This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

General context, key principles and hot topics

1 Identify the highest-profile corporate investigation under way in your country, describing and commenting on its most noteworthy aspects.

On 7 September 2022, the Taoiseach published the Commission of Investigation’s final report into the Irish Bank Resolution Corporation (IBRC) relating to a transaction involving the sale of building services group Siteserv to a company controlled by businessman Denis O’Brien at the height of the financial crisis. At the time of writing, the report is being laid before the Oireachtas and a Dáil debate will address the findings of the report. In summary, the report found that the sale of SiteServ was based on misleading and incomplete information provided by SiteServ to the IBRC and that the trans­action was not commercially sound. This investigation into the IBRC by the Commission of Investigation, connected to the collapse and subsequent winding down of Anglo Irish Bank plc, remains the highest-profile current corporate investigation in Ireland. When it was established, 38 transactions were within focus of the investigation, the Siteserv transaction being the first. The related trial of certain high-ranking banking executives concerning their conduct before the collapse was the longest criminal trial in the history of the state and resulted in penal sentences, which are rarely imposed in Irish business crime cases. This investigation is one of the most complex ever to have been carried out by the Garda National Economic Crime Bureau (GNECB) and concerns allegations of a €7.2 billion conspiracy to defraud.

In March 2021, the Central Bank of Ireland (CBI) fined J&E Davy, Ireland’s largest stockbroker, €4.13 million for breaches arising from personal account dealing and for failing to comply with its regulatory obligations. The transaction in question was in respect of a 2014 bond deal in which a consortium of 16 senior J&E Davy staff members purchased, and subsequently sold, bonds from a client without disclosing that they were the purchasers. In March 2022, the GNECB confirmed it was undertaking a formal criminal investigation into the matter.

The Office of the Director of Corporate Enforcement (ODCE) (now the Corporate Enforcement Agency (CEA), as of 7 July 2022) has been investigating the Football Association of Ireland (FAI) in respect of well-documented financial issues, which were referred to the CEA by the FAI’s statutory auditors. Although An Garda Síochána, the Irish police force, has not launched a criminal investigation into the FAI, the CEA investigation continues. Most recently, the CEA seized more than 280,000 documents from the FAI and has been engaged in long-running High Court proceedings with the FAI regarding legal professional privilege asserted by the FAI’s former chief executive regarding certain documents. In May 2022, the High Court concluded its hearing regarding the disputed documents.

The CEA has faced challenges, particularly regarding the pace of progress in investigations. White-collar crime investigations are typically complex and can take several years to complete. For example, the former charity Console was referred to the Director of Public Prosecutions (DPP) in May 2019. A pretrial hearing was scheduled for 2022, with the trial itself scheduled for January 2023. In this context, the Criminal Procedure Act 2021, which came into force on 28 February 2022, is a welcome development. The primary purpose of the Act is to provide for pretrial hearings, which should reduce delays in complex economic crime prosecutions.

2 Outline the legal framework for corporate liability in your country.

Corporations are separate legal entities and a company can be found liable for the criminal acts of its officers. Companies can be vicariously liable for the conduct of employees. When the doctrine of vicarious liability does not apply, the state of mind of an employee can be attributed to the company in circumstances in which the human agent is the ‘directing mind and will’ of the company, or when an individual’s conduct can be attributed to the company under the particular rule under construction. A company can also be guilty of a strict liability offence, which is an offence that does not require any natural person to have acted with a guilty mind, such as health and safety legislation infringements. The Criminal Justice (Corruption Offences) Act 2018 has also created a strict liability offence for companies in respect of corruption and bribery offences. Under section 18 of this Act, a corporate body can be guilty of a criminal offence if one of its officers, employees, agents, subsidiaries or persons purporting to act as such commits a corruption offence with the intention of obtaining or retaining business or an advantage for the company. The corporate has a defence if it can show that it took all reasonable steps and exercised due diligence.

3 Which law enforcement authorities regulate corporations? How is jurisdiction between the authorities allocated? Do the authorities have policies or protocols relating to the prosecution of corporations?

An Garda Síochána is the body with primary responsibility for the investigation and prosecution of crime in Ireland, with a specialist wing for dealing with complex economic crimes (the GNECB). Other law enforcement agencies, or regulators, with a focus on corporate offences and business crimes include (without limitation):

  • the newly established CEA, which monitors and prosecutes violations of Irish company law;
  • the Office of the Revenue Commissioners, which is responsible for the collection, monitoring and enforcement of tax laws. We expect to see an increase in revenue prosecutions arising from covid-related fraud;
  • the Competition and Consumer Protection Commission (CCPC), which is responsible for competition law and consumer protection and has been given new, increased enforcement powers under the Competition (Amendment) Act 2022;
  • the Central Bank of Ireland (CBI), which regulates financial institutions and, with the Department of Enterprise, Trade and Employment and the Department of Foreign Affairs, is responsible for the supervision and enforcement of EU sanctions (restrictive measures);
  • the Health and Safety Authority, which enforces occupational health and safety law; and
  • the Data Protection Commission (DPC), which is responsible for data protection law.

Generally, regulatory bodies are empowered to prosecute only (some) summary (minor) offences. The Office of the DPP is responsible for prosecuting criminal offences on indictment (serious) and summary offences. The DPP has no investigative functions. Cases can be referred by the relevant investigatory body.

4 What grounds must the authorities have to initiate an investigation? Is a certain threshold of suspicion necessary to trigger an investigation?

This will depend on the statutory basis for the investigation. For the most part, investigations are initiated on the basis of a complaint alleging that an offence has been committed. Some bodies can only initiate investigations following receipt of a complaint alleging that an offence has been committed, whereas others, such as the GNECB, the CBI and the DPC, can initiate investigations on their own initiative. Different factors and thresholds are relied on by different bodies. The GNECB relies on a variety of factors, such as monetary loss, the international or cross-border significance and the complexity of the issues of law or procedure that arise. In 2021, the ODCE received 201 complaints and directed 62 criminal charges against named individuals for offences, including fraudulent trading, theft and money laundering.

5 How can the lawfulness or scope of a notice or subpoena from an authority be challenged in your country?

A challenge could be initiated in the Irish courts through judicial review proceedings. Sometimes a compromise can be reached with the law enforcement agency on the scope of the notice. In certain circumstances it may be possible to get an interim injunction preventing the exercise of the notice, subpoena or warrant, or preventing the authority from using information already obtained, unless and until the court determines that the validity of the instrument is valid and enforceable.

6 Does your country make use of co-operative agreements giving immunity or leniency to individuals who assist or co-operate with authorities?

Irish law does not recognise plea bargaining or co-operative agreements. The decision to prosecute is at the discretion of the DPP and the courts have discretion in imposing sentences within the statutory minimum and maximum periods. Different regulatory authorities have different regimes, however.

7 What are the top priorities for your country’s law enforcement authorities?

The Irish government has a renewed focus on tackling white-collar crime, particularly following the establishment of the CEA. The Criminal Procedure Act 2021, effective as of February 2022, should provide efficiencies in the trial process.

In its Strategy Statement for 2022–2025, the CEA outlined its main priorities for its first three years. The top priority is ensuring that it has a solid foundation on which to discharge its statutory mandate in an effective manner. In achieving this aim, the CEA will prioritise building operational capability, effective advocacy and influencing and operating effective systems of proportionate and dissuasive enforcement.

The CEA will focus on the establishment of governance structures and the recruitment of suitably qualified and experienced staff. One of the authority’s key powers, in contrast to its predecessor, is the ability to hire its own staff, such as forensic accountants and other specialist investigators.

