Companies’ Compliance Obligations: Is it Limited to the Law on the Protection of Personal Data?

The Law on the Protection of Personal Data is one of the most discussed and debated issues recently. This issue is so popular that it is as if companies should only comply with this law! However, that is not the case.

Companies are obliged to comply with all relevant laws, regulations, and internal rules. This obligation is simply the obligation to act by the law.

On a broader interpretation of the compliance obligation, in addition to compliance with laws and regulations, compliance with ethical rules, corporate governance principles, and contracts to which a company is a party, could also be considered in this scope.

Nowadays, compliance is gaining more importance. There are countless laws and regulations, regulatory and supervisory authorities monitor compliance with specific rules, and they apply high fines and other deterrent administrative sanctions in case of failure to comply with these regulations. The ideal approach is to abide by the rules without any threat of punishment, and the most sustainable way of doing this is to create a culture of compliance. This compliance culture should first be formed at the board of directors’ level and then extended to the managers and employees.

Significant Regulations

The critical international regulations that companies need to consider in terms of compliance can be summarized as follows:

International Regulation

The Contracting States /
Jurisdiction in General

UN Convention against Corruption

186 states

OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions

OECD states, Argentina, Brazil, Bulgaria, Colombia, Costa Rica, Peru, Russia, and South Africa

US Foreign Corrupt Practices Act

Natural and legal persons of US nationality, persons residing in the US, companies listing their securities in the US, certain foreign securities issuers, foreign companies, and persons who directly or through their representatives cause such corruption to occur in the US territory

UK Bribery Act

Natural and legal persons of UK nationality, persons residing in the UK, foreign legal persons doing business in the UK or conducting part of their business in the UK

International sanctions

Companies should examine each specific sanction program separately


These regulations are of immediate concern to companies engaged in investments and businesses abroad.

As far as Turkish law is concerned, key regulations that companies need to consider in terms of compliance are as follows:

  • The Law on the Prevention of Laundering the Proceeds of Crime,
  • The Law on the Prevention of Financing of Terrorism,
  • Other criminal laws and regulations,
  • Tax laws and regulations,
  • Laws and regulations on the protection of the value of Turkish Lira,
  • Turkish Commercial Code and associated regulations,
  • Laws and regulations on the protection of competition,
  • Environmental laws and regulations,
  • Intellectual property laws and regulations,
  • Labor laws and regulations, and
  • Laws and regulations on the protection of personal data.

As per these and other industry-specific regulations, the central authorities that can impose administrative sanctions are as follows:

  • The Competition Authority,
  • The Capital Markets Board,
  • The Banking Regulation and Supervision Agency,
  • The Energy Market Regulatory Authority,
  • The Information and Communication Technologies Authority,
  • The Radio and Television Supreme Council,
  • The Public Procurement Authority, and
  • The Personal Data Protection Authority.

Risks, Rewards, and Savings

In addition to the risk of criminal and administrative sanctions, there are legal risks that companies may face because of violating their compliance obligations. Examples of legal risks are lawsuits of compensation, termination of contracts, loss of reputation, loss of credit rating, depreciation of the value of shares, and departure of decent employees from the company.

On the other hand, if companies respect their compliance obligations, they can prevent damages due to potential fines, compensation judgments, commercial losses, and administrative sanctions such as cancellation of licenses or prohibition to attend public tenders. Companies can also save time to deal with criminal or administrative proceedings, as well as potential legal costs and attorneys’ fees. Furthermore, the value of shares could rise, and opportunities for doing business with reputable investors and customers could increase.

Suggestions

Companies should see compliance holistically. So, critical suggestions would be as follows:

  • Initiate a unique compliance program considering the industries in which the company is active,
  • Develop systems for early detection of risks,
  • As the management, take the lead in compliance efforts,
  • Train employees,
  • Strengthen the communication between the management and employees, and
  • To increase the compliance function’s effectiveness, ensure that the compliance officer or advisor directly reports to the board of directors.

Lastly, take all these actions aiming at a well-managed company, not for keeping with a specific law’s deadlines!

Av. Müge Önal Başer, LL.M.

 

References

  1. This blog post is the revised version of my blog post published on https://turkishlawblog.com/read/article/187/compliance-with-the-law-on-the-protection-of-personal-data-is-surely-important-how-about-other-regulations-that-turkish-companies-should-comply-withg.
  2. UN Convention against Corruption, 2004, https://www.unodc.org/documents/treaties/UNCAC/Publications/Convention/08-50026_E.pdf (last visited 14 December 2019).
  3. Signature and Ratification Status, UN Convention against Corruption, 26 June 2018, https://www.unodc.org/unodc/en/corruption/ratification-status.html (last visited 14 December 2019).
  4. OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, 2011, http://www.oecd.org/daf/anti-bribery/ConvCombatBribery_ENG.pdf (last visited 14 December 2019).
  5. Signatory Countries, the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, http://www.oecd.org/corruption/oecdantibriberyconvention.htm (last visited 14 December 2019).
  6. Ratification Status, OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, May 2018, http://www.oecd.org/daf/anti-bribery/WGBRatificationStatus.pdf (last visited 14 December 2019).
  7. Foreign Corrupt Practices Act, 03 February 2017, https://www.justice.gov/criminal-fraud/foreign-corrupt-practices-act (last visited 14 December 2019).
  8. UK Bribery Act, https://www.ganintegrity.com/portal/anti-corruption-legislation/uk-bribery-act/ (last visited 14 December 2019).
  9. Law No. 5549 on the Prevention of Laundering the Proceeds of Crime published in the Official Journal dated 18 October 2006 and numbered 26323.
  10. Turkish Commercial Code No. 6102, published in the Official Journal dated 14 February 2011 and numbered 27846.
  11. Law No. 6415 on the Prevention of Financing of Terrorism published in the Official Journal dated 16 February 2013 and numbered 28561.
  12. Law No. 6698 on the Protection of Personal Data published in the Official Journal dated 07 April 2016 and numbered 29677.
  13. The Extraterritorial Reach of the FCPA and the UK Bribery Act: Implications for International Business, March 2012, https://files.arnoldporter.com/advisory%20extraterritorial_reach_fcpa_and_uk_bribery%20act_implications (last visited 14 December 2019).
  14. Paslı, Ali: “’Compliance’ Kavramının Anonim Ortaklıklar Hukukundaki Anlamı ve Sorumluluk Sistemine Etkisi,” İstanbul Üniversitesi Hukuk Fakültesi Mecmuası 2013, V. LXXI, I. 2, p. 317-334.
  15. Yaşar, Tuğçe Nimet: “Şirketler Hukuku açısından ‘Compliance’ Kavramı ve Borsaya Kayıtlı Şirketlerde Uygulaması,” Ankara Üniversitesi Sosyal Bilimler Enstitüsü 2018, https://tez.yok.gov.tr/UlusalTezMerkezi/ (last visited 14 December 2019) (Unpublished Ph.D. dissertation).