court must comply with the principle of proportionality as set out in People (DPP) v. McCormack.23 The existence of a compliance programme may assist in reducing the quantum of any sentence to be imposed. However, any the programme should be effective in its implementation.
iv Prosecution of individuals
When there are allegations of an individual's misconduct in the course of his or her employment, the company may first conduct an internal investigation into the alleged offence. If the company concludes that the alleged conduct did take place, the company may be required to report this activity to the relevant authorities. During this investigation, the individual may be placed on 'gardening leave' or be suspended. However, in the case of Bank of Ireland v. O'Reilly, the High Court stipulated that employers must exercise extreme care when suspending an employee pending an investigation.24
However, if criminal prosecution precedes an internal investigation, in general, internal disciplinary procedures are suspended, based on respecting the individual's right to silence. Notably, the High Court has decided that the acquittal of an employee of criminal charges does not preclude employers from considering whether an employee should or should not be dismissed on the basis of the impugned conduct.25
Additionally, the Companies Act largely restates earlier legislation, under which a company may purchase and maintain, for any of its officers or auditors, directors and officers (D&O) insurance in respect of any liability arising under negligence, default, breach of duty or breach of trust.26 Accordingly, a company may indemnify an officer of the company for any liability incurred by him or her in defending the proceedings, whether civil or criminal, provided judgment is given in the individual's favour or the individual is acquitted.27 However, in practice, D&O policies tend to exclude losses resulting from fraud or dishonesty, malicious conduct and the obtaining of illegal profit.
Almost all modern Irish regulatory legislation includes a standard provision allowing the imposition of personal criminal liability on directors, managers or other officers of a company, if the company commits an offence. Typically, this standard provision states:
Where an offence under this Act is committed by a body corporate or by a person acting on behalf of a body corporate and is proved to have been so committed with the consent, connivance or approval of, or to have been facilitated by any neglect on the part of any director, manager, secretary or any other officer of such body, such person shall also be guilty of an offence.
Prosecutions of individuals under these provisions have been relatively rare in our experience.
i Extraterritorial jurisdiction
Ireland does not, in general, assert extraterritorial jurisdiction in respect of acts conducted outside the jurisdiction. However, extraterritorial jurisdiction may be conferred by statute to varying degrees. For instance, Section 4 of the Competition Act 2002 provides that it is an offence to be party to an anticompetitive agreement that has the effect of preventing, restricting or distorting competition in trade in goods or services within the state. Importantly, the Section is not restricted to agreements made within Ireland.
There are a number of specific offences for which Ireland exercises extraterritorial jurisdiction.
As mentioned, the Criminal Justice (Corruption Offences) Act 2018 has now been enacted and is expected to be commenced imminently. The Act is designed to consolidate a range of legislation enacted between 1889 and 2010 and introduce new offences and other revisions, some of which derive from the Tribunal of Inquiry into Certain Planning Matters and Payments. The Act further modernises anti-corruption laws and will help Ireland meet its commitment to various international anti-corruption instruments, such as EU Council Decisions, the United Nations Convention on Corruption, the OECD Convention on Bribery of Foreign Public Officials and the Council of Europe Criminal Law Convention on Corruption.
The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the CJ(MLTF) Act) sets out specific circumstances in which an action can be read as money laundering outside Ireland. If an individual or a company engages in conduct in a foreign jurisdiction that would constitute a money laundering offence both under the CJ(MLTF) Act and in that foreign jurisdiction, they can be prosecuted in Ireland.28 This extraterritorial jurisdiction may only be exercised if:
- the individual is an Irish citizen, ordinarily resident in the state; or
- the body corporate is established by the state or registered under the Companies Act.
The fourth EU anti-money laundering Directive (AMLIV)29 came into force on 25 June 2015 and has only been partially transposed into Irish law, to the extent that corporate entities are required to maintain registers of beneficial ownership. Many of the other provisions of the Directive are due to be transposed by the Criminal Justice (Money Laundering and Terrorist Financing) Amendment Bill 2018, which is due to be enacted by the end of 2018. The remaining provisions are expected to be transposed by way of statutory instruments. It imposes increased responsibility on 'obliged entities' (as defined under Article 2 AML IV) to identify and assess potential risks of money laundering and terrorist financing in their business relationships and transactions. Aside from the requirement to identify individuals holding ultimate beneficial ownership, the most important change it introduces in Irish law is the inclusion of both domestic and foreign politically exposed persons (PEPs) under the new rules. Previously, only foreign PEPs were subject to a mandatory enhanced regime.
ii International cooperation
The Criminal Justice (Mutual Assistance) Act 2008 (the Mutual Assistance Act)30 is the primary piece of legislation governing mutual legal assistance between Ireland and other countries. The extent of available cooperation under mutual legal assistance procedures is dependent on the identity of the corresponding state. The greatest level of cooperation exists between Ireland and other EU Member States. Cooperation with third countries (those outside the European Economic Area) is dependent on their ratification of relevant international agreements or the existence of a mutual assistance treaty agreed between them.