The CBI’s enforcement priorities for 2023 include, among other things, taking enforcement action where it sees serious instances of consumer or investor harm from the behaviour or failings of firms and individuals, reforming the fitness and probity regime and individual accountability (with the Central Bank (Individual Accountability Framework) Bill having been published in July 2022), the behaviour and culture of regulated entities, money laundering and counter-terrorism financing compliance.

8 To what extent do law enforcement authorities in your jurisdiction place importance on a corporation having an effective compliance programme? What guidance exists (in the form of official guidance, speeches or case law) on what makes an effective compliance programme?

It is vital for corporations to be seen to have an effective regulatory compliance and corporate governance programme. Under section 225 of the Companies Act 2014, company directors are required to include in their annual report a statement to confirm (1) the company’s policies in respect of compliance by the company with its relevant obligations under company law and tax law, (2) the putting in place of appropriate structures designed to secure material compliance with these obligations, and (3) that a review of the structures has taken place during the previous financial year. In addition, specific legislation imposes further obligations, such as Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)). Under the GDPR, companies are required to establish a data protection compliance programme informed by GDPR principles, including the appointment of a data protection officer, providing training to employees and conducting internal data audits and compliance reviews.

In terms of what constitutes an effective compliance programme, section 225 of the Companies Act 2014 provides that the structures put in place ‘shall be regarded as being designed to secure material compliance’ if these structures ‘provide a reasonable assurance of compliance in all material respects with those obligations’.

The Department of Finance published information on its own corporate governance framework in October 2019. This publication contains some commentary on what constitutes an effective governance framework. It noted that good corporate governance ‘provides clarity in relation to authority and responsibility, it supports effective decision-making and it identifies the assurance and accountability arrangements that exist within any organisation’.

The Corruption Offences Act 2018 provides corporates with a defence to the corporate liability offence under the Act if they can show that they took all reasonable steps and exercised due diligence to avoid the commission of the offence.

Cyber-related issues

9 Does your country regulate cybersecurity? Describe the approach of local law enforcement authorities to cybersecurity-related failings.

The European Union (Measures for a High Common Level of Security of Network and Information Systems) Regulations 2018 impose requirements on operators of essential services (OESs) and digital service providers (DSPs) to manage the risks to the security of network and information systems. OESs include operators within specified sectors, including energy, transport, banking, financial market infrastructure, health and digital infrastructure. DSPs are those who provide digital services, including online marketplaces, online search engines and cloud computing services. There is a centralised computer security incident response team in the Department of Communications, Climate Action and the Environment, which both OESs and DSPs must notify if there are incidents that have a significant or substantial effect on these services.

The Central Bank of Ireland may take enforcement action against any financial service provider whose failings in cyber­security cause it to breach its regulatory requirements.

10 Does your country regulate cybercrime? What is the approach of law enforcement authorities in your country to cybercrime?

The Criminal Justice (Offences Relating to Information Systems) Act 2017 was the first Irish legislation to specifically address the issue of cybercrime. The Criminal Justice (Theft and Fraud Offences) Act 2001 also provides that it is an offence to use a computer with the dishonest intention of causing a loss to another person. Cybercrime is investigated by the Garda National Cyber Crime Bureau, a specialist division of An Garda Síochána.

In 2021, the Irish Health Service Executive was the victim of a serious ransomware attack. The investigation into the attack continues to be led by the Gardai in collaboration with international law enforcement agencies, including Interpol and Europol.

Cross-border issues and foreign authorities

11 Does local criminal law have general extraterritorial effect? To the extent that extraterritorial effect is limited to specific offences, give details.

Ireland is bound by the EU’s European Arrest Warrant Framework Decision, as implemented in Ireland by the European Arrest Warrant Act 2003, under which arrest and extradition is coordinated among EU Member States. Legal assistance can be requested and provided by Irish authorities to law enforcement in other jurisdictions under the Criminal Justice (Mutual Assistance) Acts 2008 and 2015. However, Ireland will only allow extradition in circumstances where (1) a person has been charged with an offence (i.e., not for the purpose of merely investigating a criminal offence), (2) the offence is not a political offence, and (3) the offence does not carry the death penalty.

Other examples of extraterritorial jurisdiction are set out below.


The Criminal Justice (Corruption Offences) Act 2018 prohibits bribery offences occurring outside Ireland in two circumstances: (1) if an Irish person or company does something outside Ireland that, if done within Ireland, would constitute an offence under the corruption legislation, that person is liable as if the offence had been committed in Ireland; and (2) if an offence under the corruption legislation takes place partly in Ireland and partly in a foreign jurisdiction, a person may be tried in Ireland for that offence. There is no requirement that the offending act should also be an offence in the foreign jurisdiction where the offending act took place.

Money laundering

The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) (the CJ(MLTF) Act) sets out specific circumstances in which an action can be taken for money laundering occurring outside Ireland. If an individual or a company engages in conduct in a foreign jurisdiction that would constitute a money laundering offence both under the CJ(MLTF) Act and in that foreign jurisdiction, they can be prosecuted in Ireland. This extraterritorial jurisdiction may be exercised only if the individual is an Irish citizen, ordinarily resident in the state, or the body corporate is established by the state or registered under the Companies Act 2014.

Proceeds of crime

Under the Proceeds of Crime Act 1996 (as amended), the Irish High Court can make orders depriving a defendant of assets that are merely suspected of being the proceeds of crime, regardless of whether the defendant has been convicted of a criminal offence. ‘Proceeds of crime’ for the purposes of the Act means any property obtained or received at any time by, or as a result of, or in connection with criminal conduct. The definition of ‘criminal conduct’ is such that foreign criminality is covered by the scope of the Act where the proceeds are within the state and where the conduct is an offence under both Irish law and the law of the foreign jurisdiction.

12 Describe the principal challenges that arise in your country in cross-border investigations, and explain whether and how such challenges depend on the other countries involved.

For investigations by Irish regulators and law enforcement agencies, the foremost consideration will be whether there is an existing framework for co-operation between Ireland and the other jurisdiction (or jurisdictions). The Criminal Justice (Mutual Assistance) Act 2008, as amended, gives effect to international agreements that establish the existing legislative framework for the provision of mutual legal assistance.

Investigations by regulators or law enforcement and by corporations can also encounter difficulties owing to different legal standards. For example, data protection laws in some countries can restrict the flow of information out of the country, and different levels of protection for private data may restrict the possibility of transfer between the jurisdictions. Further, different rules can apply to matters such as the application of privilege and the constitutional protections owed to persons under investigation.

13 Does double jeopardy, or a similar concept, apply to prevent a corporation from facing criminal exposure in your country after it resolves charges on the same core set of facts in another? Is there anything analogous in your jurisdiction to the ‘anti-piling on’ policy as exists in the United States (the Policy on Coordination of Corporate Resolution Penalties) to prevent multiple authorities seeking to penalise companies for the same conduct?

A corporation cannot be prosecuted twice for the same or similar offences on the same facts following a legitimate acquittal or conviction by an Irish court or by a court of competent authority in a foreign jurisdiction. There must be identity between the foreign and domestic offences.

Typically, the principle does not apply until proceedings are concluded. However, under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended), no proceedings may be initiated in circumstances where an individual has been charged under that Act in the absence of consent from the Director of Public Prosecutions.

There is no anti-piling on policy in Ireland that prevents multiple enforcement authorities from taking action against an entity in relation to the same conduct. However, under section 33AT (1) of the Central Bank Act 1942 (as amended), when a financial services provider has been sanctioned for breaches of financial services legislation, if the breach would also constitute a criminal offence, the provider cannot be subject to further criminal prosecution.

14 Are ‘global’ settlements common in your country? What are the practical considerations?

It is possible for a domestic authority to reach a resolution as part of a coordinated approach with an overseas authority. However, if a party wishes to reach a settlement with authorities in another country or countries, it should be aware that such an agreement may not prevent Irish authorities from continuing to pursue a prosecution.

