Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.
posted 1 year ago
This article originally appeared at: https://globalinvestigationsreview.com/guide/the-practitioners-guide-global-investigations/2023/article/india
Enforcement actions have remained steady, with no reduction on account of the COVID-19 pandemic. The sectoral trends of corporate investigations have largely remained constant during the past five years, with a sustained focus on defaulting lenders of large loans who have engaged in fraud or misused funds; bribery of government officials; fraud in all forms, with no materiality threshold; corporate governance lapses; and conduct affecting the securities markets.
India’s principal money laundering legislation – the Prevention of Money Laundering Act, 2002 (PMLA), with its wide ambit of predicate offences – has been used with impunity, making the defence all the more complex.
Investigations are typically long. Therefore, rather than isolating a single case, we highlight the following key developments:
Corporate criminal liability was given legal status by the Supreme Court of India (in Iridium India Telecom Limited v. Motorola Inc and Standard Chartered Bank and Ors v. Directorate of Enforcement) on the premise that criminal misconduct by a body corporate would be punished by a fine instead of imprisonment (in the event of a conviction), but all other procedural elements of criminal prosecution being the same as for an individual. Indian jurisprudence has also taken a consistent view that there is no vicarious liability in criminal law, unless the statute expressly provides for the same.
Corporate criminal liability is attributable by any statute. However, those most relevant to business crime are the Indian Penal Code, 1860 (IPC), the Companies Act, 2013 (CA 2013), the Income Tax Act, 1961, the Securities and Exchange Board of India Act, 1992, the Black Money (Undisclosed Foreign Income and Assets) and Imposition of Tax Act, 2015, the Negotiable Instruments Act, 1881, the Competition Act, 2022 and the Prevention of Corruption Act, 1988 (PCA).
More recent legislation has seen a shift towards both recognising a compliance defence and also expressly requiring directors, officers and key managerial personnel who oversaw misconduct to be prosecuted. Key among these are the 2018 amendments to the PCA.
India does not have a central prosecution agency or investigation arm but follows a statute-based model, whereby investigative powers are given to a law enforcement authority limited to the realm and, in turn, the offences codified in a specific statute. Therefore, a typical case of fraud and bribery may involve multiple enforcement bodies investigating the same set of facts, all bringing different charges, before different courts through distinct trials. Although the offences are spread out across different statutes, investigation and prosecution procedures in matters of criminal law are uniform and are enshrined in the Criminal Procedure Code, 1973.
In addition, sector-specific regulators prescribe regulatory standards, the breach of which may result in fines and penalties. These include the Reserve Bank of India (RBI) for banking and the Insurance Regulatory and Development Authority for insurance companies. The investigation and regulatory action procedure is covered by the relevant statute or charter and the rules, regulations and circulars prescribed therein.
They key law enforcement authorities and their jurisdictions are as follows:
The CBI, being India’s premier investigating authority, has a relatively broad mandate, unlike the strict guard rails placed on other authorities. The CBI also serves as India’s nodal agency for Interpol.
The legal standard for commencement of an investigation into criminal misconduct is when a law enforcement authority has convinced itself, based on the complaint, submission or evidence before it, that prima facie the commission of an offence is established and requires further investigation.
The regulatory standard, while similar in process, is marginally lower since the breach in question is not a criminal offence and the ultimate standard is ‘more likely than not’ as opposed to beyond reasonable doubt.
In both situations, Indian law envisages cogent reasoning and rationale by law enforcement authorities and regulators, prior to initiation of an investigation. However, in general, this degree of care is seldom exercised.
Both departmental and judicial recourse is available to challenge a notice or summons (subpoena), that is at the level of the concerned law enforcement authority or regulator by way of correspondence (typically in writing) or a challenge before the jurisdictional courts.
Generally, the hierarchy of the criminal courts would apply, including recourse to constitutional courts (i.e., the high courts (organised by state or a group of states) and the Supreme Court of India), except certain statutes where special courts have been established. A special court would remain subordinate to the high courts and Supreme Court but would effectively replace the trial court and pretrial or investigation monitoring court.
Similarly, there are specific tribunals and appellate bodies on the regulatory side, such as the Securities Appellate Tribunal for securities law. Appeals from the tribunals would continue to lie with the high courts and the Supreme Court of India (in that order).
In general, the criminal justice system does not allow co-operation agreements in the nature of deferred prosecution agreements or non-prosecution agreements. That said, co-operation is key, especially in establishing a corporation’s intent, which would be valuable both at trial and, in the case of a conviction, at the time of sentencing. However, an accused may become an approver or state’s witness, after being arraigned as an accused based on the level of co-operation, which is determined by a court as opposed to a law enforcement body.
On the regulatory side, co-operation carries more tangible advantages and a formal legal framework, both for granting leniency and for settlement of regulatory breaches. For example, a violation of securities law that does not result in market-wide impact or fraud may be settled by way of the SEBI (Settlement Proceedings) Regulations, 2018, which provide for specific weight to be given to co-operation. Similarly, the Competition Act, 2002 and the Competition Commission of India (Lesser Penalty) Regulations, 2009 allow for leniency to a member of a cartel who has co-operated.
Enforcement priorities have largely remained consistent with a focus on addressing corruption, money laundering and large-scale fraud. Although it would be difficult to highlight which of these would take precedence over the others, of late, fraud against financial institutions has been a key priority area. To this effect, the Government of India has enacted new legislation (Fugitive Economic Offenders Act, 2018) and has followed an aggressive strategy when seeking the extradition of Indian businesspersons who have fled the country.
