This article challenges the widely acknowledged thought that multinational company groups are better equipped to deal with compliance challenges. In this context, we use the term of multinational company group (or preferably the short version “group”) for a combination of companies that exist in a multitude of jurisdictions and are under common control of an entity, natural person, or several entities and/or natural persons acting in concert.
It is generally believed and probably true that these groups tend to have an increased awareness of legal compliance as well as more resources at their disposal and thereby have more elaborate legal compliance infrastructures in place than usual local single-entity businesses. Their awareness can stem from cultural predispositions, such as originating from jurisdictions with high sensitivity. It can also have been caused by purely practical necessities, such as their business models, dealings with business partners, relevant regulations or geographic footprints being exposed to a high degree of compliance risks. One certain reason is that compliance incidents occurring within them can fulfil the so-called nexus for US, UK or other antibribery authorities to intervene. Aware of that, they employ compliance professionals that may be dedicated (specialized) or have dual roles as lawyers and compliance officers.
Organizational efficiencies as the root cause of difficulties?
These cross-border operating groups typically run several businesses and maintain distinctly organized support functions (such as legal, finance, HR and IT). Increased specialization has seen these businesses and support functions being more and more often organized to extend across international borders: In these situations, solid reporting lines are woven only inside these businesses or support groups, without regard for national borders and the locations of the entities by which the members of these businesses and support functions are employed. These businesses or support groups would then be connected at their top-levels to the top-levels of the group, to their respective leaders. Hence, a sizeable portion of the employees in the entities organized in the various countries would be connected to their local managements only by a so-called “dotted reporting line”, resulting in a looser oversight by the local leadership.
Increasing efficiency requirements pressure these groups to organize themselves in a manner avoiding redundancies and consequently promoting a cross-entity and cross-border sharing of human resources. One result of that trend can be the formation and maintenance of specialized “service entities” that do not act as profit-centers and whose resources are shared in the group to perform certain functions or whose purpose is reduced to own certain assets only. More generally, employees of one entity can perform the same function for (or serve) several entities within the same group, as far as this is legally and practically possible due to the variance of local rules. In more extreme cases, a specific employee would be connected to an entity in Country X by a direct reporting line for some of the tasks, and by another direct line to an entity in Country Y in relation to the other tasks. A notable consequence of the mentioned sharing of human resources is that entities that operate a sizeable and sometimes sophisticated business may need only a small pool of employees and have a number of tasks be handled by the employees of the support entities within the group.
Can the laws cope with this level of “organizational creativity”?
By nature, every legal entity needs natural persons through which it can act. It must establish a system of delegation of duties and authorities to function, act and transact. Setting the legal frame for the acting individuals poses challenges in groups where organizational duties are allocated in the described complex cross-border manner.
Laws have an “incomplete” view of the real functioning of groups. Jurisdictions that do not even recognize the concept of affiliation (including the Turkish Commercial Code of 1956) have big challenges to grasp the reality, in that they assume that all entities are acting autonomously.
Some other jurisdictions do regulate affiliation, but they do not properly acknowledge the bundling of several entities into economic units. They are more concerned about the bilateral relationship between two affiliated entities (and the direct benefits and burdens they exchange) rather than taking a more holistic view at the group. Whilst they have elaborate rules for addressing that some entities may be steered by others, they unrealistically assume that such control is exercised by way of “instructions” issued from the controlling entities and addressed to the governing bodies of the controlled entities.
Most legal systems assume that the management body of every entity is in charge of and knowledgeable about the actions performed by that entity. In practice however, these bodies are often filled with members, without much consideration for their knowledge of the relevant business and jurisdiction. The knowledge and organizational authority of these directors does not overlap with the extent of their legal responsibility. Generally, legal systems do not perceive and address the solid reporting lines established at the middle and upper management levels of groups whose businesses and support functions are organized across international borders a multitude of entities. In consequence they do not provide for any legal solution for this divergence between the organizational and legal responsibilities for an action.
Role and efficiency of compliance policies in groups
The main instrument for enforcing legal compliance in any organization is the setting of specific rules. These so-called compliance policies are instructions by a legal entity to the natural persons fulfilling functions within and/or on acting on behalf of it to do or restrain from doing certain actions.
In many countries, compliance policies are an “imported good”, i.e. they are localized texts built on original texts drafted for different countries. In the “receiving” countries, the awareness of the consequences of breaches will often be lower when compared to the more sophisticated markets of the “headquarters”. As a result, the employees of the subsidiary may be less prone to comply with them. Also, the subsidiary will find it difficult to diverge from practices established in its local market (suppliers, customers, regulators, courts, just to name a few). And these efforts will likely result in some business being lost to competitors, that may be acting without these restrictions. The leaders of businesses may prioritize the short-term achievement of financial goals, whereas the remuneration systems typically rewards achieving results, and not so much the proper observance of compliance policies.
Also, these policies have an effect only if their breach can be appropriately penalized. And if such a breach is committed and an assessment is to be made on the appropriate legal consequences, a key question is at which level of the chain of command that breach occurred. This information is crucial to establish the criminal and civil law responsibility of the acting individual(s) and possible employment-law remedies against them.
