The International Investigations Review: Sweden
The Swedish Prosecution Authority is responsible for investigating and prosecuting alleged crimes committed by individuals in companies. In particular, the National Anti-Corruption Unit (the Unit) is responsible for investigating corporate conduct in respect of bribery and closely related offences. The Unit consists of a number of specialist prosecutors and three economic accountants. The Unit closely monitors any media reports on suspected bribery and tends to investigate events that are subject to such reports. Further, the Swedish Economic Crime Authority leads and coordinates the fight against organised crime, especially in respect of tax crimes, market abuse and accounting crimes. It consists of specially trained economic prosecutors, economic police officers, economic auditors and economic administrators.
The legislative framework governing the authorities' ability to investigate and prosecute corporate conduct consists primarily of the Swedish Penal Code and the Swedish Code of Judicial Procedure. In short, the Penal Code provides the substantive rules on criminal conduct and their consequences. The Code of Judicial Procedure provides, inter alia, the investigative measures available to the prosecutor during a preliminary investigation, such as seizure and search of premises.
In recent years, there has been an emphasis on giving Swedish companies stronger incentives to focus on compliance, including anti-bribery compliance. For instance, an Act ensuring the protection of whistle-blowers was adopted in January 2017, and there is a proposal to replace this with a new Act on 17 December 2021 as a result of Sweden's implementation of the EU Whistleblower Directive.2 In January 2020, the maximum corporate fine was also raised from 10 million kronor to 500 million kronor (more information about corporate fines in Sweden can be found in Section III.ii). Furthermore, the focus in the European Union to provide tools to fight organised crime has resulted in the implementation of a fifth anti-money laundering directive, which applies to a larger number of operators (including cryptocurrency wallet services and cryptocurrency exchanges) than the previous directives and which offers protection to whistle-blowers who report money laundering. The fifth anti-money laundering directive has been fully implemented in Sweden since January 2020.
In other fields of law, the various Swedish authorities are empowered with different investigatory tools, such as dawn raids, frequently used by the Swedish Competition Authority and the Swedish Economic Crime Authority to investigate infringements of the Swedish Competition Act and economic crimes such as insider trading. Note also that the Swedish Competition Authority's dawn raid powers were strengthened by amendments to the Swedish Competition Act, which entered into force on 1 March 2021.
There is no general obligation under Swedish law to notify or self-report wrongdoings to the authorities; however, there are a few exceptions. Since 1999, chartered accountants have been obliged to report findings to the Swedish Prosecution Authority if they suspect that a crime has been committed by a company's management or board. External counsel is, according to EU legislation, obliged to report suspicions of money laundering or terrorist financing.
The Competition Act contains provisions on leniency and immunity from fines that may be offered to a company found to have infringed the Act if it is the first to notify the Swedish Competition Authority (the Authority) of an anticompetitive cooperation and the notification submitted by the company contains information that enables the Authority to carry out a targeted inspection. The discretion of the Authority to decide the extent of immunity and leniency is very broad. Further, when determining the reduction of fines, the Authority considers whether the evidence provided by the company represents significant added value to the investigation. Swedish legislation is based on the leniency programme applied by the European Commission.
ii Internal investigations
A company may conduct its own internal investigation at any time provided that it is made in accordance with relevant applicable legislation, such as labour protection and data protection legislation. Such investigations are often conducted within the scope of internal compliance programmes, but also if there are reasons to suspect that crimes have been committed in connection with the company's business activities. They are often conducted by external counsel, such as legal and information technology experts, and aim to discover malpractice by reviewing data and physical documents and interviewing relevant persons in the company. There are no general rules that oblige a company to disclose findings from an investigation to the authorities.
The Swedish Corporate Governance Code (the Code) is a self-regulatory set of rules that apply to all Swedish companies whose shares are listed on a regulated market in Sweden; at present, there are two – Nasdaq Stockholm and NGM Equity. According to the Code, the board of directors is obliged to ensure that there is an effective system for follow-up and control of company operations and that there is a satisfactory process for monitoring companies' compliance with laws and other regulations relevant to company operations as well as companies' compliance with internal guidelines.