An effective compliance programme has significant legal value in terms of demonstrating corporate intent and distinguishing it from rogue employee action. From a criminal law standpoint, the 2018 amendments to the PCA for the first time brought about an absolute compliance defence (i.e., a complete bar to prosecution in the case of an effective compliance programme). However, to date, the Government of India has not prescribed any standards for what an effective compliance programme would be. The PCA’s unique position apart, even where such an absolute defence is not prescribed, it enables a robust defence.
In the regulatory space, particularly regarding securities market participants and financial institutions, there is an expectation of risk-based compliance programmes that focus on the spirit of compliance rather than the form of regulations. The RBI and SEBI, for example, have placed a great emphasis on compliance and regularly prescribe norms, inspect compliance programmes and mandate third-party assessments on the efficacy of compliance with regulations.
At present, India does not have consolidated legislation dealing with cybersecurity. However, there are several pieces of sector-specific legislation that, among other things, set standards for maintaining cybersecurity.
Primarily, the Information Technology Act, 2000 (IT Act) and the rules thereunder recognise and govern cybersecurity and deal with fines, penalties, compensation and adjudication. The Ministry of Electronics and Information Technology is empowered under the IT Act to formulate these rules. The Indian Computer Emergency Response Team (CERT-In), established under the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013, acts as the nodal agency responsible for addressing cybersecurity issues. Notwithstanding sector-specific regulations prescribed by regulators such as the Reserve Bank of India, the Insurance Regulatory and Development Authority of India and the Securities and Exchange Board of India (SEBI), the Indian Penal Code, 1860 (IPC) prescribes punishments for offences that can be committed in cyberspace, which may include cheating, fraud and defamation, among other things. Sectors with strategic importance, such as insurance, finance, banking and communications, remain subject to heightened regulatory scrutiny in terms of cybersecurity.
For corporate entities, directors and key personnel entrusted with the management and conduct of company business can be held liable for offences committed by the company as per the provisions of the IT Act, subject to their having actual or constructive knowledge of the violation. To avoid liability, corporate entities must demonstrate that adequate security control measures have been implemented in their organisation to deal with a cybersecurity breach. In April 2022, CERT-In issued detailed guidelines for corporate entities with computer networks or systems in India that have been affected by cybersecurity incidents. These guidelines include reporting requirements, the obligation to assist CERT-In and know-your-customer requirements. Compliance with these guidelines is mandatory and non-compliance is punishable with a fine of 25,000 rupees per offence.
Although ‘cybercrime’ has not been expressly defined under any legislation, the Criminal Procedure Code, 1973, the IT Act, the IPC and the Indian Evidence Act, 1872 regulate this sphere. Actions such as tampering with computer source documents, propagating or sending offensive messages via a communication service, dishonestly receiving stolen computer resources or communications and identity theft, among other things, are listed as punishable offences under the IT Act.
The IT Act also grants powers to issue directions for the interception, monitoring or decryption of any information through any computer resource, and to authorise the monitoring and collection of traffic data or information through any computer resource for the purposes of cybersecurity.
Although the legal framework is broad enough to incorporate a wide range of cybercrime offences, enforcement as a whole has been weak, principally because of a limited capacity to handle the scale of digital penetration in India. However, in a bid to improve the cybersecurity framework in India, several initiatives have been taken. These include the setting up of the Indian Cybercrime Coordination Centre (I4C) as the nodal point in the fight against cybercrime; the establishment of seven joint cyber coordination teams that cover the entire country on the basis of cybercrime hotspots and facilitate coordination among various state law enforcement agencies; the launch of the National Cyber Crime Reporting Portal; preparation of a training curriculum for personnel of law enforcement agencies, public prosecutors and judicial officers; and the launch of the Citizen Financial Cyber Fraud Reporting and Management System for immediate reporting of financial fraud.
Criminal law does have extraterritorial effect in certain exceptional circumstances, including offences to target computer systems in India under the Information Technology Act, 2000.
The Criminal Procedure Code, 1973 (CrPC) also addresses reciprocal arrangements for assistance in certain matters and procedures for the attachment and forfeiture of property. Specifically, under section 105 of the CrPC (which provides for reciprocal arrangements regarding processes), a court within India’s territory can ask for a summons or warrant in a criminal case to be executed in any country outside India with whose government the Government of India has made arrangements to that effect.
The key challenges in cross-border investigations remain those associated with the enforcement of extradition and mutual legal assistance treaties (MLATs). The overburdened criminal justice system results in prolonged extradition trials and a generally apathetic approach in responding to MLATs. This experience is not unique to India, though the Indian experience typically results in a similarly diminished enthusiasm to address Indian requests under MLATs or for extradition.
Protection against double jeopardy is constitutionally enshrined as well as specifically addressed in the CrPC. However, this does not extend to prosecution that has arisen in another country even if it is based on the same facts. In practice, the findings and conclusions of foreign courts and enforcement or regulatory authorities would be valid as evidence in India.
Unlike the US ‘anti-piling on’ policy, the current Indian framework is a pile-on model, since there is no single prosecution or investigation authority, with each law enforcement body commencing its own distinct investigation and prosecution (though they may rely on each other’s findings and co-operate among themselves).
Global settlements are not the norm, given the settlement regime in India. The authorities closely monitor global enforcement and regulatory actions, and typically bring their own cases, even when they are co-operating and sharing information through MLATs or otherwise with their foreign counterparts.
Decisions made by foreign authorities hold significant persuasive and evidentiary value with Indian law enforcement authorities and courts. Adverse findings will become valid evidence.
Nevertheless, the prosecution would have to prove their case afresh and cannot merely rely on a foreign court’s or enforcement authority’s decision or remarks, unlike in matters of civil law where foreign judgments can be enforced in India so long as there are reciprocal arrangements in place.