Most notably, the Mutual Assistance Act allows Ireland to take evidence in connection with criminal investigations or proceedings in another country, search for and seize material on behalf of another country, serve a summons or any other court process on a person in Ireland to appear as a defendant or witness in another country, and transfer a person imprisoned in Ireland to another country to give evidence in the foreign criminal proceedings.
There are a number of additional measures in place to facilitate Ireland's cooperation with other EU Member States, including the Council Framework Decision on Freezing Orders and the Council Framework Decision on the European Evidence Warrant. In addition to this, Council Regulation 1206/200131 allows a court in another EU Member State (other than Denmark) to take evidence from a witness connected to court proceedings in Ireland. This is provided for under the Rules of the Superior Courts.32
Ireland is subject to the European Arrest Warrant Framework Decision, which was implemented by virtue of the European Arrest Warrant Act 2003, as amended by the European Arrest Warrant (Application to Third Countries and Amendment) and Extradition (Amendment) Act 2012. This governs all extradition procedures between EU Member States. The High Court is the competent authority for issuing a European arrest warrant if the individual sought is accused of an offence for which the maximum penalty is at least one year in prison, or if he or she has already been sentenced to a prison term of at least four months. A European arrest warrant does not have a dual criminality requirement – meaning the offence must be prohibited under the domestic law of both countries – for certain serious offences, such as corruption, fraud or money laundering. This legislation can extend to individuals from non-EU countries upon consultation between the Minister for Foreign Affairs and the Minister for Justice and Equality. Generally, extradition to non-EU countries is governed by the Extradition Act 1965, as amended (the Extradition Act). There are a number of preconditions to non-EU extradition. First, there must be an extradition agreement in place between Ireland and the non-EU country before an extradition can take place. Second, the Extradition Act retains a requirement of dual criminality. Third, the Extradition Act excludes extradition for political, military and revenue offences. The transposition of the AML IV into Irish law will lead to further enhanced international cooperation, as the Directive requires information to be shared between competent national authorities, including the creation of a central register of beneficial owners of entities. It is expected that the Department of Finance will make a statutory instrument in the coming months, assigning separate legal responsibility to the Registrar of Companies for the maintenance of a central beneficial ownership register.
iii Local law considerations
There are a number of legal considerations to be aware of in relation to a cross-jurisdictional investigation, in particular in the areas of banking confidentiality, data privacy and constitutional law.
An obligation of bank–client confidentiality is implied by common law. However, this obligation can be breached in limited circumstances, including where the terms of the contract with the customer so provide or a bank is compelled by law to disclose information.33
Under Section 4 of the Data Protection Acts, which are part of the comprehensive European data protection framework, data subjects have a right to access and to be supplied with all 'personal data' held by a data controller or processor. However, individuals may not obtain their personal data if the information is kept by a statutory body for the purposes of preventing, detecting or investigating offences.34
The General Data Protection Regulation 2016 (GDPR)35 recently became effective in each of the European Union (EU) Member States. The GDPR introduces significant changes to, among other elements, data subject rights, supervision and enforcement, and the scope of the application of EU data protection law, in that companies based outside the EU will be subject to the GDPR when offering services in the EU. The Law Enforcement Data Protection Directive 2016 (the 2016 Directive)36 was adopted in conjunction with the GDPR. The 2016 Directive governs the processing and exchange of personal information between law enforcement authorities in the context of criminal investigations. The Data Protection Act 2018 gives further effect to the GDPR and the 2016 Directive while largely repealing the current Data Protection Acts.
Further, Irish individuals or entities who are the subject of an international investigation benefit from the protection of the Irish Constitution and the European Convention on Human Rights, including the right to a good name, the right to a fair trial and the entitlement to fair procedures.