A new Act aiming to ensure the protection of whistle-blowers was adopted in January 2017 – the Act on special protection for workers against reprisals for whistle-blowing concerning serious irregularities.3 According to this Act, employees who report a crime that may be sanctioned with imprisonment (including the crime of giving or receiving bribes), or comparable misconduct in the course of company activities, may be awarded damages if the company imposes any kind of reprisal against the employee for reporting the misconduct. The Act applies to both monetary and social reprisals.
However, the Act does not grant a right for employees to report misconduct. Inter alia, an employee who reports serious misconduct may still be liable for damages pursuant to disclosure of trade secrets or breach of loyalty in employment agreements.
As noted above, there is a new Act proposed to replace the Act on 17 December 2021 as a result of Sweden's implementation of the EU Whistleblower Directive. According to the proposal, the law will increase protection for whistle-blowers and expand the circle of protected persons. In addition, all private and public employers with 50 or more employees are required to have internal reporting channels, as well as reporting and follow-up procedures.
According to the Code, companies must have an internal audit function. If a company does not have a separate internal audit function, its board of directors must evaluate the need for such a function annually and justify its decision in its report on internal controls in the company's corporate governance report.
If a company introduces special reporting channels to enable employees to report suspected non-compliance with laws or internal codes of conduct, or similar activities, this must be done in accordance with the Swedish Personal Data Act, and since 25 May 2018, in accordance with the EU General Data Protection Regulation and the Swedish Data Protection Act. According to the Swedish Personal Data Act, and unless there are justifiable reasons, only public authorities may process personal data regarding crimes, judgments in criminal cases and coercive measures in criminal proceedings. Companies are generally obliged to obtain an authorisation from the Swedish Data Protection Board to be allowed to process such data, but there is an exemption from that requirement regarding whistle-blowing systems. However, companies must still comply with the basic requirements on whistle-blowing systems with respect to the processing of personal data. This requires, inter alia, that the data processing must only concern persons in key positions of the company or the company group, the information must be proportionate with regard to the purpose of the data processing and the suspicions must concern serious offences such as auditing crimes, corruption crimes, crimes in the financial sector, serious environmental crimes, serious safety deficiencies and very serious forms of discrimination or harassment. According to the Swedish Data Protection Board, the implementation of the EU General Data Protection Regulation does not require any changes in this regard.
i Corporate liability
Under Swedish law, only natural persons may be liable for criminal acts committed in the course of the activities of a company. The company itself cannot commit criminal acts. Of course, criminal acts may be committed in the course of the business activities of a company and, to this end, corporate fines may be imposed for criminal activities within a company (see Section III.ii). However, according to the Swedish Companies Act and principles derived from case law, criminal liability may be claimed from those in leading positions of a company. In principle this means that the board of directors and the chief executive officer, who are responsible for the management of the company, are liable for the company's conduct. There are examples in Swedish case law where all board members have been found guilty of criminal acts committed within a company.
In addition to criminal liability, both natural and legal persons may be held liable to pay fines for breaches of Swedish civil law. Specific corporate regulations in this respect may be found in many fields of law (e.g., competition, consumer protection, environment and employment). In addition, responsibility may be claimed through the application of general Swedish tort law. A Swedish tort claim requires intent or negligence to be granted. Needless to say, responsibility may also be claimed on the basis of contractual obligations. Under Swedish tort law, a company is liable for the damage caused by it, unless a representative of the company acted beyond his or her competence.
As mentioned, a company representative may also be held criminally liable for conduct within the company's scope of business. Such liability may in some cases be relevant for breaches of environmental and labour law. Furthermore, a representative may be held criminally liable for negligence, such as causing danger to employees or others.
In most cases, companies are also subject to civil liability caused by the actions of its employees. This includes civil liability caused by criminal acts of an employee, unless the employee acted for another company or for himself or herself as a private person. The liability is only relocated to the company if there are extraordinary reasons.