India follows a largely universal sanctions regime, with sanctions for national security purposes and trade or economic sanctions. India may also impose sanctions (through notification) prescribed by the United Nations Security Council via the United Nations (Security Council) Act, 1947.
India has recently imposed significant economic sanctions against China, including the banning of several Chinese technology applications.
Sanctions, generally, have not been a top enforcement priority for Indian authorities. There has not been a significant increase in sanctions enforcement, other than those against China.
Conversely, organisations in the private sector – from financial institutions to clearing house agents – for the most part, have in place elaborate mechanisms to assess sanctions violations (know-your-customer requirements, declarations, recipient account confirmations and address confirmations, etc.), in view of the liability that would accrue to them both within and outside India.
Indian authorities co-operate with their foreign counterparts on sanctions matters but may often be hampered by the delays typically associated with extradition and mutual legal assistance treaties.
Currently, India does not have any blocking legislation in relation to sanctions imposed by other countries. However, the government has the option of issuing countermeasures to avoid Indian companies (and foreign companies operating in India) being affected by sanctions.
India does not have any blocking legislation currently.
Investigations may commence from traditional sources such as whistleblowers, formal complaints, self-reporting, directions from courts or the federal or state government. However, a fair proportion of cases commence from actions by law enforcement authorities in other countries and media reporting.
India presently does not have comprehensive legislation governing data protection or privacy. The key legislation in this sphere is the Information Technology Act, 2000 (IT Act) and the transfer of personal data (specifically sensitive personal data or information) is governed by the Information Technology (Reasonable Security Practices and Sensitive Personal Data and Information) Rules, 2011 (SPDI Rules). The SPDI Rules impose certain obligations on corporate entities that deal with personal data (including implementing a privacy policy and adhering to various consent, data disclosure, transfer and security requirements) and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 mandate body corporates that classify as intermediaries to have in place terms and conditions and user agreements.
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act) makes stringent data protection provisions and, if any offence or contravention is committed by a company, the directors of the company and key management will be liable for the offence. The only defence available is if they show that the offence was committed without their knowledge and that they had conducted due diligence.
The Supreme Court of India, while establishing the right to privacy as a fundamental right in Justice Puttaswamy (Retd) v. Union of India (Privacy Judgment), held that it was not an absolute right and could be subject to reasonable restrictions. Following the withdrawal of the Personal Data Protection Bill, 2019 in August 2022, a revised bill – the Digital Personal Data Protection Bill, 2022 – has been circulated, with an enhanced focus on personal data. The revised bill seeks to impose hefty penalties for non-compliance akin to the European Union’s General Data Protection Regulation but is yet to be passed by the Indian Parliament.
The IT Act and the Aadhaar Act both prescribe fines, penalties and imprisonment for a host of offences, including wrongful disclosure and misuse of personal data, causing wrongful gain or harm to any person, and violation of contractual terms regarding personal data. This is enforced by way of adjudicating authorities, with the Telecom Disputes Settlements and Appellate Tribunal (constituted under the Telecom Regulatory Authority of India Act, 1997) being the appellate authority (following the Finance Act, 2017).
Under the IT Act and the SPDI Rules, a company can be penalised for negligence in handling sensitive personal data or information.
The key challenges in internal investigations arise from company policies that do not conform with Indian law or are ambiguous on the personal use of company devices or company email or have bring your own device policies. In terms of forensic imaging or review, where policies are unclear on usage (for personal purposes) or where there is a reasonable expectation of privacy, there is an inherent risk in accessing personal and sensitive information (owing to universal technological limitations). Free and fair consent would need to be obtained from the custodian to access such data, which can become challenging.
A company has the legitimate right to review their employees’ communications on all business matters and there would not be a legitimate or reasonable expectation of privacy. Nevertheless, a company may not access personal data or sensitive information (including that which is stored on company devices or company email) without express consent.
Law enforcement and regulatory authorities seeking employee communications for an investigation would have unfettered access, save and except in respect of legally privileged information.
Search warrants and dawn raids are a common feature in India, with heightened and aggressive use during the past decade.
Search and seizure are regulated by the Criminal Procedure Code, 1973 and apply to all criminal offences. The procedure involves judicial oversight before a search warrant can be issued, with requirements for the preparation of detailed documentation (seizure memos in the presence of independent witnesses). At the same time, there is no clarity regarding the presence of legal counsel during a search and seizure operation.
Procedurally, prescribed safeguards are routinely exceeded and the recourse is judicial – to the jurisdictional court or the High Court by way of writ jurisdiction. Appeals can be taken as far as the Supreme Court of India.
The Evidence Act, 1882 protects communications between an attorney and the attorney’s client. Ideally, when a company notifies law enforcement authorities during a dawn raid about materials being privileged, they would be obligated to respect the same. If a notification of privileged materials is not respected, or law enforcement authorities believe the materials are not privileged, the recourse would be before the jurisdictional court or the high court by way of writ jurisdiction. Appeals can be taken as far as the Supreme Court of India.
An individual’s testimony cannot be compelled in India and the right against self-incrimination is considered fundamental under the Constitution of India (Article 20(3)). Testimony provided to law enforcement authorities is not unimpeachable until it is recorded before a magistrate. However, witnesses can be compelled to provide evidence even if it incriminates them, but witnesses’ evidence cannot become the basis of their arrest or prosecution.
With respect to companies, absolute protection against self-incrimination does not apply and there is conflicting jurisprudence on this subject.
The Indian legal regime is weak as regards the protection of whistleblowers. There is no substantive legislation, only principle-based guidance, and any protection available relies on the strength of a company’s corporate governance structure.