15 What bearing do the decisions of foreign authorities have on an investigation of the same matter in your country?

Investigations into similar matters in other jurisdictions are often the catalyst for investigations in Ireland. Irish authorities will usually try, and in certain instances may be obliged, to co-operate with foreign investigation authorities, and the exchange of information through appropriate channels can aid an investigation greatly. Ultimately, it will be a matter for the Irish authorities to determine whether and how to conduct their own investigations.

Economic sanctions enforcement

16 Describe your country’s sanctions programme and any recent sanctions imposed by your jurisdiction.

Sanctions imposed at an international level are implemented at a national level. Therefore, individuals and companies operating in Ireland should be aware of the restrictions imposed under Irish law that implement international sanctions. As a Member State of both the United Nations and the European Union, Ireland is required to observe and enforce UN Security Council sanctions and EU restrictive measures. The Department of Foreign Affairs and Trade, the Department of Business, Enterprise and Innovation and the Central Bank of Ireland (CBI) are the competent authorities in Ireland and they will enforce sanctions imposed by either the European Union or the United Nations. If a breach of a specific sanction constitutes an offence under Irish law, this will be prosecuted by the Director of Public Prosecutions.

17 What is your country’s approach to sanctions enforcement? Has there been an increase in sanctions enforcement activity in recent years, for example?

Any regulated entity in Ireland could find itself subject to enforcement action in respect of policies and procedures around financial sanctions screening.

Sanctions enforcement activity has increased on account of the European Union being more proactive in imposing sanctions, particularly in light of the Russian invasion of Ukraine in February 2022. No enforcement settlements have been issued by the CBI to date specifically in respect of failures concerning a firm’s financial sanctions screening process.

18 Do the authorities responsible for sanctions compliance and enforcement in your country co-operate with their counterparts in other countries for the purposes of enforcement?

Yes. Sanctions imposed at an international level are implemented at a national level. The Department of Foreign Affairs and Trade, the Department of Business, Enterprise and Innovation and the CBI will work with their counterparts in other jurisdictions to enforce sanctions imposed by either the European Union or the United Nations.

19 Has your country enacted any blocking legislation in relation to the sanctions measures of third countries? Describe how such legislation operates.

As a member of the European Union, Ireland is subject to the EU Blocking Regulation. The Regulation effectively nullifies the extraterritorial application of the US sanctions against Iran by (1) prohibiting compliance with any sanctions imposed by the United States, (2) preventing the enforcement of any judgment from a foreign court outside the European Union that gives effect to the sanctions, (3) requiring any EU person, natural or legal, to notify the European Commission of any effects that the sanctions may have on them, and (4) allowing any EU person to seek compensation caused by the application of the sanctions.

20 To the extent that your country has enacted any sanctions blocking legislation, how is compliance enforced by local authorities in practice?

The Irish courts implement certain aspects of the EU Blocking Regulation by not enforcing or recognising any judgments that may be made outside the European Union. Further, the courts will allow EU persons to seek compensation in the Irish court system for any adverse effects caused by the application of US sanctions.

Under SI 217/1997 (European Communities (Extraterritorial Application of Legislation Adopted By a Third Country) Regulations), failure to comply with the EU Blocking Regulation is an offence and may be punished by a fine or up to 12 months’ imprisonment.

Before an internal investigation

21 How do allegations of misconduct most often come to light in companies in your country?

Allegations of misconduct will often be raised by whistleblowers, who are protected by the Protected Disclosures Act 2014, as amended by the Protected Disclosures (Amendment) Act 2022. Accordingly, great care must be taken not to violate these protections when allegations come to light in this way. Under the Central Bank (Supervision and Enforcement) Act 2013, there are specific whistleblower protections in relation to making disclosures to the Central Bank of Ireland (CBI) when breaches of financial services legislation may be in issue.

Thematic reviews are typically carried out by regulators. For example, the CBI often bases its investigations on the Administrative Sanction Procedure under the Central Bank Act 1942 (as amended) on matters identified during thematic reviews.

Allegations of misconduct also come to light following complaints from members of the public. For example, in 2021, the Office of the Director of Corporate Enforcement (now the Corporate Enforcement Agency) received 201 complaints and the CBI received 16 formal complaints from members of the public.

When allegations arise through media reports, publicised litigation or other publicised external sources, there are more immediate public relations risks than when a matter arises internally.

There are specific legislative provisions that oblige persons to report information in relation to certain offences in certain circumstances. The Supreme Court upheld the enforceability of section 19 of the Criminal Justice Act 2011 (which sets out the offence of ‘withholding information’ and involves a mandatory reporting obligation in specific circumstances) in Sweeney v. Ireland [2019] IESC 39. If a company is a regulated entity, it may be required to make certain disclosures to its regulator, or indeed to self-report unintentional breaches or offences. Auditors have disclosure obligations, and misconduct coming to light during their engagement may trigger a reporting obligation. In early 2021, the European Court of Justice in DB v. Commissione Nazionale per la Società e la Borsa (Case C-481/19) confirmed that natural persons have the right to silence under EU law, particularly in administrative proceedings of a criminal nature. The implications of this judgment are potentially relevant in a number of Irish regulatory contexts, including under the CBI’s Administrative Sanctions Procedure and the Competition and Consumer Protection Commission’s enforcement regime.

Information gathering

22 Does your country have a data protection regime?

Ireland’s data protection regime mainly comprises Regulation (EU) 2016/679 (the General Data Protection Regulation (GDPR)) and the Data Protection Acts 1988–2018 (the DP Acts). Within this regime, data controllers have a number of duties, including an obligation to process personal data (under the meaning of the GDPR and the DP Acts) fairly, and for it to be kept up to date and secure.

Additionally, the Criminal Justice (Offences Relating to Information Systems) Act 2017 gives effect to provisions of Directive 2013/40/EU on attacks against information systems, which introduced a number of criminal offences.

23 To the extent not dealt with above at question 9, how is the data protection regime enforced?

The Data Protection Commission (DPC) is responsible for monitoring the application of the DP Acts and the GDPR to protect the rights and freedoms of individuals in relation to processing.

The DPC has a number of investigative powers, including the power to conduct an audit, the power to compel individuals and companies to provide it with information and documentation, and the power to prohibit the transfer of personal data overseas.

Summary proceedings may be brought and prosecuted by the DPC. In relation to indictable offences, the DPC prepares a file and submits it to the Director of Public Prosecutions for consideration.

24 Are there any data protection issues that cause particular concern in internal investigations in your country?

The GDPR and the DP Acts restrict the use and disclosure of an individual’s data in Ireland. There are exceptions to the protection given under the DP Acts, but there is no specific exemption when an internal investigation is being carried out. Traditionally, companies have relied on consent to support internal investigations; however, the DP Acts now require that consent be freely given to be valid. The GDPR requires that a data subject can withdraw consent at any time. These factors make it difficult for employers, in the majority of circumstances, to rely on consent as a legal basis for processing data, albeit not impossible.

Companies should therefore seek an alternative lawful basis for processing in the context of internal investigations. The DP Acts allow for data to be processed if it is necessary for the purposes of legitimate interests pursued by the data controller, which can be the case for an internal investigation, but that needs to be balanced against the fundamental rights and freedoms and the legitimate interests of the data subject in question.

Irish law recognises a broad ‘right to privacy’, which includes a right to privacy at work, and a person does not lose privacy and data protection rights simply by being an employee. Any limitation of an employee’s right to privacy should be proportionate to the likely damage to the employer’s legitimate interests.