As stated above, companies cannot be subject to criminal liability under Swedish law. Therefore, a prosecution directed towards alleged criminal conduct in the activities of a company must be brought against a responsible individual. However, in addition to individual criminal liability, a company may be ordered to pay a corporate fine of between 5,000 and 500 million kronor for crimes committed in the exercise of its business operations, if the corporation has not taken sufficient measures to prevent the crime, or the crime has been committed by persons supervising or controlling the business. The size of the corporate fine depends on the severity of the crime, the company's turnover and the number of employees, so the maximum fine of 500 million kronor will only be imposed on larger companies.
Corporate fines are not regarded as a criminal sanction. The imposition of a corporate fine requires that all the prerequisites in a criminal provision have been satisfied and that someone had criminal intent in respect of the prerequisites of that provision. Corporate fines have mainly been ordered in connection with environmental and occupational safety crimes. In relation to bribery, corporate fines have not been imposed frequently by Swedish courts and the amounts of the fines have typically been low. In 2020, there was one case in which a corporate fine was imposed in relation to bribery.
For other infringements of Swedish law (e.g., in the fields of competition, consumer protection, environment and employment), the following sanctions may be applied, depending on the case at hand: an administrative fine, forfeiture, involuntary liquidation or limitation of business operations (the latter being applicable to companies active in the welfare sector).
In contrast to these corporate sanctions, the consequences of violations of competition rules may be far worse. Infringements of the Competition Act have led to administrative fines of tens of millions of euros and the European Commission has fined companies several hundred million euros for multi-jurisdictional infringements of the relevant provisions in the Treaty on the Functioning of the European Union.
In addition, a prohibition against carrying on a business may be imposed on a person who exercises control over an undertaking that participates in certain economic crimes, meaning that person will not be allowed to hold a leading position in a company in future.
iii Compliance programmes
Compliance programmes must be regarded primarily as preventing future misconduct and may go well beyond the legal requirements. However, it cannot be ruled out that well-implemented compliance programmes may, in some cases, mitigate the assessment of corporate sanctions, such as the amount of a corporate fine. As a corporate fine may be imposed if the corporation has not taken sufficient measures to prevent the crime, a well-implemented compliance programme could also be a way for a company to protect itself from corporate fines (however, if the crime was committed by a person supervising or controlling the business, a fine may still be imposed even if there were efficient compliance routines in place).
In contrast, poorly implemented compliance programmes or the absence of one may have an adverse effect in some cases. For example, when conducting business in high-risk areas, large enterprises are expected to have extensive compliance programmes and codes of conduct to prevent, inter alia, corruption crimes. A lack of such programmes may have an adverse effect in legal proceedings and shift some of the responsibility to managers, the board of directors or the enterprise itself. The effects of compliance programmes must therefore be assessed on a case-by-case basis.
Compliance programmes or similar instruments for ensuring the company's compliance with laws and regulations are mandatory for some companies. As mentioned above, the Code, which applies to all Swedish companies whose shares are listed on a regulated market in Sweden, stipulates that the board of directors must ensure that there is a satisfactory process for monitoring the company's compliance with laws and other regulations relevant to company operations.
iv Prosecution of individuals
Not all breaches of the Penal Code result in dismissal of the employee. In fact, according to the legislature, the starting point is that crimes by employees outside their employment do not constitute a breach of the employment contract. However, crimes that may seriously harm the employer may be sufficient to motivate a dismissal.
The burden of proof in relation to dismissals and terminations of employment contracts on account of suspicions of criminal behaviour is set very high. In one case, the Swedish Labour Court held that the burden of proof for dismissal of an employee suspected of bribery is as high as it would be in a criminal proceeding.
In other cases, the employer and the employee who is suspected of a crime may have corresponding interests; for example, if a high-level member of management is suspected of crimes in the performance and in the best interests of the company's business activities. Such cases often involve investigatory measures within the company's business premises and a risk of serious harm to the company's reputation. The company may then hire external counsels to undertake an internal investigation or to defend its employees in the court proceedings. Normally, however, a public defender is appointed to defendants and paid for by the state.