V YEAR IN REVIEW
During 2017, the Charleton Tribunal, led by Mr Justice Peter Charleton, has been examining matters concerning protected disclosures made by members of the police.
The government signaled its intention to establish a new independent agency to greater enhance Ireland's ability to undertake corporate law enforcement. The new agency will have more autonomy and flexibility to adapt to the challenges it faces in encouraging greater compliance with the Companies Act.
In recent months, the ODCE launched an investigation in to Independent News and Media (INM) following a protected disclosure by INM's former chief executive. During the course of this investigation, the ODCE uncovered details of a potential data breach and are in the process of making an application to the High Court to appoint inspectors to INM to investigate the affairs of the company.
The establishment of a police-led joint-agency task force on a pilot basis has also been proposed. It is envisaged that the task force will focus its activity on the issue of payment fraud.
As referenced, the Criminal Justice (Corruption Offences) Act 2018 has been enacted and is currently awaiting commencement. In a speech given in late 2017, the Minister for Justice and Equality, Charlie Flanagan TD, noted that 'the reputation of a state and its business community can be affected by the rigour with which it tackles corruption . . . it is only by holding ourselves up to the highest standards, that we can tackle corruption effectively and maintain or improve the trust, respect and support of the Irish public'.
As mentioned, during the past year, we have also seen the enactment of the Data Protection Act, which, together with the entry into force of the GDPR in May 2018, amends data protection laws, creating a consistent data protection regime across the EU.37
VI CONCLUSIONS AND OUTLOOK
Ireland has a robust regime for the investigation and prosecution of corporate misconduct that helps to maintain its reputation as a low-risk country in which to do business. The government recently signaled its intention to ensure that the legal and regulatory environment continues to be subject to regular scrutiny and review so that it is strengthened appropriately to meet emerging risks and challenges.38 With that in mind, it seems likely that we will continue to see more enforcement across all regulated sectors in the future.
1 Karen Reynolds, Claire McLoughlin and Nicola Dunleavy are partners at Matheson.
2 Measures to Enhance Ireland's Corporate, Economics and Regulatory Framework, November 2017.
4 Section 949(c) and (d) of the Companies Act 2014.
5 Section 899 of the Taxes Consolidation Act 1997.
6 Ibid, Section 895.
7 Ibid, Sections 902A and 908.
8 Ibid, Section 908C.
9 Section 36 of the Competition and Consumer Protection Act 2014.
10 'Outline of Administrative Sanctions Procedure', published by the Central Bank of Ireland in 2014.
11  IEHC 809.
12 (2001) 2 IR 50.
13 (2005) IESC 3.
14 Sections 11 and 12 of the Protected Disclosures Act 2014.
15 Superwood Holdings plc v. Sun Alliance and London Insurance plc (1995) 3 IR 303.
16 Section 6(1) of the Criminal Justice Act 1993.
17 Section 85 of the Safety, Health and Welfare At Work Act 2005; Section 1086 of the Taxes Consolidation Act 1997.
18 Sections 75 and 85 of the Consumer Protection Act 2007, as amended by the European Union (Consumer Information, Cancellation and Other Rights) Regulations 2013; Section 1078(3A) of the Taxes Consolidation Act 1997.
19 The Central Bank (Supervision and Enforcement) Act 2013.
20 Central Bank of Ireland Annual Performance Statement – Financial Regulation 2016–2017.
21 Section 2 of the Competition (Amendment) Act 2012.
22 Section 839 of the Companies Act 2014.
23 (2000) 4 IR 356.
24 Bank of Ireland v. O'Reilly  IEHC 241.
25 Mooney v. An Post (1998) 4 IR 288.
26 Section 235(4) of the Companies Act 2014.
27 Ibid, Section 235.
28 Section 8 of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010.
29 Directive (EU) 2015/849 of 20 May 2015.
30 As amended by the Criminal Justice (Mutual Assistance) (Amendment) Act 2015.
31 Council Regulation (EC) No. 1206/2001 of 28 May 2001 on cooperation between the courts of the Member States in the taking of evidence in civil or commercial matters.
32 Order 39 Rule 5 Rules of the Superior Courts.
33 Tournier v. National Provincial and Union Bank (1924) 1 KB 461.
34 Section 5 of the Data Protection Acts.
35 Regulation (EU) No. 679/2016.
36 Directive (EU) 2016/680.
37 Irish Government New Service – 2 February 2018.
38 Measure to enhance Ireland's Corporate, Economic and Regulatory Framework.