Apathy towards whistleblower protection is evident from the Whistle-Blower Protection Act, 2014, which has been passed by Parliament but is yet to be formally notified and only pertains to government officials, public servants and government-owned enterprises. The Companies Act, 2013 prescribes standards for a vigilance or whistleblowing mechanism (including direct oversight by the audit committee of the board) but these are applicable only to a small class of companies, and publicly traded companies in particular.
Nevertheless, the Reserve Bank of India and the Securities and Exchange Board of India (SEBI) have adopted a very firm approach to protecting whistleblowers against victimisation, retaliation and harassment. However, again, this is limited to the entities they regulate (i.e., banks and listed entities) as opposed to it being a market-wide approach.
Although there is no central scheme that provides for financial incentives for whistleblowers, the SEBI (Prohibition of Insider Trading) Regulations, 2015, give SEBI the discretion to reward an informer who gives information regarding insider trading with up to 100 million rupees.
Indian employment law typically envisages complete co-operation with internal investigations; however, a company cannot be coercive in its desire to secure co-operation.
The rules of engagement for employees governed by employment contracts (employment at will) versus those for workmen under the Industrial Disputes Act, 1947 differ significantly; the former are far more pro-employer and pro-company whereas the latter are more balanced and harder to enforce.
The general principles of providing any person covered within the scope of an internal investigation an opportunity to be heard would apply to both officers and directors, although in the case of directors this is also statutorily enshrined – even when a director does not co-operate and the shareholders elect to remove the director.
Again, the distinction is largely between employees with employment contracts (employment at will) and those who are workmen under the Industrial Disputes Act, 1947.
As regards the former, during an investigation, interim actions such as suspension, holding back of bonuses or return of company assets may be effectuated, based on cogent reasoning. After the investigation, separation for cause or without cause may be undertaken (based on the contractual terms and after assessing local shops and establishment rules), legal proceedings can be initiated and monies paid can be clawed back. The expectation of law enforcement authorities will be to see how seriously companies take misconduct, and the retention of implicated employees in the case of serious misconduct may be viewed adversely against the company. Therefore, it is typical to see harsher post-employment sanctions. Nevertheless, employment sanctions are solely the prerogative of the company.
For workmen, the procedure and processes under the Industrial Disputes Act are elaborate and would need to be followed before any interim or final sanction is implemented.
Employment contracts in India are generally at will. An employee’s refusal to participate in an internal investigation may be construed as non-compliance with company policies and may become a ground for the employer to consider dismissal, so long as compliance with company policies that include co-operation with internal investigations is stipulated in the contract – which it typically is. Whether or not the employer wishes to undertake a termination for cause or without cause would be at the employer’s discretion and contingent on the facts of the case.
It is common practice to outline the scope of an internal investigation, as the scoping document would also be a major advocacy point at the initial stage of the internal investigation in the event that enforcement or regulatory action has already commenced. A scoping document or terms of reference would typically include:
In general, good corporate governance and the fiduciary duties of directors and officers of the company would mandate that such issues are assessed and investigated internally, and the subsequent course of action would be based on this. If a company deliberately or wilfully neglects to assess or address such an issue, it would be viewed negatively by law enforcement and regulatory authorities.
Further, specific statutes oblige companies to take steps in consonance with the particular statute, such as the Sexual Harassment of Women (Prevention, Protection and Redressal) Act, 2013.
Most law-abiding companies would comply with notices or summons (subpoenas). If requested documents or data include privileged materials, then privilege may be asserted. A company may challenge a notice or summons either administratively (via written correspondence) or before the jurisdictional court or the high court (via writ jurisdiction).
There is no affirmative legal obligation on non-publicly traded companies to disclose an internal investigation into typical white-collar criminal offences. There is a duty to promptly report certain classes of offences under the Indian Penal Code, 1860. However, the most common white-collar crime offences do not fall within the purview of section 39. Therefore, public disclosure and engagement with law enforcement authorities become a strategic decision based on the facts of the case. This decision would also establish whether the company’s statutory auditor intends to exercise its fraud reporting obligations under the Companies Act, 2013 and the nature of its statements under the Companies (Auditor’s Report) Order, 2020.
Listed companies have an obligation to report to stock exchanges the initiation of a forensic audit (by whatever name it may be called), who is conducting the audit and the reasons for it, under subclause 17 of Clause A, Paragraph A, Part A of Schedule III of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015. This must be followed by intimation of the final forensic audit report. There is considerable debate about whether these regulations would cover privileged internal investigations, given that the objective of a privileged internal investigation is to provide legal advice, and a regulator exercising subordinate legislative powers cannot overrule the provisions of the Evidence Act, 1882.
There is much to be desired in the framework governing formal co-operation and hence the approach to internal investigations varies significantly from authority to authority. The Reserve Bank of India and the Securities and Exchange Board of India, for example, have been far more forthcoming in terms of encouraging internal investigations and giving credit for them, but the enforcement authorities have been less consistent with their approach.
Nevertheless, law enforcement and regulatory authorities have also started demanding internal investigation reports, which are not subject to legal privilege, and this evidences a major shift in policy.
Robust internal investigations hold significant legal value (from a defence standpoint) in terms of establishing co-operation and demonstrating that a company does not endorse misconduct.
The Evidence Act, 1882 is central to the preservation of privilege, coupled with lawyers’ duty to protect their clients’ interests as per the Advocate Act, 1961 and the Bar Council of India Rules. The jurisprudence governing privilege is not as evolved as it is in some countries and the extent of privilege coverage by internal investigations is yet to be judicially tested. Privilege would not apply to original documents held with external counsel or communications made in furtherance of illegal purposes or offences discovered in the course of advising a client.
