Introduction

The COVID-19 pandemic has resulted in an unforeseen disruption not just in supply chains, but also in the way companies organise, implement and conduct business as also in the performance of all kinds of commercial contracts be it for goods or services. The evident lack of labour, as a result of the genuine risk carried by the virus as well as the abundant precautions put in place, has already curtailed manufacturing capacity and logistics systems. Government enforced lock-downs and mandatory quarantine has also exacerbated these issues and concerns in many countries, including India. Moreover, many companies have adopted work from home for either all or non-essential staff members, with governance matters such as board meetings and audit committee meetings being conducted exclusively over video conferencing. While these steps are seemingly necessary in particularly health risk prone countries such as India, this pandemic and its mitigation strategies introduce a new set of challenges to anti-corruption and anti-fraud compliance activities by companies.

This whitepaper seeks to address the enhanced risk factors faced by companies operating in India in light of this pandemic. This whitepaper also aims to suggest actionable steps that companies can take to address these heightened risks from an anti-corruption compliance perspective.

Assessing and Managing Compliance Risk

Enhanced risk during the pandemic

The first set of challenges faced by companies will arise from a need to adapt their existing compliance practices to work around the COVID-19 lockdown and physical unavailability of essential personnel. This will necessarily include an assessment of the current regulatory landscape within India as well as a re-think of existing internal anti-corruption and ethics policies and processes within the company.

The second set of challenges faced by companies will arise from the current market situation giving rise to likely increased risk of bribery within India. Government mandated lockdowns will seek to regulate which businesses can remain operational and the extent and limitations of their functioning. Additional government policies may be introduced to regulate the functioning of specific industry sectors, which may require further government interaction. This, naturally, becomes a risk factor for anti-corruption compliance, especially in a corruption prone country such as India. Third party and intermediaries used by companies may seek to sidestep some regulations through bribery of government officials.

Companies will need to take stock of these enhanced business risks and be proactive in their steps to contain them. Companies will also need to be especially alert to possible instances of fraud within their organization through these chaotic times. Companies will need to be especially aware of the fact that violations during this time may not become apparent until much later, necessitating pro-active steps.

Given that a significant part of the resources and attention of the company will be directed towards addressing business challenges, companies will also face an enhanced risk of internal financial fraud during this time. As with potential anti-corruption compliance violations, there is a significant risk that internal frauds committed during this time may not be discovered until much later.

Strengthening Internal Policies and Procedures

Companies should take the current pandemic and resulting market situation as an opportunity (and a good reason) to review their anti-corruption and ethics policies, internal financial controls, as well as their whistle-blower complaint addressing systems to get ahead of the current crisis.

Some specific areas that companies should pay particular attention to are set out below:

  1. Close eye on any new regulations in their respective industry sector and assess the same for corruption, fraud and ethics risks.
  2. Reviewing and updating the policies keeping in mind these new business/compliance risks. For instance, pharmaceutical companies should keep an eye out for possible price manipulation and hoarding by their agents/vendors of essential supplies, and applicable vendor policies should be accordingly updated.
  3. Conduct regular virtual training for employees, not just on general anti-corruption compliance requirements, but also on these enhanced risk areas identified by companies, including internal financial fraud. Employees should be encouraged to keep an eye out and report instances of possible violations.
  4. Tying in closely with the above, companies should also ensure that their whistleblower complaint and fraud reporting mechanisms are robust enough to accommodate and act promptly on complaints received during the current pandemic and lockdown. As a necessary corollary, companies will need to ensure that these channels remain operational and accessible, particularly during the current reality of limited on-site staffing and employees working from home.
  5. Depending on the corruption and fraud risk exposure of specific companies, they may need to devote additional resources to anti-corruption compliance activities and the monitoring/maintenance of their complaint reporting systems.

Companies should look into engaging third parties to assist with their review and due diligence of their applicable anti-corruption policies and financial controls. However, such an exercise will come with its own challenges in the current reality. Specifically, on-site due diligence will either not be possible or severely curtailed; as well has having in person interactions with key stakeholders within the company.

Presently available technology will help in mitigating these challenges. Virtual data rooms and e-discovery (discussed in detail in a subsequent section) will make the process of reviewing documents for due diligence far smoother. Video conferencing will help to mitigate challenges with in-person interactions as well.

These steps become particularly important in a climate where there are significant business challenges, but the enforcement of fraud and corruption crimes will be no less strict once the crisis has passed. Foreign enforcement authorities will also continue to function as usual, making the above suggested steps further relevant for companies operating in India and subject to foreign regulations.