If an employer seeks to use ‘legitimate interests’ as the basis for processing data, an employee as data subject will have a right to object to that processing of their data. This right is not absolute and may be overridden by the employer having ‘compelling reasons’ to process the data. Companies must inform their employees of the right to object and should draft an internal investigation policy reflecting this balance. Employees should be notified of the possibility that an investigation might take place and, in particular, the ways in which their personal data might be processed in the context of an investigation. For new employees, this information should be provided when they join the company. However, for existing employees, the provision of an updated internal investigation policy will be sufficient.

25 Does your country regulate or otherwise restrict the interception of employees’ communications? What are its features and how is the regime enforced?

Irish employers have the right to monitor employees’ communications. However, this is subject to the right to privacy that employees are afforded under both the Irish Constitution and the European Convention on Human Rights, as well as under data protection law. Any intrusion of an employee’s right to privacy must be proportionate to any likely damage caused to the employer’s legitimate interests.

When an employee wishes to enforce the right to privacy or believes that it has been infringed, he or she may do so by referring a dispute to the Workplace Relations Commission or by commencing proceedings in the courts. If the dispute involves an employee’s personal data, it may be possible to lodge a complaint with the DPC.

Dawn raids and search warrants

26 Are search warrants or dawn raids on companies a feature of law enforcement in your country? Describe any legal limitations on authorities executing search warrants or dawn raids, and what redress a company has if those limits are exceeded.

Search warrants and dawn raids are often used as part of investigations against companies, particularly by the Competition and Consumer Protection Commission and the Office of the Director of Corporate Enforcement (now the Corporate Enforcement Agency). Both company premises and private homes of relevant persons can be searched on the basis of an appropriate warrant.

There are constitutional protections for persons subject to searches, particularly of private homes. Depending on the specific statute, a regulator or investigatory body would obtain a search warrant to enter a dwelling to conduct a search and to seize documents. There is a general requirement that there is some nexus between the investigation by the regulatory body of the offence in question and the dwelling in question. The body is only permitted to search the premises specified in the warrant and to seize items included within the terms of the warrant.

27 How can privileged material be lawfully protected from seizure during a dawn raid or in response to a search warrant in your country?

Privileged material is prima facie protected from examination by law enforcement or regulatory bodies. Specific statutes, such as the Companies Act 2014 and the Central Bank (Supervision and Enforcement) Act 2013, also provide for the protection of privileged information during investigations.

In practical terms, it can be difficult to determine during a seizure operation whether material is privileged, and sometimes the material will be isolated so that a claim of privilege can be assessed later.

The mechanism to assess whether privilege has been properly asserted must be set out in the legislation under which the search warrant is conducted.

28 Under what circumstances may an individual’s testimony be compelled in your country? What consequences flow from such compelled testimony? Are there any privileges that would prevent an individual or company from providing testimony?

There are various provisions of criminal, civil and administrative law that compel testimony. The Irish Constitution recognises a right to silence and the privilege against self-incrimination. Arrested suspects are brought into police custody for questioning ‘under caution’. The suspects should be cautioned that they have the right to maintain silence and that anything they say may be used in evidence. However, the Criminal Justice Act 1984 (as amended) provides that, in the case of arrestable offences (i.e., those for which a person can be imprisoned for five years or more), inferences can be drawn at trial from an accused’s silence.

The right to silence can be abridged by statute, most often in the context of regulatory investigations, meaning that answers can be compelled. However, Irish courts have frequently held that statements given under statutory compulsion (such as in connection with a regulatory investigation attracting a civil penalty) cannot be used against that person in subsequent criminal proceedings, whereas voluntary statements can.

Whistleblowing and employee rights

29 Describe the whistleblowing framework in your country. What financial incentive schemes exist for whistleblowers? What legal protections are in place for whistleblowers?

The Protected Disclosures (Amendment) Act 2022 (the 2022 Act), which was signed into law on 21 July 2022, amends and extends the current whistleblowing legislation in Ireland – the Protected Disclosures Act 2014. The purpose of the 2022 Act is to provide for the transposition of the EU Whistleblowing Directive into Irish law. The 2022 Act comes into force on 1 January 2023.

The 2022 Act places a new obligation on all private sector organisations with 50 or more employees to establish, maintain and operate internal reporting channels and procedures to make protected disclosures. However, organisations with between 50 and 249 employees (subject to certain exceptions) will be able to avail of a grace period until 17 December 2023. The reporting channels and procedures may be operated internally by a designated person or department or can be provided externally by a third party on behalf of the employer.

When a worker makes a protected disclosure, the employer in question is prevented from dismissing or penalising the worker, taking an action for damages or an action arising under criminal law, or disclosing any information that might identify the person who made the disclosure. Notably, the 2022 Act reverses the burden of proof in penalisation claims, shifting it to the employer to prove that the act or omission was not as a result of the protected disclosure. Further, the Act extends the remedy of an injunction to acts of penalisation. If the employer were to dismiss or penalise a worker wholly or mainly as a result of having made a protected disclosure, the worker could be awarded up to five years’ remuneration, re-engagement or reinstatement by the Workplace Relations Commission (the employment tribunal in Ireland). Further, the 2022 Act creates a cause of action in tort for a person who suffers damage caused by reported false information.

30 What rights does local employment law confer on employees whose conduct is within the scope of an investigation? Is there any distinction between officers and directors of the company for these purposes?

As a general matter, employees have a constitutional right to ‘fair procedures’ in any investigative or disciplinary process. This means that, among other things, an employee must be kept apprised of the investigation and must be permitted to participate in the investigation, test the evidence and make points in his or her defence. The extent and scope of fair procedures and natural justice that must be afforded during a workplace investigation depends on the actual nature of the investigation and the potential consequences thereof.

The rights do not differ for officers and directors who are employees.

31 Do employees’ rights under local employment law differ if a person is deemed to have engaged in misconduct? Are there disciplinary or other steps that a company must take when an employee is implicated or suspected of misconduct, such as suspension or in relation to compensation?

Constitutional rights apply in an investigation and disciplinary process when a person is implicated or suspected of having engaged in misconduct.

Prior to a finding of misconduct being made, an investigation and disciplinary process should be carried out.

The disciplinary process should, at a minimum, follow the Workplace Relations Commission’s Code of Practice on Disciplinary and Grievance Procedures and the employer’s own procedures, and involve the following basic principles:

  • Advance written notice of any allegations, and any supporting documentation and witness statements, should be provided to the employee.
  • The employee should be invited, in writing, to an investigation meeting to discuss the allegations and to put forward his or her response.
  • The investigation should go no further than to determine whether there is a sufficient factual basis to warrant a matter being put to a disciplinary hearing.
  • Suspension should be imposed only after full consideration of the necessity for it pending a full investigation of matters. It may be justified if it is to prevent repetition of the conduct complained of or interference with evidence; to protect individuals at risk from such conduct; to comply with any regulatory rule applicable to the individual or their role; or to protect the employer’s business and reputation. Suspension must be on full pay and benefits, and for no longer than is reasonably necessary.
  • Depending on the outcome of an investigation, the employee should be invited in writing to a disciplinary meeting to discuss the allegations and to put forward a response. Documents obtained during the investigation should be provided to the employee.
  • The employee should be allowed to be accompanied by a colleague or trade union representative at any meetings.
  • Any sanction must be proportionate and reasonable in the circumstances and should be confirmed in writing to the employee.
  • A right of appeal to someone not previously involved should be provided.
  • Unless the allegations are sufficient to constitute gross misconduct, the sanctions should progress from verbal warning to written warning to final written warning and then to dismissal. Summary dismissal will be permitted only when the circumstances genuinely constitute gross misconduct.

For dismissal for out-of-work misconduct to be deemed fair, there must be a genuine connection between the employee’s offence and his or her employment. The connection must be such that it leads to a breach of trust or causes reputational or other damage to the employer. In these circumstances, the employer should carry out its own internal investigation and disciplinary process (in accordance with the requirements set out above).