Clarity on the circumstances surrounding the breach is important also for the entity in question, in particular for determining whether itself is contaminated, i.e. can be held responsible for the breach. One important element of the concerned entity’s defense strategy will be to demonstrate that the breach was not the consequence of an organizational failure (i.e. lack of training or relaxed approach to legal compliance) but can be explained as the actions of one or a small group of individuals. That defense can only be credible made if (among other things) the responsibilities and authorities within that organization are clearly allocated and such allocation is fully reflected to the legal framework governing that organization. Achieving this level of clarity in groups is a challenging task.
The three levels of responsibilities and authorities – Corporate authorities, Employee loyalties and Organizational lines
From the perspective of the author, responsibilities and authorities in an entity are organized at three distinct levels:
The first one is the corporate (or company law) level, that follows the allocation of duties and authorities according to appointments made to management bodies, the delegations made by the same bodies, and extensions to other persons provided by special powers of attorneys. This is comparable to a “web” of decision-making powers and signing authorities foreseen for the multitude of group companies under their respective local company laws, internal regulations, and trade registry entries. Most company law systems work by assuming that every single legal entity is autonomous and managed by its governing body appointed by its shareholders. In such a system, loyalties and reporting obligations of the acting individuals will be directly owed to the very entities from which they derive their authorities. Coming back to the allocation of responsibilities in a group, at the corporate level, the members of the governing body taking the decision, or the authorized signatories of a document would be the legal (nominal) originators of any action. But in reality, in many groups, these individuals would be sitting at several governing bodies across a multitude of jurisdictions, sometimes having limited knowledge of the documents they sign, and the decisions they “approve” would be taken even before formal deliberations would be made. In practice when presented with a proposal, the acting persons would rarely scrutinize a motion in a manner the corporate laws assume they would do. They would lack the detailed knowledge of the factors surrounding the proposed action and often, their hierarchical/organizational status within the group would not foresee their intervention anyway.
The second level consists of the responsibilities and loyalties created by employment contracts with the management and personnel. One particularity of the groups we examined here is that, unlike in a family business, all acting individuals are professionals on payrolls. Technically speaking, employees must be loyal to and follow the instructions of the entities with whom their payrolls are. They must act in the interests of their direct employers, not the groups that own/control such employers. The loyalty connections formed by the “web of employment contracts” sometimes do overlap with those in the first discussed “corporate web” of decision-making powers and signing authorities. However, they very often fall apart namely because of organizational efficiency needs and the pooling of employees in groups we described above. In many cases, individuals are employed by the entity in their country of residence due to social security and tax constraints, but this does not necessarily mean that they are performing works only for that entity.
Finally, a third level or web of responsibilities exists, which is the one that matters most, the organizational level. This is the informal or semi-formalized set of rules allocating duties within the organization, derived from the organizational chart, the job descriptions of the personnel and the direct reporting lines. Again, in a simple one-entity structure, responsibilities within the organization would overlap with the corporate level allocations and the loyalties created by employment contracts. However, the groups we discussed operate several businesses and maintain distinct support functions, which are organized across international borders. The reporting lines constituting these businesses or functions are the third level or web, establishing the hierarchies through “whose veins decisions would flow”. This web of responsibilities is sometimes partially documented in internal regulations or business manuals, but rarely embodied in formal documents in its entirety.
Conclusions
One of the aims of every compliance process is the determination of the responsible persons, to find out why and how exactly a breach occurred.
When organizing their businesses and support functions in an international landscape, groups prioritize the efficiency of costs and taxes, business considerations and regulatory aspects. By-products of that are the wide diversity in cultures, languages, and legislations that apply in groups – this produces confusions in compliance processes.
Local laws do not fully grasp this complexity. When having to decide in connection with a compliance breach committed by an entity, whether to prioritize the corporate responsible (e.g. a board member) or the organizational person in charge (the leader of a business), a court will most likely follow the former and apply responsibility to the board member, even though the real decision-maker will have been the leader of the business. Courts and legal practitioners should start to acknowledge the strong pressures the organizational hierarchies can have over employees and that they are expected to act as employees of a group rather than a specific entity. This would ideally translate into a redefinition of the individuals’ duties of loyalty so that loyalty can also in a legal technical sense be owed to a group rather than a single entity.
In compliance processes, conflicts between the three levels of responsibilities and authorities rarely come to light. They do so namely in case a person responsible at the organizational level uses as a defense the lack of responsibility at the corporate or employment level. Compliance processes must be robust against legal challenges, hence a well-organized group should make efforts to reduce or eliminate the discrepancies between the levels.
Groups prefer these complex structures due to economic benefits. Since they will not move to simpler structures just to make life easier for compliance professionals, efforts to eliminate discrepancies most focus on more accurately reflecting organizational structures to the corporate and employment level authorities and duties.
Also, a clever usage of compliance policies can be helpful to achieve that goal, however, their localization must be made professionally, at a high quality.
Article: Dr. Selim Keki – Senior Partner at Balcıoğlu Selçuk Ardiyok Keki Attorney Partnership
Source: INmagazine 37. Sayı
For Other Issues: INmagazine
Disclaimer: The views and opinions expressed in the articles are those of the author(s) and do not necessarily reflect the official stance of the Ethics and Reputation Society.