If the company pays for legal fees or damages for its employees, that payment shall be regarded as a taxable benefit.
i Extraterritorial jurisdiction
The main principle is that Swedish courts have jurisdiction in relation to crimes committed in Sweden or having its effects there. The courts also have jurisdiction in relation to crimes committed by Swedish citizens or individuals domiciled in Sweden, irrespective of where the crime was committed. Swedish jurisdiction also exists where the crime was directed towards a Swedish legal or natural person. Unlike many other states, Sweden has not been unwilling to prosecute crimes committed outside its territory.
Under the Penal Code, there are eight specific provisions giving courts jurisdiction for crimes committed outside Sweden. For example, one of these provisions ensures that Sweden has jurisdiction over crimes that can be regarded as committed against the Swedish state, such as tax and corruption crimes.
There are no particular rules regarding the geographical scope of corporate or directors' liability. However, if Swedish legislation affecting a company has extraterritorial application, the directors would need to ensure the company's compliance with that legislation to avoid the risk of enforcement of it by the Swedish prosecutor.
ii International cooperation
There is close cooperation between the Nordic countries (Iceland, Norway, Denmark, Finland and Sweden) regarding recognition and completion of judgments and penalties. The close similarity of the respective criminal laws of these states has enabled this cooperation, meaning, inter alia, that coercive actions directed by a court of one of these states can be executed in another.
There are also a number of aspects related to membership of the European Union. One aspect is the effects of the Schengen Agreement, which applies to most EU Member States, Norway, Iceland, Liechtenstein and Switzerland. The Schengen rules provide for less internal border control within the European Union and harmonised rules for crossing external borders. Also, EU Member States have extensive police and judicial cooperation through Europol and Eurojust. Further, there is an EU convention that simplifies the extradition procedure between Member States. EU cooperation also governs the right to legal counselling, compensation to victims of crime, exchange of information in criminal registers, the protection of personal data, legal assistance in criminal matters and a strategy for criminality on the internet.
In addition, Sweden has numerous bilateral extradition treaties and multilateral conventions governing the mutual recognition of foreign rulings, etc.
iii Local law considerations
In general, the relevant Swedish authorities will provide assistance in criminal matters to another requesting state even if Sweden does not have an agreement on legal assistance with that state (i.e., there is no requirement for reciprocity). However, assistance is strictly limited and requires double criminality for the execution of some coercive measures (i.e., it is required that the act for which the request relates corresponds to a crime under Swedish law). However, exceptions are made from this requirement in cases of serious offences regarding requests from an EU Member State or from Iceland or Norway.
Year in review
i Changes in Swedish legislation
As pointed out above, in the past couple of years there has been a focus on providing Swedish companies with stronger incentives to ensure compliance, including on anti-bribery issues. The maximum corporate fine has, rather dramatically, been raised from 10 million to 500 million kronor as from January 2020. The Swedish Competition Authority's dawn raid powers have also been strengthened and a new Act on whistle-blower protection has been proposed, to enter into force in December 2021, in line with the EU Whistleblower Directive (see Section I).
ii Standards and business codes
The Swedish Anti-Corruption Institute, a non-profit organisation founded in 1923, publishes a Code for the Prevention of Corruption in Business, which complements and clarifies the Swedish Penal Code with regard to bribery and bribery-related crimes connected with companies' business activities. The Code for the Prevention of Corruption in Business has been developed together with the Institute's principals (including the Stockholm Chamber of Commerce, the Swedish Association of Local Authorities and Regions and the Confederation of Swedish Enterprise). The Code was revised last year and, with effect from 14 August 2020, this new version has a stronger focus on preventive measures, including risk assessment and third-party due diligence. The Code is widely accepted as constituting best practice in the anti-corruption field, especially for large Swedish corporations.
