Long arm of the law: the cross-territorial application of overseas legislation

Picture: © Depositphotos.com/izakowski

Global reach

As part of their overall risk management, companies in Kazakhstan should look beyond national borders and rules to ensure they comply with the full suite of regulations applicable to them, so reducing their risk of exposure to international sanctions and a negative impact on their reputation. Legislation emanating from the United States, UK and Europe in particular could apply.

In summer 2017, the U.K. Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 came into effect. These Regulations implement the European Union’s 4th Anti-Money Laundering Directive into UK law. These rules do not represent a major overhaul to the previous regime but they do introduce more detailed requirements regarding their global reach. They apply to a relevant person carrying on business in the UK and its subsidiaries, including those subsidiaries located outside the UK and any branches carrying out an activity which falls under the new regime. Different rules apply as to whether the overseas office is within Europe or in a third country.

The Richest Terror Organizations in the World

Follow the money: where do the richest terror organizations in the world ge... →

Self-policing mechanisms

Governments are increasingly introducing self-policing mechanisms by imposing corporate criminal law obligations, which are direct obligations on companies themselves to introduce preventative measures. Those companies could be faced with a criminal conviction and unlimited fines for failure to do so.

In the wake of the Panama Papers saga, the U.K. announced that it would legislate to hold companies criminally liable, for failing to stop their employees facilitating tax evasion. The legislation has now been enacted in the Criminal Finances Act 2017 which came into force on 30th September 2017.

The offence is the failure to prevent the facilitation of tax evasion, and businesses can be held criminally liable if their “associated persons” facilitate tax evasion by a taxpayer in the UK or overseas. An associated person includes employees but also extends to agents and subcontractors among others. The offences are “strict liability” which means that the management of the business do not need to know about, or even suspect that, the associated person is facilitating tax evasion; they will have committed the corporate offence unless they can show that they have put in place “reasonable preventative procedures” (essentially a robust compliance programme).

The Long and Winding Road to a Haircut

Default is back. Sovereign finances weathered a wrenching global recession ... →

Importantly, and as made clear in HMRC’s guidance on the legislation, where there is a UK tax evasion facilitation offence, it does not matter whether the relevant body is UK based or established under the law of another country, or whether the associated person who performs the criminal act of facilitation is in the UK or overseas. In such cases, the new offence will have been committed and can be tried by the UK courts.   The offence is typically relevant to organisations advising tax payers e.g. banks and other financial institutions, private wealth management firms, lawyers and consultancy firms. Beyond professional advisers, however, imagine a scenario in which, a foreign car parts manufacturer operating in the UK and overseas, enters into a sub-contracting agreement with a UK distributor. If the senior managers of the distributer create a false invoicing scheme with the assistance of a purchaser to allow the purchaser to evade UK taxes due on its purchase of the car parts in the UK, the foreign manufacturer may be at risk of committing the corporate offence if it does not have a clear compliance programme in place.

The legislation also introduces a foreign tax evasion facilitation offence which relates to evading payment of foreign (rather than UK) taxes. However, a pre-requisite for that offence is that the overseas jurisdiction must have firstly an equivalent tax evasion offence at the taxpayer level and secondly an equivalent offence covering the associated person’s criminal act of facilitation.

The offences set out above are modelled closely on the UK Bribery Act 2010 which came into force on 1 July 2011 and created new offences of significant scope and extra-territorial reach.

The Bribery Act offences apply not only to behaviour in the UK, but also potentially to behaviour by individuals and corporate bodies overseas. Some of the offences, for example active and passive bribery, apply to acts committed anywhere in the world by a person with a close connection with the UK (among others, a body incorporated in the UK or a British citizen or resident). Further, there is an additional corporate offence for commercial organisations which fail to prevent persons associated with them from committing bribery on their behalf. For this offence, the requirement for the person to have a close connection with the UK does not apply; so the offence may apply to a company incorporated overseas if that organisation carries on a business or part of a business in the UK, no matter where or by whom the acts are committed.

10 Predictions For The Next 5 Years Of Crypto

Bitcoin price prediction is just the start →

Ensuring compliance: the astounding reach of FATCA

Governments aren’t just looking to impose fines on those in breach of Western laws (sanctions which may ultimately not be enforceable in overseas countries) but they are also looking to more imaginative ways of achieving their aims.  The U.S. Foreign Account Tax Compliance Act (FATCA) generally requires that foreign financial Institutions and certain other non-financial foreign entities report on the foreign assets held by their U.S. account holders or be subject to withholding on withholdable payments. Unless otherwise exempt, FFIs that do not both register and agree to report, face a significant withholding tax on certain U.S. source payments made to them.

Beyond anti-corruption

Stepping outside the white collar crime space, the European Union General Data Protection Regulation (commonly known as the GDPR) will take effect on 25 May 2018. The GDPR marks a significant expansion of the territorial scope of the EU data protection regime, bringing a large number of overseas businesses within its reach.

Data controllers or processors established outside the EU who are processing personal data in relation to the offering of goods or services to individuals in the EU or monitoring their behavior (in the EU) will be caught by the data protection requirements of the GDPR. So, for example, if a Kazakhstan internet company is offering products or services on its website, in an EU currency and in an EU language, or explicitly targeting EU customers, then they will be caught and if non-EU companies are “cookie-profiling” i.e. using persistent cookies to track a user’s overall online activity on the website, this will be considered processing personal data to monitor behaviour.

Importance of a robust risk-assessment and compliance programme

In certain cases, the link to the country of origin may be almost imperceptible so it is important to carry out a thorough risk analysis to assess the full extent of legislation which may apply (this article only touches on some) and the extent to which stringent compliance procedures should be put in place. The approach to compliance may ultimately be very similar for the varying pieces of relevant legislation so a holistic approach to compliance is advisable. 

Caroline Armitage, English law Counsel and Senior Legal Adviser for Deloitte Legal in Kazakhstan