32 Can an employee be dismissed for refusing to participate in an internal investigation?

The extent to which an employer may take disciplinary action against an employee for failure to participate in an investigation will depend on the circumstances.

Commencing an internal investigation

33 Is it common practice in your country to prepare a document setting out terms of reference or investigatory scope before commencing an internal investigation? What issues would it cover?

There is no statutory requirement for such a document, but it would be considered general good practice. Depending on the circumstances, it may be useful to detail the purpose and scope of the investigation and to clarify the remit of the investigators’ role. Matters to cover might include:

  • the structure and methodology of the investigation;
  • a definition of the issues to be covered; and
  • details of any engagement with legal counsel and related matters concerning privileged material.

If the investigation concerns employees of the company, it should go no further than gathering the relevant information or evidence to determine whether there is a sufficient factual basis to put particular allegations at a formal disciplinary hearing. The investigation should be carried out in accordance with any relevant internal procedures and not reach any factual conclusions on the evidence or decide whether the allegations are proved.

34 If an issue comes to light prior to the authorities in your country becoming aware or engaged, what internal steps should a company take? Are there internal steps that a company is legally or ethically required to take?

Depending on the severity of the issue, it would usually be prudent for a business to carry out a certain level of enquiry and investigation. However, a company should take care in carrying out any investigations and in creating any reports, as it is possible that any such documents could be subject to disclosure in subsequent legal proceedings. A number of legislative provisions impose a positive obligation on persons (including businesses) to report wrongdoing in certain circumstances (e.g., section 19 of the Criminal Justice Act 2011) as well as various provisions of financial services legislation (e.g., section 38 of the Central Bank (Supervision and Enforcement) Act 2013).

It is also essential that any wrongdoing ceases as soon as the company becomes aware of it, and that remedial measures are taken where appropriate. Care should be taken to preserve evidence of the wrongdoing, as a failure to do so could result in accusations of destruction of evidence, which can itself be an offence under certain legislation.

35 What internal steps should a company in your country take if it receives a notice or subpoena from a law enforcement authority seeking the production or preservation of documents or data?

It is advisable to immediately implement a ‘document hold’ by suspending deletion policies and circulating document retention notices.

The company should review the request and consider the power under which it is exercised, and in particular if the request is voluntary or mandatory. There are risks associated with releasing documentation, particularly when it might contain confidential or personal information, without being lawfully compelled to do so. External legal advice may be required in this regard.

An inventory listing the materials falling within the notice should also be prepared. The material should then be assessed for privilege. Copies of anything provided to the investigation authority should be retained.

36 At what point must a company in your country publicly disclose the existence of an internal investigation or contact from a law enforcement authority?

Privately owned companies are not required to publicly disclose the existence of internal investigations or contact from law enforcement. There may, of course, be commercial reasons for doing so (or not doing so) in any particular case.

Under the Irish Listing Rules, publicly listed companies on the Irish Stock Exchange (Euronext Dublin) must, without delay, provide to Euronext Dublin any information that it considers appropriate to protect investors. Euronext Dublin may, at any time, require an issuer to publish such information within the time limits as it considers appropriate to protect investors or to ensure the smooth operation of the market.

37 How are internal investigations viewed by local enforcement bodies in your country?

Internal investigations are considered part of good corporate governance. However, companies operating in Ireland can be subject to certain reporting obligations in respect of certain offences and, therefore, will be required to notify matters to law enforcement or regulators in certain circumstances. For example, persons with a ‘pre-approved control function’ are required to report breaches of financial services legislation and designated persons (including auditors, financial institutions and solicitors) have an obligation to report money laundering offences.

However, if criminal prosecution precedes an internal investigation, in general, internal disciplinary procedures are suspended to respect the individual’s right to silence.

Attorney–client privilege

38 Can the attorney–client privilege be claimed over any aspects of internal investigations in your country? What steps should a company take in your country to protect the privilege or confidentiality of an internal investigation?

Any requirement to disclose documents obtained through an internal investigation to the Irish authorities is qualified by legal professional privilege. There are two forms of legal professional privilege in Ireland:

  • legal advice privilege, which applies to confidential communications between a lawyer and a client that are created for the sole or dominant purpose of giving or seeking legal advice; and
  • litigation privilege, which applies to communications between a lawyer and a client made in the context of contemplated or existing litigation or regulatory action. It also covers communications with third parties, such as experts.

Litigation privilege is a broader form of privilege to assert in the context of an internal investigation, provided there is actual or contemplated litigation or regulatory action.

The main way to protect and preserve privilege is to involve lawyers in internal investigations at an early stage, although it should be noted that privilege cannot be asserted in respect of pre-existing documents after they have been created merely by involving lawyers. To ensure that existing privilege is not lost, it is important to limit the disclosure or sharing of privileged materials to only those persons who are authorised to seek or receive the privileged material. Legal advice should not be summarised or copied and shared by non-legal persons. If privileged materials need to be shared with third parties, it is important to ensure that appropriate confidentiality agreements are put in place to govern the disclosure to ensure that, as far as possible, privilege is not inadvertently waived or lost.

39 Set out the key principles or elements of the attorney–client privilege in your country as it relates to corporations. Who is the holder of the privilege? Are there any differences when the client is an individual?

Legal professional privilege applies equally to individuals and companies and can be waived only by the client. Under Irish law, the question of who is the client in a corporate context was considered in UCC v. ESB [2014] IEHC 135, where it was held that if the client is a corporate body, it is necessary to consider whether the individual making the communication to the lawyer is a person engaged or employed to obtain or receive legal advice on behalf of the client.

40 Does the attorney–client privilege apply equally to in-house and external counsel in your country?

Yes, subject to the criteria for legal professional privilege being met. In-house counsel must be acting in the capacity of a legal adviser and not as an officer of the company. However, the position with regard to in-house counsel in the context of certain external matters is not straightforward and advice should be sought as a result of the decision of the European Court of Justice in Akzo Nobel Chemicals Ltd and Akcros Chemicals Ltd v. Commission (Case C-550/07 P).

41 Does the attorney–client privilege apply equally to advice sought from foreign lawyers in relation to investigations in your country?

The definition of ‘lawyer’ in Ireland extends to foreign lawyers. There does not appear to be any question about this and it is generally accepted that foreign legal advice is privileged to the extent that it fits Irish legal rules on privilege.

42 To what extent is waiver of the attorney–client privilege regarded as a co-operative step in your country? Are there any contexts where privilege waiver is mandatory or required?

Asserting legal professional privilege is a fundamental legal right and the fact of its assertion should not be held against a party. However, if the materials over which legal professional privilege is being asserted are central to any enforcement investigation (such as a party defending certain conduct on the basis that it was taken following legal advice), it may appear unco-operative to refuse to disclose those materials. In such a case, disclosure could, in fact, be in a party’s strategic interest. Any decision to waive privilege should be carefully considered as, once waived, legal professional privilege is lost. It is generally recommended that a waiver should be limited to those materials that are strictly necessary and should be made on a limited and specified basis; in other words, a general waiver of all legal professional privilege in respect of a particular matter is not advisable.

43 Does the concept of limited waiver of privilege exist as a concept in your jurisdiction? What is its scope?

It is possible to waive privilege on a limited basis. However, care should be taken as privilege can inadvertently be lost in such circumstances. The scope of the waiver should be clear, limited and in writing; furthermore, it is of utmost importance that confidentiality in the material should be maintained. Care should be taken when waiving privilege over documents that make reference to connected documents over which privilege is maintained. The Irish courts do not permit parties to ‘cherry-pick’ which privileged information they wish to disclose. In Quinn v. IBRC [2018] IEHC 481, the court held that, in certain circumstances, a partial disclosure of privileged documents may create an unfair litigious advantage if a litigant retains privilege over other connected documents. Therefore, a partial disclosure can result in a wider waiver of privilege.