Privilege waiver would be the prerogative of the client. Indian law has, by way of precedent (Bombay High Court in Larsen & Toubro Limited v. Prime Displays (P) Ltd) recognised privilege on legal advice and work-product created in anticipation of litigation. Communications with in-house counsel would not be legally privileged on account of the Supreme Court of India’s decision in Satish Kumar Sharma v. Bar Council of Himachal Pradesh, in which it was held that in-house lawyers, being employees of a company, do not retain their privileges under the Advocates Act, 1961 and thereby the Evidence Act.
Therefore, to avail of the protection of legal privilege, a client would need to engage external counsel (licensed to practise in India) and ensure that the end objective of the internal investigation is to seek legal advice. Furthermore, any forensic accountants or other experts necessary for conducting the internal investigation should be engaged through external legal counsel rather than directly by the client.
The holder of legal privilege would be the company or the client. There is no difference when the client is an individual or a corporation, with the waiver of privilege being solely the prerogative of the client (see question 38).
Legal privilege does not extend to communications between a company and its in-house legal counsel (see question 38).
Foreign lawyers are not allowed to practise law in India, a position that was reaffirmed by the Supreme Court of India in Bar Council of India v. A K Balaji.
In general, legal privilege would extend to communications with foreign lawyers so long as the advice sought was on a matter of foreign law and the advice would be privileged in that jurisdiction.
The co-operation framework is not formally defined and is ad hoc. In the absence of a formal framework to settle charges of misconduct, decisions on waiver need to be weighed first with respect to the strategic merit (such as if the company is a victim of fraud) and the extent of incrimination (if any), followed by the informal co-operation credit that may be derived (see also question 38).
Privilege is deemed automatically waived if a client calls their attorney to depose as a witness or if the communication is made for illegal purposes (see question 38).
The Evidence Act contemplates waiver of attorney–client privilege, though only in entirety with express consent of the client (and not in limited aspects). This position has been reiterated by the Supreme Court of India in 2022 (Reliance Industries Limited v. SEBI) wherein the Court held that selective disclosure cannot be countenanced in law and amounts to cherry-picking.
This matter has not been judicially tested and, therefore, the jurisprudence is limited. The Evidence Act’s position on waiver of privilege requires consent of the client and discourages partial or limited waiver. Therefore, it remains to be seen whether Indian courts, enforcement authorities and regulators will uphold limited waiver in another jurisdiction (even if it is allowed in that jurisdiction). In our view, this is unlikely.
Common interest or joint defence privilege has not been judicially tested nor legislatively defined in India.
Privilege would extend to all third parties who assist a lawyer in the provision of legal advice. These would include clerks, interpreters, experts, accountants and others, provided they have been engaged by legal counsel. Privilege would not vest with third parties for tasks they perform for the same client, if the end purpose is not the provision of legal advice at the instruction of legal counsel.
There are no legal restrictions to conducting witness interviews as part of internal investigations. In fact, an internal investigation without witness interviews would hold little value before the courts or enforcement and regulatory authorities.
The privilege jurisprudence in India is limited. Generally, privilege would apply to interviews with company employees conducted by external counsel, rather than in-house counsel (to whom privilege does not extend). Privilege would not apply when the interviewee is a third party.
Work-product prepared to document interviews, however, would need to be nuanced. Since a witness interview does not constitute providing legal advice per se, a verbatim transcript of an interview may be discoverable, whereas external counsel’s impressions of the interview would remain privileged.
There are no express legal requirements that need to be adhered to. However, it is prudent that communications with interviewees are clear and that persons accused of misconduct are given a fair opportunity to present their version of events.
Interviewees should be informed of the following:
It is advisable to conduct interviews in a respectful manner and, in general, there would be low tolerance of aggressive interviews, which may expose a company to unnecessary liability, and divert corporate energy and managerial time from key issues.
In general, interviews would be conducted by external legal counsel either in person or virtually, depending on the risk profile and investigation strategy.
Investigations are deeply disruptive anywhere in the world and India is no exception; hence, it is advisable for the investigating teams to be well prepared for interviews, both logistically and in terms of the subject matter. It would be common practice to put forth all relevant evidence and to allow the interviewee to provide detailed comments about it.
Courts in India have generally taken the position that, for internal inquiries (in the context of government companies), witnesses may not have their legal advisers present at an interview. The same position is generally followed by most private companies, although it would entirely be the company’s prerogative to allow employees to have their legal advisers present at an interview. If a non-government company wishes to refuse to permit the presence of a legal representative, it would be within its rights to do so.
There is no affirmative legal obligation to disclose misconduct by non-publicly traded companies for typical white-collar crime offences. There is a duty to promptly report certain classes of offences under the Indian Penal Code, 1860, which are specified in section 39 of the Criminal Procedure Code, 1973. However, the most commonly brought white-collar criminal offences do not fall within the purview of section 39. Therefore, public disclosure and engagement with law enforcement authorities becomes a strategic decision based on the facts of the case.
A company’s statutory auditor has certain legal obligations to report fraud to the Government of India under the Companies Act, 2013 (CA 2013) when the quantum of fraud is more than 10 million rupees, and to make statements on fraud under the Companies (Auditor’s Report) Order, 2020. The definition of fraud is broad under the CA 2013 and would include most white-collar crime offences (bribery, money laundering, forgery, manipulation of books and records, etc.).
Listed companies have an obligation to report to stock exchanges the initiation of a forensic audit (by whatever name it is called), who is conducting the audit and the reasons for it, under subclause 17 of Clause A, Paragraph A, Part A of Schedule III of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015. This must be followed by intimation of the final forensic audit report.
