Financial Crime World

Corporate Risk and Compliance Management in Russia

Overview

Russia’s corporate risk and compliance management landscape is complex, with various liabilities and obligations applicable to governing bodies, senior management, and organizations as a whole. In this article, we will explore key points regarding corporate risk and compliance management in Russia.

Liability for Breach of Risk and Compliance Management Obligations

  • Civil Liability: Members of governing bodies and senior management can face civil liability for breach of risk and compliance management obligations. They may be directly liable to the company and indirectly liable to shareholders for actions performed in bad faith or unreasonably against the interests of the entity.
  • Administrative Liability: The CEO and responsible members of management also bear personal administrative liability for a sufficient number of administrative offences. This may entail fines, dismissal, or disqualification.

Criminal Liability

Under the Criminal Code of the Russian Federation, any person governing the activity of an entity can be held criminally liable for violations of statutory provisions that constitute a criminal offence.

Compliance Defence

  • General Provisions: There are no specific provisions establishing compliance as a universal means of defence for liability. However, most applicable legal sources consider compliance measures performed by the entity or individuals as mitigating circumstances.
  • Recent Cases: Poor systems of compliance and internal control within organisations have been cited as grounds for withdrawing bank licences (e.g., JSC Regional Commercial Bank) or imposing fines (e.g., CJSC Grinn).

Government Obligations

Government entities, government agencies, and state-owned enterprises are expected to establish internal compliance management procedures and policies.

Digital Transformation

The risk and compliance management framework in Russia covers digital transformation, with a focus on the financial sector and Central Bank of Russia.

Key Statutory and Regulatory Differences

  • Public Sector vs. Private Sector: The key statutory and regulatory differences between public sector and private sector risk and compliance management obligations in Russia lie in the obligatory nature of rules prescribing compliance and internal control measures in the public sector.
  • Adoption by Private Entities: While adoption of such measures is not yet obligatory for private entities (except credit organisations and related entities), they are considered essential in maintaining a strong governance framework.