The term “compliance” describes acting in accordance with an order, set of rules or request. Compliance in business aims to generate value for an organization and ensure its survival.
Non-compliance has consequences: it can lead to personal and corporate liability including criminal liability. Being compliant means meeting the requirements of specific regulations or laws as well as a company’s designated values. Compliance is a good investment in order to mitigate negative legal consequences and to promote security in a company’s future.
We have formed a multidisciplinary team of Baltic-Belarus dispute resolution, public procurement, data protection, corporate governance, employment and white-collar investigation experts to help our clients with compliance-related assessment, implementation and crisis support needs. Our main purpose is to help companies to remain or become compliant. As a team we can identify, prevent, monitor and resolve compliance difficulties as well as advising businesses on rules and controls.
>> Compliance services, team and experience
ESTONIA and LATVIA
Tax notification obligation – new rules with retroactive effect
Legislative changes in Estonia and Latvia that took effect in early 2020 oblige businesses to notify the tax authorities of any cross-border arrangements falling within the risk category. The obligation also applies retroactively to transactions taking place after 25 June 2018.
This is an example of a measure deriving from yet another EU Directive (2018/822) aiming to tackle aggressive tax planning but it may have an effect on any company engaged in cross-border transactions.
The obligation to notify lies mainly on tax advisors who propose a cross-border tax arrangement. Attorneys are relieved from this obligation since they enjoy professional privilege. However, if nobody else is under obligation then the business itself should issue the notification – even where in the regular course of business it has come up with a solution for saving tax which is now labelled as a cross-border tax arrangement.
For businesses it will be necessary to:
- assess whether their arrangements fall under any of the risk categories in order to comply with the notification obligation and avoid penalties;
- set up country-specific notification procedures;
- control their tax and transaction information flow as disclosure rules and penalties differ among EU Member States;
- determine what options are available to reduce and channel risks related to the notification obligation.
Our tax lawyers together with their colleagues within the WTS global tax network can help with assessment (and reporting, where required) anywhere throughout the EU. Our tax experts Tanel Molok and Alisa Leškoviča will gladly help to explain the legislative changes in more detail if necessary.
Monitoring conflicts of interest – how to ensure compliance with personal data protection and labour law?
Conflicts of interest are a risk for most companies throughout different sectors. In various regulated sectors, direct legal obligations exist to control conflicts of interest both in the public sector as well as for regulated private companies. An often-used measure is the obligation of key employees and board members to declare their economic interests.
However, outside regulated sectors no direct general mandate requires private companies to control conflicts of interest. When companies implement measures to avoid conflicts of interest, they should take into account that certain limits derive from data protection law (namely the General Data Protection Regulation) and labour law.
Estonian and Latvian labour law require employees to notify employers of all significant circumstances relating to the employment relationship where the employer has a legitimate interest. The Data Protection Authority has affirmed that companies have a legitimate interest in avoiding conflicts of interest. However, processing personal data for this purpose is only allowed if this interest overrides the interests and fundamental rights and freedoms of the data subject. If requesting information about potential conflicts of interest, companies should take the following steps to ensure compliance with data protection laws:
- clearly define what constitutes a conflict of interest and make this information available to employees and board members;
- determine the necessary personal data to be collected from employees and board members or third parties, taking into account the principle of data minimisation;
- notify employees and board members of processing as required by the GDPR;
- conduct and document a legitimate interest assessment.
Our regional compliance sector group can help with preparing the necessary documentation, so that companies can effectively avoid conflicts of interest while staying compliant with data protection and labour laws.
Why ensuring environmental compliance should be taken seriously
In Lithuania a recent scandal relating to untreated industrial wastewater served as a reminder to industrial sector companies of the importance of environmental compliance.
The story of a major Lithuanian paper and cardboard producer widely covered in the media illustrates that irresponsible treatment of environmental norms leads to massive ecological damage, a negative impact on company reputation and even personal responsibility on the part of company managers.
To prevent violation of environmental norms three main steps should be taken:
- identify the legal requirements for activities carried out by the company;
- verify that the company has all the necessary permits, consents, and other prerequisites for carrying out the business;
- determine whether the existence of any irregularities was recorded by the authorities and whether these irregularities have been corrected ‒ and, if so, how.
Competition compliance: surviving in a world of excessive fines and increasing powers of competition authorities
Growing powers of the competition authority and increasingly strict measures are driving companies to pay ever more attention to ensuring compliance with competition law rules.
Prohibited agreements or other competition law infringements can result in fines of up to 10% of a company’s gross annual income or a requirement for companies to apply corporate structure-related changes such as selling shares or property and reorganisation. Furthermore, responsibility for violations is not limited to companies but also applies to their managers – the competent authority can impose fines of over EUR 14,000 and prohibit them from holding any managerial position for up to 5 years.
We are keen to help you prevent costly competition law infringements by applying compliance measures such as:
- setting up an internal competition compliance framework to meet your needs;
- reviewing and updating internal documents and procedures related to competition law compliance;
- delivering interactive competition law training for employees;
- assessing potential risks your company is facing;
- ensuring smooth communication between company employees and competition law enforcement bodies.
Important requirements of law on employment
As of 27.07.2019, local labour authorities can evaluate the completeness of information on vacancies provided by employers. This evaluation was introduced by Instruction No. 33 approved by Resolution of the Belarusian Ministry of Labour and Social Protection.
Evaluation has a preventive nature and is aimed at revealing the facts of incompleteness in information provided: the labour authority will verify job listings posted by employers in the media/ Internet/ advertisements against information kept by the labour authority.
According to the current law, employers must notify the local labour authority about a vacancy within 5 days from the date of its occurrence. Failure to notify, untimely notice or incomplete notice involves administrative liability in the form of a fine on the company’s official in an amount up to 20 basic units (approximately EUR 250).
The proven fact of non-compliance will entitle labour authority specialists to come to the company’s office to review employment documentation.
Personal data protection
New conditions for handling personal data (“processing”) are being developed in Belarus.
The Draft Law of the Republic of Belarus “On personal data protection” (“Draft Law”) is being prepared for second reading in the lower chamber of Parliament.
The Draft Law establishes new regulation in the field of personal data protection in Belarus. The scope of application of the law includes processing personal data with the help of automation tools or without them but with the ability to search by criteria, which covers the activities of most companies. Certain provisions of the new regulation have shades of the personal data protection regime establishment in the legislation of the European Union (GDPR). At the same time, the Draft Law contains local specifics and regulation.
Under the Draft Law, sensitive personal data relate, in particular, to a person’s nationality, political views, health or sexual activity, biometric or genetic characteristics. The general requirement for processing such data – on the basis of consent only – may affect the processing of data in medicine and processing of information for unique identification (including fingerprints, facial image).
The Draft Law establishes a special procedure for the transfer of personal data to the territory of foreign states. If the state where data is transferred to does not provide the appropriate level of protection, then, as a general rule, transfer will be prohibited – the operator will have to analyse whether a case is subject to exceptions.
According to the Draft Law, an operator takes into account legislation in determining the composition and list of measures to ensure compliance with personal data protection requirements. However, certain requirements are mandatory, for example:
- appointment of a person or structural unit responsible for processing personal data,
- development and publication of a personal data processing policy,
- familiarisation of employees with legal requirements,
- provision of technical and cryptographical protection.
The Draft Law may be adopted during the next Parliamentary session in spring. It sets a one-year period to take effect, so we do not expect it to enter into force earlier than spring 2021.