Under the General Scheme of the Central Bank (Individual Accountability Framework) Bill 2022, it is proposed to introduce a privilege ‘safe harbour’ for persons to voluntarily submit privileged material to the Central Bank, for example in the course of an investigation, without such limited disclosure constituting a waiver of privilege as against other third parties

44 If privilege has been waived on a limited basis in another country, can privilege be maintained in your own country?

If the waiver of privilege was appropriate, limited and restricted, it should not defeat the overall assertion of legal professional privilege. However, this will depend on the extent and nature of the waiver in each case.

45 Do common interest privileges exist as concepts in your country? What are the requirements and scope?

Common interest privilege does exist in Ireland. It is important that common interest privilege is expressly asserted and that the receiving third party is aware of the necessity of preserving privilege in the materials received.

46 Can privilege be claimed over the assistance given by third parties to lawyers?

Litigation privilege can be asserted regarding third-party communications where the dominant purpose of the communication is in anticipation of existing or contemplated litigation (which currently includes regulatory proceedings).

Witness interviews

47 Does your country permit the interviewing of witnesses as part of an internal investigation?

Yes, and this is often an integral part of the fact-finding exercise of an investigation. However, the internal investigation would not be able to compel witnesses to attend, except to the extent that employees can be requested to co-operate in the context of their employment.

48 Can a company claim the attorney–client privilege over internal witness interviews or attorney reports?

Yes, where reports contain legal analysis, advice or conclusions, or are prepared with the dominant purpose of preparing for, or in contemplation of or in connection with, litigation or regulatory proceedings.

49 When conducting a witness interview of an employee in your country, what legal or ethical requirements or guidance must be adhered to? Are there different requirements when interviewing third parties?

It can be important that witnesses are informed of the nature of the interview, whether they are implicated in any wrongdoing and, crucially, of any possible consequences for them of the investigation process to preserve the ability to take appropriate action, if necessary, following or as a result of the investigation. It is important to point out that any lawyers present are acting for the company and not for the employee, who may, in some cases, have his or her own legal representation.

Existing employees have a greater right to fair procedures as they are more likely to face the possibility of an adverse outcome, such as dismissal. However, it is best practice to accord equal and fair procedures to all interviewees.

50 How is an internal interview typically conducted in your country? Are documents put to the witness? May or must employees in your country have their own legal representation at the interview?

It is good practice to ensure that any documents of relevance to the witness are put to them. ‘Interview by ambush’ is contrary to fair procedures and open to challenge, particularly by employees.

Employees have no statutory right to legal representation at witness interviews. However, if the employee or witness is, or may become, the subject of the investigation, the employer should consider advising the employee or witness to have legal representation to minimise the risk of a later legal challenge to the investigation process. If the person requests permission to have legal representation, the company should assess each case separately. It is generally considered prudent to permit such representation, or not to proceed in the absence of such representation.

Reporting to the authorities

51 Are there circumstances under which reporting misconduct to law enforcement authorities is mandatory in your country?

A number of legislative provisions impose a positive obligation on persons (including businesses) to report wrongdoing in certain circumstances. Most significantly, section 19 of the Criminal Justice Act 2011 provides that a person is guilty of an offence if he or she fails to report information that the person knows or believes might be of ‘material assistance’ in preventing the commission of, or securing the prosecution of another person in respect of, certain listed offences, including many corporate crimes. The disclosure must be made ‘as soon as practicable’, and a person who fails to disclose such information may be liable to a fine or imprisonment for up to five years, or both. However, the person considering making the report may need to make enquiries to be satisfied that a report is justified.

Other mandatory reporting obligations include the duties of:

  • persons with a ‘pre-approved control function’ to report breaches of financial services legislation;
  • designated persons (such as auditors, financial institutions and solicitors) to report money laundering offences;
  • auditors to report a belief that an indictable offence has been committed;
  • auditors or persons preparing accounts to report theft and fraud offences; and
  • all persons to report any offence committed against a child.

52 In what circumstances might you advise a company to self-report to law enforcement even if it has no legal obligation to do so? In what circumstances would that advice to self-report extend to countries beyond your country?

A company might be advised to self-report, in Ireland or overseas, to mitigate the risk of prosecution or any potential sentence that may be imposed by a court. There are no express provisions for immunity or leniency in prosecution under Irish law, but self-reporting can be considered a mitigating factor in sentencing. The Director of Public Prosecutions does have discretion to grant immunity in certain circumstances. Some regulatory regimes, such as the Central Bank of Ireland’s (CBI) administrative sanction procedure, also consider self-reporting as a mitigating factor affecting the level of sanctions. The list of sanctioning factors set out in the CBI’s Administrative Sanctions Procedure (published in 2018) includes ‘how quickly, effectively and completely the regulated entity brought the contravention to the attention of the CBI or any other relevant regulatory body’.

The exception is the Cartel Immunity Programme operated by the Competition and Consumer Protection Commission, which allows a member of a cartel to apply for immunity in return for co-operating with the Commission. Only the first member of a cartel to come forward can avail of the programme and must meet strict eligibility criteria.

In terms of extraterritorial self-reporting, an Irish company may self-report to authorities in other jurisdictions that have immunity or leniency programmes if the conduct in question could also be investigated or prosecuted by those authorities.

53 What are the practical steps needed to self-report to law enforcement in your country?

It is important that a company has considered its risks and, as far as possible, investigated the matter before making a report. A report can be made in writing, such as by letter to the appropriate authority, or by providing a written statement when attending a Garda station. The form and content of the report will depend on the specific circumstances of the matter, including, for example, whether the company might be implicated, or whether there are other legal, commercial or reputational issues to be considered. Data deletion policies should be suspended and relevant materials retained in case they are subsequently required in the context of an investigation or legal or regulatory proceedings.

Responding to the authorities

54 In practice, how does a company in your country respond to a notice or subpoena from a law enforcement authority? Is it possible to enter into dialogue with the authorities to address their concerns before or even after charges are brought? How?

Dialogue may start with the authority once a notice has been received and analysed. For example, the company may wish to address concerns such as the scope of the request, the legal basis or the deadline for compliance. It is important that care is taken with these types of communications, as they can set the tone for engagement with the authority and may be relevant for any subsequent court challenge or dispute that may arise.

55 Are ongoing authority investigations subject to challenge before the courts?

Yes, for example, through an application for judicial review. It is also possible to seek injunctions, typically on an interim basis, to protect legal rights while the underlying challenge is resolved.

56 In the event that authorities in your country and one or more other countries issue separate notices or subpoenas regarding the same facts or allegations, how should the company approach this?

Each request should be treated separately as the legal basis for the request is likely to be different. A request that may appear to compel disclosure of documents may not, in fact, have legal effect if it is from outside the jurisdiction and the procedures for compelling cross-border information (such as the procedures under the Criminal Justice (Mutual Assistance) Act 2008, as amended) are not engaged. It is generally not advisable to release information, in the absence of lawful compulsion. ‘Package disclosures’ are usually inadvisable, therefore, as documents that one agency has a legal right to obtain may not be within the compulsory power of another agency. That said, when requests are made by different authorities, it is important to have a consistent approach with regard to how requests are treated and what arguments are made to authorities.

57 If a notice or subpoena from the authorities in your country seeks production of material relating to a particular matter that crosses borders, must the company search for and produce material in other countries to satisfy the request? What are the difficulties in that regard?

The appropriate response will depend on the nature of the request and the relationship between the company that is subject to the request and the entities holding the documents across borders. If the company in receipt of the request has the power to compel production, such as from a branch or subsidiary, it may be required to do so. However, generally, the entity to which the request is addressed will be the only body with an obligation to respond.