In the same vein, public procurement contracts typically have integrity pacts, or integrity clauses, whereby both parties (the government entity and the company) make representations not to engage in bribery. These clauses also mandate the disclosure of previous transgressions anywhere in the world for a specified period. The standard for when a disclosure is to be made is the subject of debate, since it is a matter of administrative and contract law as to whether the preponderance standard would apply based on when the company becomes aware, or whether the criminal standard for the offences should be used, which would be decided upon conviction or submission of formal charges.
Finally, all companies are required to ensure that their books and records accurately describe all transactions and as such represent a true and fair picture of their position. Internal investigation findings that note misconduct may affect the books and records, which would require rectification of entries. Since all financial statements must be filed with the Registrar of Companies, the submission of financial statements containing such rectifications may result in inadvertent disclosure to the authorities.
Self-reporting would need to be carefully evaluated based on the facts of the case and the merits thereof, given the lack of formal credit and the likelihood of protracted law enforcement actions. Circumstances in which self-reporting may be considered include:
Similarly, self-reporting outside India would be based on evaluating the co-operation credit in the relevant jurisdiction and whether the credit outweighs the benefits of not reporting the matter in India, because a report in one country would typically require a report in the other. Consistency in engagement with regulators becomes key, as most Indian regulators and enforcement bodies regularly engage with their foreign counterparts.
In addition to a careful evaluation of circumstances and strategic merit, upon making a self-disclosure, the company should be prepared for:
All these elements would require a fair degree of preparation and careful calibration.
Typically, most responses to enforcement and regulatory bodies are in writing, by an authorised representative of the company who would also certify the accuracy of the data being submitted. Requests for an extension of the deadline or highlighting the irrelevance of a request may first be made in writing and subsequently through judicial recourse (via appeals to the relevant courts), if no headway is made.
Once an investigation commences and prior to charges being brought, a company would be able to formally engage with law enforcement or regulatory authorities and make submissions in writing or in person. Such requests are typically not denied and would become part of the record of the matter, thereby enabling the company to fall back on the same in subsequent proceedings. Legally, not every investigation needs to culminate in formal charges being brought and if the authorities are satisfied that no offence is established or no breach of regulation has occurred, they may close the investigation.
All investigations, inspections and inquiries by any law enforcement or regulatory body may be challenged before the courts in India. The facts of each case would outline the type of challenge and at what stage it is being brought and also whether it would be before the jurisdictional court or tribunal or the high court (via writ jurisdiction).
Responses to all notices and summons (subpoenas) would typically be both in writing and by physical attendance, if so mandated.
In terms of responding to foreign regulators, apart from jurisdictional factors, a consistent and strategic approach needs to be evaluated. If the principal matter is in India and there is more co-operation with a foreign regulator, that would be viewed adversely in India. Similarly, it becomes imperative to highlight to foreign regulators the restrictions that Indian law may impose on sharing case information or that certain matters may be outside the foreign regulator’s jurisdiction. A key guiding factor remains to avoid scope and jurisdiction creep either by Indian or foreign regulators in multinational investigations.
If the materials are relevant to the Indian investigation and fall within the jurisdiction of the enforcement authority or regulator, then the request would need to be complied with, if it is possible for the company to collect the requested materials. However, the jurisdiction hook would be key and if there are restrictions on the sharing of such materials because the Indian company does not have privity, for example, or it belongs to another legal entity (over which the Indian entity does not exercise control), or there are other legal considerations such as violations of foreign law, then these would all be valid grounds to communicate to the authorities as well as the courts if the need arose. In any event, the grounds should be founded in law and not perfunctory objections, which would be viewed adversely.
In other words, India is not as aggressive as certain countries in expecting a company to violate laws of foreign countries to demonstrate co-operation.
Indian law enforcement authorities and regulators regularly engage and co-operate with their foreign counterparts.
The governing framework would be through the respective mutual legal assistance treaties, memoranda of understanding or co-operation, international conventions to which both India and the other country are signatories and letters of intent between regulators. Requests are typically issued and received through letters rogatory (letters of request).
In criminal matters during the pendency of an investigation and at trial, the court becomes the ultimate custodian of evidence for onward sharing with third parties. Third parties would need to seek the permission of the court before being provided access, and permission would not be provided without hearing both the prosecutor and the defence. The sharing of information between Indian enforcement authorities per se would not require such a process.
On the regulatory front, confidentiality obligations are associated with inspections, inquiries and investigations, which may be limited to no disclosure until the final report is prepared, or even after that, to enable a safe harbour for communications between a regulator and regulatee.
Further, even for information sought by members of the public under the Right to Information Act, 2005, there are exceptions that enforcement and regulatory bodies need to follow, including when handling third-party information (i.e., by providing notice to a third party and evaluating responses to that notice).
We would engage with the Indian law enforcement authority and advocate that the request is outside the purview of the company as it violates the sovereign laws of another country. If needed, we would take the matter before the jurisdictional court or high court (via writ jurisdiction).
There are certain confidentiality requirements that companies need to adhere to, but as a general rule they would not apply to requests from Indian enforcement or regulatory authorities. For requests from foreign authorities, which would involve a breach of the confidentiality provisions, a request to the respective regulator would need to be filed before any information is shared. If that is denied, the request would need to be challenged with the foreign regulator.
There would be no legal distinction per se between materials produced voluntarily or in furtherance of a notice or summons (see also question 59).
White-collar crime is viewed very seriously and would involve fines or penalties for companies, and imprisonment or fines and penalties, or both, for officers and directors. From a criminal law standpoint, fines and penalties are nominal (with the exception of the Companies Act, 2013, under which fines of up to 1 per cent of the company’s turnover are stipulated) when compared with other countries, such as the United States. However, terms of imprisonment can be up to 10 years.
