Our Slovak company is a subsidiary of a US-based parent company. Our core business is the global distribution of goods. The parent company has adopted compliance policies and wishes them to be applied across its European subsidiaries, including the Slovak one. The parent company has asked us to localise the global compliance policies, with a particular focus on the anti-money laundering (AML) policy. By implementing the AML policy across its European subsidiaries, the parent company hopes to reduce the number of payments blocked by banks – especially payments received from Africa and Asia, and to ensure that the group as a whole is perceived as more trustworthy. By localisation we mean adapting the policies to European, and where appropriate Slovak, conditions, and amending or supplementing them so that they meet EU and Slovak standards. Corporate compliance policies typically include an AML Policy, an Export Control Policy, an Anti-Bribery Policy, and a Data Protection Policy. Should all of these policies be localised? How should this be done? And if we do not want to handle the localisation internally, who should we outsource it to?
Compliance policies are a subset of internal policies. Internal policies regulate how employees and contractors of a company are expected to act and behave in specific situations arising as part of the company’s business activities. Internal policies are based on applicable legislation the company must comply with and the company’s culture. Even if not legally obliged to follow certain procedures, companies often voluntarily introduce policies derived from legislation and require their employees and contractors to comply with them. Companies do this because they want to promote a certain corporate culture or because they want to stay one step ahead and be prepared for legal obligations that may apply to them in the future.
Introducing internal policies can be important for a number of reasons. First and foremost, they help ensure that the company operates in the way envisaged by its owners – whether in relation to how the business itself is conducted (work procedures), how company representatives behave externally (codes of conduct), or how the company communicates about its products (marketing policies).
Internal policies may also be relevant in the context of employment law. Under the Slovak Labour Code, one of the essential obligations of employees is to “comply with legal regulations and other rules relating to the work performed by the employee, provided that they have been duly informed of them”. The term “other rules” includes the internal policies adopted by the employer and properly communicated to employees. If employees fail to comply with internal policies, the employer may terminate their employment for breach of work discipline. Internal policies are therefore one of the key tools for ensuring that employees act in the manner defined by the employer.
Implementing internal policies can also help prevent undesirable practices, improve the company’s reputation, and strengthen its credibility vis-à-vis banks, potential investors, regulatory and supervisory authorities. This appears to be the objective pursued by your parent company.
In principle, there are two main approaches to localising corporate internal policies.
The first approach is to keep the core wording of the policies as adopted by the parent company and supplement them with a “local addendum”. In this local addendum, you should specify which parts of the global policy apply as a group standard in the Slovak subsidiary, which parts must be complied with due to Slovak legislation (including specific procedures required by Slovak law), and how issues will be handled in practice in Slovakia if a problem is identified. The local addendum should clearly indicate what employees are expected to follow. If the entire corporate policy, together with the addendum, applies, this should be explicit. If certain parts of the corporate policy are not relevant for local employees, this should also be clearly stated.
The second option is to rewrite the corporate policies and fully adapt them to local conditions. This may be particularly appropriate for an AML policy. In Slovakia, such a policy would typically be referred to as a “Programme of Internal Activities Aimed at the Prevention of Money Laundering and Terrorist Financing”. However, this applies only if the Slovak subsidiary qualifies as an “obliged entity” under Act No. 297/2008 Coll. on the Prevention of Money Laundering and the Financing of Terrorism (the AML Act). The definition of an obliged entity is set out in Section 5 of the AML Act and depends on the nature of the activities performed. If your company is not an obliged entity, you are free to name the policy as you wish (for example, Anti-Money Laundering Policy) and you are not required to follow the content requirements defined by the AML Act.
Which regulations apply to your company, and what should be included in localised internal policies, depends on the nature of your activities. If you are an obliged entity under the AML Act (such as when you provide asset management services or certain other corporate services), it is usually more appropriate to prepare a standalone local AML policy – i.e. a programme of internal activities – rather than a local addendum to the global corporate policy. While group policies may be taken into account, primary consideration should be given to the requirements of the Slovak AML Act. Unfortunately, in relation to anti-money laundering policies it is not possible to rely on a single “European” internal policy. If you are an obliged entity, each EU Member State has its own specific AML rules, and a separate local policy must be prepared for each European subsidiary. This also applies to Czech and Slovak subsidiaries, as the Czech AML legislation differs from the Slovak AML Act in several respects.
There is no universal rule for localising all corporate internal policies. It is necessary to review the global policies, consider how they will work in relation to the specific activities of the local company, identify applicable local legislation, and assess the risks arising from non-compliance. You should also take into account the company’s actual processes in Slovakia, how employees conduct business in practice, and whether it is necessary to comply with all regulatory requirements applicable in a given area. Otherwise, you may end up with overly strict internal policies that unnecessarily complicate day-to-day operations.
If you are considering outsourcing the localisation of internal policies, the most suitable service providers are law firms – ideally those that explicitly offer compliance or regulatory compliance services. Compliance specialists will understand what localisation of compliance policies involves. With their assistance, you should first identify what you want to achieve by localisation and then agree on the scope of work. Localisation of internal policies can be priced as a fixed-fee project. An experienced law firm should be able to provide a clear cost estimate, provided that you share the global corporate policies to be localised, sufficiently describe your business activities, and agree on the localisation approach in advance.