Interaction with government officials/agencies during the pandemic

The outbreak of the pandemic and consequent lockdowns imposed by the Government of India have compelled businesses to change the conduct of their business overnight. The pandemic has also presented several businesses with opportunities requiring greater interaction with government officials. For instance, government officials are now playing a greater role in supply chain management of essential goods and services and are also contracting with various companies in order to be able to meet the demand for certain ‘essential’ products. In order to achieve the supply of these essentials expeditiously, governments are streamlining contract processes. Additionally, in order to survive these trying times, companies may be contacting government agencies for loans or regulatory reliefs, or clarifications on how to operate amidst the lockdown.

The increased pressure to resume business normalcy. reduce the negative impact on company financials, pressure to secure government contracts for the supply of various critical goods and services coupled with challenges faced due to a large section of the workforce operating from him will make it difficult for companies to ensure strict adherence to internal policies specially when interacting with the Government. In such a scenario, adherence to internal processes specially when interacting / contracting with the government will be critical.

Legal framework for the offence of bribery in India

The primary anti-corruption legislation in India is the Prevention of Corruption Act, 1988 (“PCA”). The local police and the CBI are entrusted with investigations and prosecutions under the PCA. The PCA specifically provides that if a commercial organisation commits an offence relating to bribing a public servant and that offence is proved to have been committed with the consent or connivance of any director, manager, secretary or other officer of the commercial organisation, then that officer shall also be held liable for the offence and be subject to a prison term of between three and seven years, as well as a fine. The commercial organisation will be also be liable to be punished with a fine.

Companies and their officials accused of paying bribes under the PCA can raise a defence that the company had adequate procedures and compliance programmes in place, to prevent commission of offences related to bribery. However, the government has not yet notified the relevant rules and standards which set out the scope and contents of an effective compliance programme. It is pertinent to note that there have no changes proposed in this legislation in light of the COVID-19 crisis. The PCA continues to apply fully.

Conducting Investigations Remotely

Due to the lockdown and travel restrictions imposed by the Government of India, the conduct of internal investigations, which requires a great degree of human interaction, would inevitably slow down. Cross-border investigations are more likely to be hindered given the effects of the current pandemic are global in nature. However, there may be ongoing investigations that need to be completed in a timely manner, or new investigations would have to be commenced due to internal complaints/whistle-blower mechanisms or even external regulatory action.

Given that employees are working from home, different aspects of conducting investigations and policies governing these aspects may have to be adapted suitably in a systematic manner to be executed remotely. These would necessarily include elements such as document collection and review, conducting interviews remotely and presenting the outcome of the investigation remotely. In addition to being vigilant about potential complaints and having protocols in place to receive complaints, companies must also ensure that any reassessment and consequent modification of existing protocols is notified to all stakeholders within the organisation. The following practical and legal guidance may be useful in conducting investigations remotely.

Guidance on document collection and data review

While retrieving and collecting electronic data stored on common servers may be easily done remotely using digital forensic tools that would extract and process such data, collection of data in hard copy form or physical evidence or locally stored electronic data may be challenging during the lockdown.

Given that employees are working from home and may be using personal devices for work, companies must issue clear guidelines and policies addressing the distinction between personal data and work related data. The simplest way to mitigate this challenge would be to mandate that employees only work from home on work issued devices. However, if that is not possible, the company can issue guidelines to employees specifying that personal email cannot be used for document sharing or official communications. Additionally, the company may also notify employees that it would have the right to access all work-related data on the employee’s personal devices.

With respect to collection of hard copy data, companies may consider delaying such collection, or may ask their local counsel or local compliance team to collect hard copies. In case a witness is collecting hard copies, the company must oversee such collection by way of videoconferencing. Any process or protocol developed for hard copy collection must be documented and intimated to relevant stakeholders.

While reviewing documents electronically, companies must ensure secure access to data review platforms for both internal reviewers and attorneys. Data security issues must be addressed with each reviewer and companies must ensure the implementation of measures preventing the download of electronic data to any IP address that has not been pre-approved.

Guidance on Conducting Interviews Remotely

While conducting remote interviews, either via teleconference or videoconference, the interviewer and/or the interviewee may want to record the interview. Companies must evaluate this in view of privilege rules in their respective jurisdictions. In India, such recordings may be discoverable in the hands of a regulator or in a court proceeding. Basis this evaluation, companies should provide a disclaimer at the outset of each interview either expressly prohibiting the recording of the interview or permitting them.