The concept of proceeds of crime under the Prevention of Money Laundering Act, 2002 allows a wide ambit in terms of what the proceeds of crime were used for and allows for forfeiture of assets following the trial, and attachment of the assets (including freezing of bank accounts) before trial.
Pretrial arrest is becoming more and more common in cases of white-collar crime and bail is exceptionally hard to secure. Therefore, any appreciation of the penalties and sanctions of criminal law must also consider the pretrial phase.
Regulatory and tax fines and penalties are significantly more than for core criminal law breaches, and carry offence multipliers and the ability to disgorge profits and base calculations on the company’s turnover. Regulators, specifically the Reserve Bank of India and the Securities and Exchange Board of India (SEBI), have also laid down a fit and proper criterion for senior management for their key regulatees, such as financial institutions, mutual funds and credit rating agencies, among others, where adverse findings or remarks (even for less egregious offences or conduct) may affect an individual’s ability to hold senior management positions, when regulatory approval is sought.
There are additionally fines and penalties for non-compliance with laws, which are payable by both companies and officers or directors under whose supervision the event of non-compliance occurred. As such offences are minor, they are rarely prosecuted but instead are compounded.
It is imperative first to highlight to the foreign authority the nature of the proceeding in India. For example, suspension and debarment would typically be an administrative proceeding and findings would not meet the burden of proof envisaged under criminal law.
Typically, Indian authorities do not place embargoes on settlements in other jurisdictions. However, differing levels of co-operation or more information being shared with a foreign authority than an Indian authority would adversely affect the proceedings in India.
Similarly, timing also becomes key. If a suspension or debarment is imminent, the information and description of the misconduct in the settlement outside India may result in accelerating the Indian sanctions or a more aggressive view being taken, given the likely media coverage and the intangible pressures of inter-jurisdictional rivalry.
The foregoing notwithstanding, settlements under the SEBI (Settlement Proceedings) Regulations, 2018 are made on the basis of no admission of guilt or liability, with express requirements not to deny the allegations, failing which the settlement may be revoked. In such circumstances, the advocacy posture outside India would need to be carefully calibrated and the risks of denying allegations weighed.
The fixing of penalties in criminal matters is significantly driven by the gravity and consequences of the offence, intent, benefits derived from the misconduct, seniority of the individuals, attempts to cover up facts, destroy evidence or influence witnesses, co-operation and conduct during the investigation and trial. Co-operation is a key element in sentencing.
Likewise in regulatory matters, the seriousness of the breach, market impact, voluntary disclosure and the quality of evidence presented during co-operation are all key factors.
The standards of appreciation of evidence vary between criminal and regulatory matters, where for the former it is ‘beyond reasonable doubt’ and for the latter it is preponderance or being more likely than not. The relevant standard is also a key factor in the adjudication of fines and penalties.
In general, the Indian criminal justice system does not allow co-operation agreements in the nature of deferred prosecution agreements or non-prosecution agreements. Typical white-collar criminal offences cannot be settled or compounded (except in the case of cheating and breach of trust with the leave of the court) nor is there any plea bargaining.
The Securities and Exchange Board of India (SEBI) allows for formal settlements under the SEBI (Settlement Proceedings) Regulations, 2018, where the underlying alleged violation of securities law does not result in fraud or market-wide impact.
From time to time, the Income Tax Department may announce one-off settlement schemes for both direct and indirect taxes, of which tax assessees may avail. However, these schemes are not amnesty schemes per se, as even though the one-off settlement would address the tax component and provide immunity from further fines and penalties, it would not extend to other related criminal offences.
Similarly, the Competition Act, 2002 and the Competition Commission of India (Lesser Penalty) Regulations, 2009 allow for leniency to a member of a cartel who has co-operated with the authorities. This constitutes co-operation credit rather than a settlement or decision not to prosecute.
In 2020, the Confederation of Indian Industry (India’s principal trade association) placed recommendations before the Government of India to decriminalise 37 laws affecting businesses and to consider revamping settlement schemes by introducing deferred prosecution agreements.
Not applicable (see question 66).
As outlined in question 66, the settlement regime in India is limited, with the key custodian being SEBI under the SEBI (Settlement Proceedings) Regulations, 2018. These regulations, in prescriptive detail, lay out a mechanism for calculating the settlement amount and all the relevant factors that SEBI would consider while evaluating a settlement, such as co-operation during an inspection, investigation or inquiry, remediation actions, restitution of investor losses, actions against errant employees or bars on companies having previous settlements for defined periods, among other things.
India does not have a monitoring regime as, for example, in the United States. However, regulatory bodies (especially the Reserve Bank of India and SEBI) may mandate, from time to time, certain professionals or professional firms (typically chartered accountants) to carry out certain inspections, forensic examinations or assessments of regulatory compliance. Reports in such cases are required to be shared with the regulators and to be reviewed by a company’s governance bodies.
Private action is allowed and is a common practice in India in both criminal and civil matters. On the criminal side, it may be to initiate an investigation or to assist the court (if an investigation has already commenced) by way of intervening rights. On the civil side, actions may be for recovery of losses or to seek damages, among other things.
In terms of access to files, once a criminal prosecution commences, the records can only become available with the leave of the trial court.
All court proceedings for white-collar criminal offences and regulatory matters are public and, therefore, there is no bar on attendance. Reporting is required to be factual and courts sometimes sanction journalists for incorrect reporting. Access to court records would be by leave of the court and not a matter of right, except in respect of judgments and orders, which are public and available on the designated websites.
Parties may seek directions from the court to keep certain documents under sealed cover or to not allow for their circulation, as well as to direct enforcement authorities to address the press only through formal statements.
