Norwegian Legal Update, Summer 2020 – Compliance and Risk
Environmental, Social and Governance («ESG») Compliance, as explained in our webinar of March 18th 2020, has proven to be a growing expectation of both buyers and sellers in most M&A activities. While there was general demand for ESG compliance focus already before the pandemic crisis, the commitment to sustainability has become even more important in most due diligence processes due to the Covid-19 outbreak. Environmental focus has long been considered a growing key factor related to ensuring sustainability compliance. With the corona crisis, social and governance issues have also been brought in the forefront of most compliance processes. In addition, private equity firms and their portfolio companies are increasingly focusing on ESG compliance. The coronavirus implications is highlighting the importance of a healthy and safe working environment, which implies a shift from focus on environmental issues to an increased focus on social and governance compliance issues. Buyers and sellers seem to have now readjusted their expectations. ESG factors, with a higher focus on S and G, have developed to form an integral part of most due diligence processes. At same time, Norwegian and European Governmental institutions are continuously launching new initiatives related to ensuring long-term sustainable business conduct.
The EU Green Taxonomy was published on March 9 this year, as set out in the final report from the EU Technical Expert Group, and it seems clear that the green finance focus remains a key issue of the EU Commission as well as EU national governments going forward. The EU green taxonomy, as also referred in our article published March 30th in the Norwegian Financial Newspaper will help investors, companies, issuers and project promoters to navigate the transition to a low-carbon, resilient and resource-efficient economy. On 18 June 2020, the European Parliament adopted the regulation on the establishment of a framework to facilitate sustainable investment and this development is expected to continue and should be taken into consideration by businesses in relation to relevant compliance programs. Focus on sustainability and green finance is presumed to affect the compliance expectations by key players in all markets due to the Covid-19 outbreak. Forward thinking organizations, including private equity firms and financial investors, are encouraged to take practical steps to ensure they are well positioned in respect of ESG compliance requirements going forward.
Covid-19 has also proven to imply a heightened risk of bribery and fraud. Unethical behavior and exposure to fraud is now on the top agenda of many businesses. While the development further affects the governmental initiatives new legal requirements are being launched in respect of compliance issues. Lately the EU Financial Action Task Force (FATF) has released on May 4th, 2020 the paper «COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses» setting out challenges, good practices and suggested policy responses to address financial crime risks in the current pandemic environment.
The paper puts focus on several heightened compliance risk areas, such as:
- money laundering
- cybercrime and related digital fraud
- misdirection of government funds
- increased risks of corruption and bribery
As pointed out by FATF, all businesses should conduct an updated compliance risk assessment in order to understand their potential new risks post the Covid-19 outbreak and hence adapt appropriate operational responses.
At same time important changes to the Norwegian Penal Code has recently been put out to combat corruption and bribery committed abroad. The changes to §§ 387-389 of the Penal Code, which entered into force on July 1th 2020, has eliminated obstacles for Norwegian authorities related to the enforcement of bribery and corruption committed abroad by either Norwegian residents or by someone on behalf of a business established in Norway. The changes to the Penal Code removes the previous requirement related to so-called «double criminality» of corruption and bribery offences committed abroad. In order for Norwegian Authorities to be able to sanction such criminal activity, the principle of double criminality implied a requirement that the activity also constituted a criminal offence according to the local law of the country where the crime was committed. The removal of the requirement for double criminality implies a broadened extraterritorial reach of Norwegian Authorities (ØKOKRIM) in respect of Norwegian anti-corruption laws. Going forward, this change in laws should be taken into consideration by all Norwegian businesses with cross-border activities, especially in context of the heightened compliance risks post the Covid-19 outbreak.
Noteworthy in said context is also the resent update of the Compliance Guidance from the US Department of Justice (DOJ) which was published in June this year. The updated Evaluation of Corporate Compliance Programs summarizes the expectations of the DOJ related to what comprises an effective compliance program. Increased focus is put on «work on the ground», «adequately resourcing» and «data resources and access». The updated Guidance explains what is expected from all responsible business organizations in order to ensure that efficient compliance safeguards are in place. According to the Guideline all businesses need to evaluate regularly and understand their compliance risk picture. The businesses should then ensure that the compliance program in place is sufficiently customized and tailored to the current «risk-profile». The focus is put on «work to be done on the ground» and the necessity of having adequately resources in place to follow-up relevant compliance issues. As pointed out by the DOJ, in respect of efficient compliance there is no «one-size fits all». Tailoring is needed to ensure that the program is effective. The updated guideline further includes a new subsection «Data Resources and Access», which focus on the need for compliance resources to have access to relevant data and empirical analysis in order for them to understand the level of the organization’s compliance implementation. The DOJ Compliance Guidance is considered a relevant management tool for all businesses, irrespective origin of operations, and we recommend this to be taken into consideration in the efforts of running compliant and responsible business.