In the event recording of the interview has been mandated by an enforcement agency or by internal guidelines, companies must inform the interviewee of such recording prior to the interview and obtain written consent (vide email) from the interviewee. Companies ought to keep in mind privacy considerations in order to prevent civil or criminal liability for potential misuse of interviews. 

Further, third party presence during the interview would compromise attorney-client privilege and sharing of documents relating to the interview by the interviewee with third parties would affect the confidentiality of the investigation. In order to exclude third party presence, companies should provide a clear disclaimer to employees that no one other than the witness should be physically present during the interview. In this light, it is strongly recommended that interviews should be conducted via video conferencing to ensure that third parties are not present.

To avoid document sharing with third parties by the interviewee, companies may exhibit relevant documents via videoconferencing or screen sharing during the interview. Another alternative is to share the documents via a secure link or with restricted access only to the interviewee shortly before the interview. Even with these precautions, it is possible that the content of the documents may be captured by screenshots. Therefore, companies must monitor the interviewee’s access to the documents during the interview.

Guidance on Regulatory Action

The lock down measures announced by the central and state governments in India also have consequential impact on the regulatory & law enforcement in India as well as the administration of criminal justice system in India. Courts in India moved to restricted hearings, i.e. hearing of only matters involving extreme urgency (like bail requests or requests for grant of an injunction or stay), with a view to effectively control and contain the spread of the COVID-19

It appears from media reports that investigation/enforcement wings have scaled down the pace at which they typically conduct their ongoing investigations and/or initiate fresh investigations. It appears that investigative agencies such as the Enforcement Directorate (“ED”), the Central Bureau of Investigation (“CBI”) and the Serious Frauds Investigation Office (“SFIO”) are planning to delay full scale investigations in various cases. That being said, functioning of the local police has been specifically excluded from the central government lockdown and initiation of new investigations, arrests, searches and seizures by the police, ED, CBI and SFIO cannot be completely ruled out.

Till the time specific directives or guidelines are framed setting out how the concerned law enforcement bodies can conduct the investigations during the lockdown, these agencies may face challenges in carrying out their routine operations such as conducting search or raids, seizure of documents, summoning/questioning the accused or witnesses, recording of statements. Further, given the limited availability of the courts for securing arrest or remand warrants and a general directive by Indian courts to de-congest the jails/prisons, the investigators may also not adventure to arrest any person for the purposes of investigation during these times unless in exceptional circumstances where they have reason to believe that such person may flee from justice and/or tamper with witnesses or evidence.         

In any event, in the absence of any official directive freezing the powers of investigators during the lockdowns, it may be prudent for companies to set a protocol in place to respond to any outreach from the investigators, as it may not always be possible to take real time advice from in-house legal team or external attorneys during the prevalence of this crisis.

The companies may note the following points to deal with any outreach from investigators during the lockdown:

    • Companies may consider establishing a response team for continuously monitoring the receipt of any requests or summons from the investigating authorities and handling the responses internally;   
    • Should the company receive summons from any investigating authority seeking any document or information:
      • The response team may consult relevant employee(s) of the company who are in the custody of such relevant information or documents and consider making an electronic submission to the investigators; or
      • Should the relevant document or information be not accessible owing to remote working, the response team may communicate to the investigators that owing to the lockdown restrictions, the documents or information sought by investigators is not immediately accessible and that they would comply with the summons soon after the lockdown.
    • Should the company or any of its employees receive summons from the investigators seeking their presence for the purposes of investigation, the response team may communicate to the investigators that the concerned employee or officer of company may not be able to comply with such request immediately owing to the lockdown restrictions and that such employee or officer would be present before the investigators soon after the relaxations of the lockdown restrictions.
    • The investigators in India are not accustomed to interview persons through video conferencing. However, should there be any request from the investigators seeking availability of the employees or officers of the company for investigation through video conferencing, the company may be wary while acceding to such request as it is possible that the video recording of the interview may be produced by the investigators in court at a later stage during the trial. As such, the company should seek clarity on whether or not the video conference is being recorded from the investigators.

Conclusion

The business and compliance risks are evident in the current crisis. Along with assessing how their business methods should adapt to the current crisis, companies would be well placed to use this as an opportunity for a detailed reviews of both their anti-corruption, anti-fraud compliance, as well as their whistle-blower complaint redressal machanisms.