58 Does law enforcement in your country routinely share information or investigative materials with law enforcement in other countries? What framework is in place in your country for co-operation with foreign authorities?

In terms of formal co-operation mechanisms, the Criminal Justice (Mutual Assistance) Act 2008 gives effect to 12 international agreements that establish the existing legislative framework for the provision of mutual legal assistance. The Criminal Justice (Mutual Assistance) (Amendment) Act 2015 gives effect to a further six international instruments not provided for by the 2008 Act. This has enhanced the already significant level of co-operation between Ireland and other EU Member States. Co-operation with third countries (those outside the European Economic Area) is dependent on their ratification of relevant inter­national agreements or the existence of a mutual assistance treaty agreed between them.

The transposition of the EU Fourth Money Laundering Directive into Irish law has also led to further enhanced international co-operation, as the Directive requires information to be shared between competent national authorities, including the creation of a central register of beneficial owners of entities.

59 Do law enforcement authorities in your country have any confidentiality obligations in relation to information received during an investigation or onward disclosure and use of that information by third parties?

There is no generally applicable statutory obligation that creates an obligation on the police to keep information received during an investigation confidential.

Irish law does recognise a broad ‘right to privacy’, which is protected by the Irish Constitution, the EU Charter of Fundamental Rights and the European Convention on Human Rights. Further, data protection is regulated in Ireland primarily by the Data Protection Acts 1988–2018 (the DP Acts), which reflect EU data protection laws. The police are subject to the same obligation under the DP Acts as all data controllers, within the meaning of the DP Acts, when processing personal data. There are exceptions to the rules set out in the DP Acts, including where the processing is required to investigate or prevent an offence.

Whistleblowers are protected from identification by the Protected Disclosures Act 2014, as amended by the Protected Disclosures (Amendment) Act 2022. Accordingly, great care must be taken not to violate these protections when an investigation involving whistleblower information is under way. However, the identity of whistleblowers can be disclosed to prevent a crime or to aid in the prosecution of a criminal offence.

60 How would you advise a company that has received a request from a law enforcement authority in your country seeking documents from another country, where production would violate the laws of that other country?

In such circumstances, it would usually be prudent to advise the company not to provide the documents. However, the company should ensure that it is not violating any laws in its own jurisdiction by doing so. The company should inform the requesting authority of the basis for the decision to refuse the request for documents.

61 Does your country have secrecy or blocking statutes? What related issues arise from compliance with a notice or subpoena?

The DP Acts regulate data protection in Ireland and protect the personal data of individuals from disclosure in certain circumstances. The transfer of data outside Ireland is restricted but there is no outright ‘block’ preventing all transfers. The main implication of Irish data protection law is that companies may be reluctant to release materials in the absence of a legal obligation.

Further, care should be taken when releasing documents that relate to any type of contractual relationship, as there may be confidentiality terms in the contract or engagement terms that could be violated by the disclosure. A party should always be mindful that if it releases information without being compelled to do so, it is not protected from claims that it has breached Irish data protection legislation or breach of confidence claims.

62 What are the risks in voluntary production versus compelled production of material to authorities in your country? Is this material discoverable by third parties? Is there any confidentiality attached to productions to law enforcement in your country?

A company may be in breach of the DP Acts if it releases materials that contain personal data in the absence of lawful compulsion, and may also be in breach of confidence if it releases confidential material without being compelled to do so. There may also be other contractual consequences for a company releasing certain materials voluntarily. There is no automatic confidentiality attached to materials disclosed to law enforcement, unless restrictions have been agreed to that effect. Accordingly, material provided to authorities voluntarily may be shared with other authorities or used for purposes other than the initial basis of the request. Materials obtained on the basis of a compulsory power are subject to greater protections. However, once material is in the possession of an authority, there is nothing to prevent a third party from seeking the material, such as through a non-party discovery order.

Prosecution and penalties

63 What types of penalties may companies or their directors, officers or employees face for misconduct in your country?

Irish criminal legislation typically provides for monetary fines or terms of imprisonment for offences. Given the nature of corporate entities, the most common form of sanction is a fine. However, although less common, Irish legislation also provides for specific remedies, such as compensation orders and adverse publicity orders under health and safety legislation.

Common sanctions in the context of business crime are restriction and disqualification orders. Under section 839 of the Companies Act 2014, if a person has been convicted of an indictable offence in relation to a company, or convicted of an offence involving fraud or dishonesty, that person may not be appointed or act as an auditor, director or other officer, receiver, liquidator or examiner, or be concerned in any way, whether directly or indirectly, or take part in the promotion, formation or management of any company for a period of five years by default, but potentially longer should the court see fit.

64 Where there is a risk of a corporate’s suspension, debarment or other restrictions on continuing business in your country, what options or restrictions apply to a corporate wanting to settle in another country?

Under the EU Public Sector Procurement Directive (2014/24/EU) (transposed into Irish law by the European Union (Award of Public Authority Contracts) Regulations 2016 (the Regulations)), companies must be excluded from public procurement for a specific period when they have been convicted of certain offences. The Regulations also provide for offences that carry discretionary debarment. These include offences under EU law, meaning that a company should take care when settling charges in another country, as doing so could, depending on the offence, trigger these exclusion rules.

The Regulations enable companies to recover eligibility to bid for public contracts by demonstrating evidence of ‘self-cleaning’, such as the payment of compensation to the victim, clarification of the facts and circumstances of the offence, co-operation with the investigating authority and the implementation of appropriate measures to prevent further criminal offences or misconduct.

65 What do the authorities in your country take into account when fixing penalties?

Sentencing of corporate crimes is largely a function for the courts. If a business is found guilty of an offence, a wide range of factors may be taken into account at the discretion of the court. Mitigating factors include whether the company ceased committing the criminal offence on detection or whether there were further infringements or complaints; whether remedial efforts to repair the damage caused were used by the company; the existence of a compliance programme; and whether the company itself reported the infringement before it was detected by the prosecuting authority. Additionally, in imposing any sentence, the court must comply with the principle of proportionality as set out in People (DPP) v. McCormack [2000] 4 IR 356.

Certain sanctions, such as those available to the Central Bank of Ireland under the Administrative Sanction Procedure, or the Competition and Consumer Protection Commission in connection with cartels, can be expressed as a percentage of turnover.

Resolution and settlements short of trial

66 Are non-prosecution agreements or deferred prosecution agreements available in your jurisdiction for corporations?

No. There has been some consideration of these types of arrangements at policy level; for example, the Law Reform Commission recommended in its Report on Regulatory Powers and Corporate Offences (published on 23 October 2018) that deferred prosecution agreements (DPAs) be introduced, based on the UK model, which are subject to court approval. However, in December 2020, a report prepared by a review group chaired by former Director of Public Prosecutions James Hamilton, tasked with assessing the strategies and structures for investigation and penalising economic crime, refused to recommend DPAs in Irish law.

67 Does your jurisdiction provide for reporting restrictions or anonymity for corporates that have entered into non-prosecution agreements or deferred prosecution agreements until the conclusion of criminal proceedings in relation to connected individuals to ensure fairness in those proceedings?

Neither non-prosecution agreements nor DPAs are available in Ireland.

68 Prior to any settlement with a law enforcement authority in your country, what considerations should companies be aware of?

It is possible to enter into a settlement with some regulatory authorities in prescribed circumstances.

Generally, any company considering entering into a settlement with a regulatory or enforcement authority should balance the seriousness of the charge, the scope of a conviction, the strength of the case against it and against the terms of the settlement, such as the quantum of any fine, and whether there is publicity associated with the settlement.

69 To what extent do law enforcement authorities in your country use external corporate compliance monitors as an enforcement tool?