In March 2020, the Swedish Supreme Court passed its judgment in a case that has attracted much attention within the Swedish cultural sector. Two organisations in the cultural sector arranged annual gala dinners where high-ranking officials from Swedish cultural authorities were invited. During the events, guests were treated to a free three-course dinner with alcohol and entertainment included. Representatives of the organisations were prosecuted for giving bribes and the recipients were prosecuted for taking bribes. The defendants were acquitted by the district court that first tried the case but convicted for bribery by the court of appeal. Hence, the Supreme Court judgment was expected to clarify the circumstances in which a public official invited to events hosted by actors in the private sector could be considered to constitute bribery. The Supreme Court found that the term 'improper benefit' (which is used in the Swedish Penal Code to describe the type of benefit that may constitute a bribe) is vague and that caution should therefore be applied when interpreting the term for legal reasons. According to the Supreme Court, only benefits that clearly go beyond what is acceptable should be considered improper. When assessing whether a benefit is improper, it is also important to consider whether the benefit was provided in an open and transparent manner. The Supreme Court assessed that the dinner invitations had not constituted improper benefits, and acquitted the defendants.
After five years of investigation, three former members of the senior management of TeliaSonera, including the former chief executive officer (CEO), were prosecuted in September 2017 for gross bribery in relation to the 2012 TeliaSonera affair. The allegations involved corruption crimes in connection with telecommunications company TeliaSonera's establishment of business in Uzbekistan. TeliaSonera had previously entered into settlements with Dutch and US authorities over the affair and paid approximately 7.7 billion kronor in fines. The affair forced several members of the management team (including the CEO) and the board of directors to resign. Further, the former CEO was denied discharge from liability at the annual general meeting in April 2014, which is very unusual in a Swedish 'large cap' listed company. However, in February 2019, the district court acquitted the defendants, as the prosecutors had not proven that the person who handled the transactions with TeliaSonera, and who had connections to former Uzbek President Islam Karimov, held any official position or was a in a position of trust within the Uzbek telecommunications sector. As the events took place before 2012, the case was tried against the earlier wording of the Swedish Penal Code, according to which the definition of bribery was narrower than it is under the current legislation. This meant that fewer people were caught by the legislation at the time. The prosecutors appealed the judgment to the court of appeal, which upheld the district court judgment on 4 February 2021.
The Swedish telecom company Telefonaktiebolaget LM Ericsson (Ericsson) has been investigated by US authorities for conspiring to violate the Foreign Corrupt Practices Act by bribing government officials, falsifying books and records, and failing to implement reasonable internal accounting controls in the countries Djibouti, China, Vietnam, Indonesia and Kuwait. At the end of 2019, it was announced that a settlement, under which Ericsson undertook to pay more than US$1 billion in fines, had been reached. Shortly thereafter, a prosecutor at the Unit confirmed to Swedish press that a preliminary investigation (an investigation aiming to discover if there is sufficient evidence of a crime to prosecute any individual) had been initiated by the Unit. As at May 2021, the investigation has not yet resulted in any prosecution, but the investigation is still ongoing.
Conclusions and outlook
As from January 2020, the maximum corporate fine was raised substantially. Historically, we have not seen a great number of cases in which corporate fines have been imposed in relation to bribery, but it is possible that the new rule will result in a higher number of cases in the future. The outcome in the above-mentioned Ericsson case will also be of particular interest.
Looking forward, following implementation of the EU Whistleblower Directive (see Section I), Sweden's proposed new Act on whistle-blower protection is very likely to strengthen the rights of whistle-blowers in Sweden. Furthermore, legislative changes necessary to implement the Directive may lead to increased reports of misconduct within Swedish organisations and companies. Also, many companies and organisations lacking whistle-blower systems today will most likely have to implement such systems when the Directive has been implemented.
Finally, we have during the past few years seen a strong trend of Swedish companies focusing more on compliance and corporate social responsibility (CSR) issues. Investors, in particular, have been more interested in these issues and due diligence processes in mergers and acquisitions transactions now regularly cover anti-corruption and compliance questions. This development is very positive and we both hope and believe that companies' interest in preventing and investigating compliance and CSR issues will continue to grow.