At the investigation stage, enforcement authorities are not barred from speaking to members of the press and the key document (i.e., the first information report, which is the first document that the authorities prepare, and sets the criminal law in motion) is a public document. Press reporting on arrests, search and seizure, and on the first information report is common.
Managing corporate communications is a key component of crisis response in India and companies do regularly engage public relations firms. It becomes critical for public relations firms to work closely with external counsel and a company’s management, to ensure consistency in communications and to avoid statements that may prejudice the proceedings.
Typical actions that companies would take are to have proactive and reactive statements ready for adverse events; designate spokespersons; train employees to avoid inadvertent statements being made and to funnel all communications through designated spokespersons; monitor press reports, and social and digital media; and carefully calibrate all corporate announcements (howsoever unrelated to the enforcement action, internal investigation or allegation) to avoid mixed or tone-deaf messaging.
It would be atypical to run an aggressive media campaign in India during proceedings as this would not be appreciated by the courts. Strategies therefore become far more reactive, with a wait-and-watch style, as opposed to being proactive – unless the situation demands it.
Standard actions as outlined in question 72 would be carried out throughout the course of the proceedings.
The settlement regime in India is limited. A settlement under the Securities and Exchange Board of India (Settlement Proceedings) Regulations, 2018, once published, would become reportable to the stock exchanges.
The ESG space is nascent in India and is not regulated by a single statute but carries traditional enforcement under the respective environmental, social and corporate governance laws.
The Ministry of Corporate Affairs (nodal authority for regulating companies) has also been proactive in issuing guidelines from time to time, including Voluntary Guidelines on Corporate Social Responsibility in 2009; National Voluntary Guidelines on Social, Environmental and Economic Responsibilities of Business in 2011; and National Guidelines on Responsible Business Conduct (NGRBC) in 2019. With these, India has been demonstrating its commitment to the United Nations Guiding Principles on Business and Human Rights and Sustainable Development Goals.
In 2021, the Securities and Exchange Board of India (SEBI) amended Regulation 34(2)(f) of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 and issued guidelines for the top 1,000 listed entities (by market capitalisation) requiring them to mandatorily disclose and report on their performance against the principles of the NGRBC in the Business Responsibility and Sustainability Report (BRSR) framework. Although the BRSR was voluntary for the financial year 2021–2022, it is mandatory for financial year 2022–2023 onwards.
In April 2021, the Reserve Bank of India became a member of the Network of Central Banks and Supervisors for Greening the Financial System to contribute to the global efforts on green financing.
India has been making concrete steps in the ESG regulatory sphere in the past few years and regulators have been giving greater impetus to ESG norms.
For instance, the Sustainable Finance Group under the Department of Regulation of the Reserve Bank of India (RBI) was formed to spearhead initiatives and efforts in the areas of climate risk and sustainable finance and to help in developing the RBI’s regulatory and supervisory approach in those areas.
Similarly, SEBI has released a consultation paper, titled Introducing Disclosure Norms for ESG Mutual Fund Schemes (2021), which sought comments from the public regarding the disclosures that must be made by asset management companies that have launched equity schemes in the ESG space. Another consultation paper, titled Environment, Social and Governance (ESG) Rating Providers for Securities Market, was released (2022) to seek comments from the general public on a suitable regulatory framework to regulate ESG rating providers (ERPs), owing to the rise in demand from investors for evaluation and rating of ESG-related parameters by ERPs.
Enforcement actions and litigation have been in respect of traditional offences as stipulated in the respective statutes and, in general, enforcement activity has been high. Cases involving governance have been the highest, although we have noted some strong actions in the environment space as well. Most notably, the National Green Tribunal directed the payment of 500 million rupees by LG Polymers (in 2020) for causing the death of 11 people owing to a gas leak at their plant. Environmental regulators, such as the Central Pollution Control Board, have also devised formulas to calculate penalties payable by companies for non-compliance. These penalties are either levied on a per-day basis (commencing from the instance of misconduct) or compounded to a lump sum payout of amounts up to 20 billion rupees.
Given the aggressive enforcement backdrop, we are likely to continue to see jurisprudence evolving on matters involving corporate criminal misconduct, especially regarding bail, powers of the Directorate of Enforcement and the interplay between the Prevention of Money Laundering Act, 2002 and other statutes.
Legislatively, all eyes will be on the Data Bill, and from a regulatory standpoint, a lot is expected from the new leadership of the Securities and Exchange Board of India (SEBI). Interesting developments worth watching are SEBI consultation papers (which provide a preview of regulation or rule framing), especially reviewing regulatory provisions pertaining to independent directors; the introduction of accredited investors; and shifting the concept of ‘promoter’ to ‘person in control/controlling shareholder’ (keeping in line with the downward trend of shareholding held by promoters with respect to the top 500 listed entities and the rise of shareholding of institutional investors).
Apart from the measures undertaken by SEBI, the Company Law Committee has submitted its third report to the Ministry of Corporate Affairs (March 2022), suggesting various changes to the Companies Act, 2013 (CA 2013) and the Limited Liability Partnership Act, 2008, including empowering the National Financial Reporting Authority (under section 132 of the CA 2013) to take actions against auditors for non-compliance with the CA 2013, strengthening the audit framework, clarifying the tenure of independent directors, facilitating e-enforcement and e-adjudication, among other things. It remains to be seen which of these recommendations will be implemented in 2023.
[1] Sherbir Panag is a partner and Tanya Ganguli and Lavanyaa Chopra are principal associates at Law Offices of Panag and Babu.
posted 1 day ago
posted 2 days ago
posted 2 days ago
posted 2 days ago
posted 5 days ago
No results available
ResetFind the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.