The use of external corporate compliance monitors is not an enforcement tool used by Irish law enforcement authorities.

70 Are parallel private actions allowed? May private plaintiffs gain access to the authorities’ files?

A defendant may be subject to simultaneous civil and criminal proceedings arising out of the same set of circumstances. Although there is no obligation on the courts to do so, civil proceedings are commonly adjourned pending the outcome of related criminal proceedings. As there are different burdens of proof in civil and criminal matters, the outcome of civil and criminal proceedings will not necessarily be the same. It is also possible, although rare, for individuals to initiate private criminal prosecutions by issuing a summons pursuant to the Petty Sessions (Ireland) Act 1851 in certain limited circumstances.

Authorities are not obliged to disclose their files to such persons unless a particular file is generally open to the public or a court order has been obtained.

Publicity and reputational issues

71 Outline the law in your country surrounding publicity of criminal cases at the investigatory stage and once a case is before a court.

The Irish judiciary is extremely protective of an accused’s right to a fair trial and will prohibit or stay a trial if necessary. This sometimes occurs in respect of high-profile cases when the extent of publicity affects the ability of the defendant to have a fair jury trial. An example of this is the trial of a high-profile former chairman of Anglo Irish Bank, which was initially adjourned in 2015, owing to concerns about adverse publicity surrounding the trial.

Reports that undermine legal proceedings can amount to contempt of court. Further, any reporting that goes beyond a faithful account of the court proceedings could give rise to defamation claims.

Under new court rules introduced by the Data Protection Act 2018, an accredited member of the press may access documents that are ‘opened’ in court (i.e., read out in court by a lawyer or by the judge) and those that are ‘deemed to have been opened’ at a hearing before the court (i.e., documents that the judge has read in chambers and does not require the parties to formally open in court).

72 What steps do you take to manage corporate communications in your country? Is it common for companies to use a public relations firm to manage a corporate crisis in your country?

In larger companies, corporate communications are generally managed by a team of marketing professionals, and it is common for companies to employ public relations companies when there is a risk of negative publicity.

73 How is publicity managed when there are ongoing related proceedings?

It is important that any public statements issued by a company do not potentially prejudice ongoing criminal proceedings or investigations. Statements issued by a company in such circumstances should be brief, factual and approved by the company’s legal advisers. Care should also be taken that no comments are made that potentially identify any persons, as there could be a risk of defamation proceedings if the statement incorrectly implies that a person has committed any wrongdoing.

Duty to the market

74 Is disclosure to the market in circumstances where a settlement has been agreed but not yet made public mandatory?

Publicly listed companies on the Irish Stock Exchange must, without delay, provide to Euronext Dublin any information that it considers appropriate to protect investors. Euronext Dublin may, at any time, require an issuer to publish such information within the time limits it considers appropriate to protect investors or to ensure the smooth operation of the market.

Environmental, social and corporate governance (ESG)

75 Does your country regulate ESG matters?

ESG has become an area of increased importance in Ireland. In particular, within the financial services industry, the Central Bank of Ireland has indicated that it is an area of focus and that it has outlined its supervisory expectations of regulated firms, in particular firms’ compliance with climate and wider ESG-related requirements.

The Disclosure of Non-Financial Information Regulations 2017 (SI 360/2017) transpose Directive 2014/95/EU (the Non-Financial Reporting Directive) into Irish law and require directors of any company with more than 500 employees to:

  • submit for each financial year a non-financial statement explaining the company’s development, performance and position and the effects of its activity relating to environmental, social, human rights, and bribery and corruption matters; and
  • include in its corporate governance statement a diversity report on the company’s diversity policy and its implementation and results.

Regulation (EU) 2019/2088 (the Sustainable Finance Disclosure Regulation):

  • requires financial market participants and financial advisers to disclose 15 different ESG considerations on their websites, and in their remuneration policies and pre-contractual disclosures, including:
    • the principal adverse effects of investment decisions on sustainability issues;
    • the company’s considerations of ESG and sustainability risks; and
    • additional product-specific obligations where financial products promote environmental sustainability or have sustainable investment as their core objective; and
  • introduces additional disclosure requirements for existing financial services legislation, including Directive 2011/61/EU on Alternative Investment Fund Managers, Directive 2009/65/EC on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS), Directive 2009/138/EC on the taking up and pursuit of the business of insurance and reinsurance (Solvency II), Directive (EU) 2016/97 on insurance distribution and Directive 2014/65/EU on markets in financial instruments (MiFID II).

Regulation (EU) 2020/852 (the Taxonomy Regulation) requires financial market participants to disclose in pre-contractual disclosures and public reports:

  • how certain financial products and their underlying investments in economic activities qualify as ‘environmentally sustainable’ under this Regulation; and
  • in non-financial undertakings, the proportion of their turnover derived from environmentally sustainable products and services, and the proportion of their capital and operating expenditure relating to assets or processes associated with environmentally sustainable activities.

Regulation (EU) 2018/2089 (the Low Carbon Benchmark):

  • requires benchmark administrators to include details of how they incorporate ESG factors in their benchmark methodologies and statements; and
  • extends the period for national authorities to compel benchmark administrators to publish a critical benchmark from two years to five years.

76 Do you expect to see any key regulatory or legislative changes emerge in the next year or so designed to address ESG matters?

Key legislative changes in coming years include a Corporate Sustainability Reporting Directive (CSRD) (which will revise the existing Non-Financial Reporting Directive, extend its obligations to companies with fewer than 500 employees and simplify the existing sustainability reporting process) and a regulation introducing a European green bond (EU GBS). A provisional agreement was reached between the European Parliament and the European Council on the CSRD in June 2022, with phased reporting requirements to be introduced between 2024 and 2026. At the time of writing, the European Parliament and European Council have not yet reached agreement on the EU GBS proposals.

77 Has there been an increase in ESG-related litigation, investigations or enforcement activity in recent years in your country?

So far there has been limited ESG-related litigation in Ireland, but this may change following two developments. Ireland has until 25 December 2022 to implement Directive (EU) 2020/1828 (the Representative Actions Directive), which will introduce collective injunctive and redress measures for consumers for the first time. The Irish courts may also be receptive to ESG-related litigation following the Supreme Court decision in Friends of the Irish Environment CLG v. The Government of Ireland & Ors [2020] IESC 49, in which the Supreme Court quashed the Irish government’s statutory plan for tackling climate change and held that climate change is already having a profound environmental and societal effect in Ireland.

Anticipated developments

78 Do you expect to see any key regulatory or legislative changes emerge in the next year or so designed to address corporate misconduct?

The newly established Corporate Enforcement Authority (CEA) is tasked with combating business crime and suspected breaches of company law. The CEA has outlined its strategy for 2022–2025, based on three strategic pillars:

  • embedding governance structures, building operational capability and establishing presence;
  • effective advocacy and influencing; and
  • operating effective systems of proportionate, robust and dissuasive enforcement.

The recently enacted Criminal Procedure Act 2021 introduces a number of significant changes to criminal procedure in Ireland, including the introduction of preliminary trial hearings, which should lead to efficiencies in the trial process. The Act came into force on 28 February 2022.

The recently published and long-anticipated Central Bank (Individual Accountability Framework) Bill 2022 will introduce the Senior Executive Accountability Regime (SEAR) in the financial services sector in Ireland. SEAR is designed to improve accountability for individuals in Ireland by imposing conduct standards directly on individuals performing controlled functions, and an increased duty of responsibility on individuals performing senior executive functions. Further, non-compliance with these standards may give rise to potential enforcement directly against senior executives in the sector.


[1] Karen Reynolds is a partner and Connor Cassidy is a senior associate at Matheson.

Unlock unlimited access to all Global Investigations Review content