Fighting corporate crime and compliance defence in the Czech Republic
Inspired the US Department of Justice’s (DOJ), non-binding internal guidelines for public prosecutors were issued in September 2018 (Czech CMS Guidelines). A slightly updated version of the Czech CMS Guidelines was published in November 2020. Both guides are comparable in quality and level of detail and a company will set-up an equally effective compliance management system following either of them. The major difference is the approach of the Czech prosecution authorities, which is considerably less predictable compared to DOJ’s. Czech prosecuting authorities are still struggling to understand the concept of compliance management systems and specially to apply it accordingly taking into account all the relevant specifics of the prosecuted company.
- Corporate criminal liability
- Compliance management systems in the Czech social and legal environment
- Effectiveness of compliance management system
- The development of prosecuting authorities’ approach to investigation and prosecution of companies
Referenced in this article
- Act No. 418/2011 Sb On the Criminal Liability of Legal Persons and Proceedings Against Them
- Compliance management system as per the Section 8, subsection 5 of the On the Criminal Liability of Legal Persons and Proceedings Against Them
- The US Department of Justice
- A Resource Guide to the US Foreign Corrupt Practices Act, Second Edition
- The DOJ’s Manual to ‘Evaluation of Corporate Compliance Programs’
- Czech Prosecutor General’s Office
In July 2020, the US Department of Justice (the DOJ) and the US Securities and Exchange Commission (the SEC) released updated information and analysis regarding the Foreign Corrupt Practices Act (the FCPA) in its A Resource Guide to the US Foreign Corrupt Practices Act, Second Edition (the FCPA Guide). The FCPA Guide aims to provide detailed guidance for prosecutors, investigators and trade professionals, including companies of all sizes and FCPA advisers. While the FCPA Guide provides a general overview of how an effective compliance management system (CMS) should be set up and assessed in context of FCPA, the DOJ’s guidance concerning the ‘Evaluation of Corporate Compliance Programs’ (DOJ CMS Guidelines), published in June 2020, describes in detail how prosecutors should assess CMSs at companies that are under criminal investigation, assessing the extent to which the CMS was effective both at the time of the offence and at the time of a charging decision.
In the Czech Republic, companies can release themselves from criminal liability if they prove that they have implemented adequate measures (an effective CMS) that could have prevented the crime. Inspired (inter alia) by the DOJ CMS Guidelines, the Prosecutor General’s Office (PGO) issued non-binding internal guidelines for public prosecutors (Czech CMS Guidelines) in September 2018.
The concept of corporate criminal liability is still quite a new concept for both many white-collar crime practitioners and prosecuting authorities in the Czech Republic, and its non-conceptual implementation into law, has created room for many application difficulties. Also, certain specific Czech culture, political and social circumstances are important to understand in the context of corporate criminal liability.
Understanding the social and political environment
In 1989, the communist dictatorship that had ruled over the Czech Republic for over 40 years fell. The social reality of this period was not unlike under other communist dictatorships around the world. Critics of the regime were oppressed and incarcerated or forced to work in uranium mines. The police and prosecuting authorities focused their attention on the ‘enemies of the Communist Party’, who were judged in courts who were independent only on paper. After the regime fell, two particular characteristics remained in Czech society, which the reader should bear in mind while reading this chapter.
Communist politicians did a lot of talking before 1989. They referred to state-of-the art public services, professional labour and the abundancy of goods. The economy was based on five-year plans and the managers of companies were selected based on their allegiance to the Communist Party. As a sign of the times, these managers competed in reporting over-performance of these state-mandated plans. This contrasted with the day-to-day reality of empty shelves, long queues at stores and months-to-years-long waiting lists for public services. Consequently, Czech society developed a great distrust towards politicians and state authorities, towards the ‘tone from the top’ being set by managers (who were nothing more than apparatchiks) and towards any ‘paper’ rules or codes, since rarely anything that was set down on paper was sincerely implemented or adhered to in practice. The second effect was that people turned to the shadow economy, circumventing the rules whenever they could and engaging in widespread corruption (all of which became normalised behaviour). Needless to say that, even after the fall of communism, widespread systemic corruption and its interconnected relationship with politics were one of the major issues that the Czech Republic had to tackle for some time.
This social aspect of distrust is still present in society today, both among company employees (which should be noted when setting up any CMS) and among the police and public prosecutors, who are generally highly sceptical and suspicious of anything that any suspected individual or company says or submits. Self-reporting is not being regarded by the authorities as genuine compliance effort. Indeed, the general tendency is to think that people are bypassing the rules if they can and that anyone trying to cooperate must have some concealed interest for doing so.
Understanding the evolution of the Czech prosecuting authorities
During the Communist era, the police and prosecuting authorities were primarily selected based on their obedience to the regime and in many cases lacked any professional education or expertise. They were also tainted by the brutal conduct they showed against opponents of the regime. So, once the Communist Party fell, the police and prosecuting authorities were restructured and their personnel replaced. In addition to the police and the public prosecuting authorities, legislation also needed to be built from scratch. Given the magnitude of the changes required, this rebuilding naturally took a considerable length of time and is still ongoing.
With corporate criminal liability introduced into Czech law as recently as 2012 (the Act on Corporate Criminal Liability), there was a marked lack of expertise, experience, methodologies and often resources for conducting investigations into corporations, in particular large or even global corporations. As Czech criminal law was focused historically solely on individuals, there was naturally no experience with prosecution of companies. Even today, police still seem to primarily focus on individuals. Only few cases involve larger companies. Although the number of prosecution of companies are on rises since 2012, the prosecution of large-scale bribery cases is still very rare. There is almost no prosecution of foreign bribery.
Since 2016, cases of serious economic crime and incidences of organised crime have been investigated by the National Anti-Organised Crime Unit, a special police unit with nationwide authority, which is considerably more experienced in investigating companies than local units. However, criminal offences under a certain threshold will still be investigated and prosecuted on a local level, where the term ‘compliance management system’ will not generally be understood. However, there is a visible trend of increase of number of prosecuted companies (from 85 companies sentenced in 2013 to 439 in 2019). Most focus is in areas involving public funds and subsidies (Czech or European) and public tenders.
Corporate criminal liability under Czech law
The Act on Corporate Criminal Liability failed to interconnect properly with the criminal codes and had to be amended on several occasions soon after its publication. Its hastiness and conciseness caused much confusion over different points of criminal proceedings, which would have to be resolved by practice and case-law, with no guidelines whatsoever.
The act introduced strict corporate criminal liability, a form of corporate criminal liability that depends solely on the actions and intention of the perpetrator, all the while remaining independent from and concurrent with the criminal liability of the perpetrator. A company would become automatically criminally liable for any crimes that could be attributable to it. Attributable crimes could be almost any crime set out in the criminal code that was committed by a broad range of personnel (managers, employees, board members, shadow directors) stipulated in the act. At that time, companies could not even use compliance defence. In 2016, section 8, subsection 5 was inserted into the act:
A legal person can release itself from liability if it shows that it made every reasonable effort that could be justifiably required of it to stop the crime from being committed.
Although many legal academics criticised the wording for being vague and unclear in meaning, the sentence nevertheless laid the foundation for a compliance defence – for companies to release themselves from criminal liability if they can argue that they have an effective CMS in place.
Compliance management systems under Czech law
No explanations, guidelines or procedures as to what exactly an effective CMS was were provided for the public. Therefore, the PGO published the Czech CMS Guidelines (Application of section 8, subsection 5 of the Act on Criminal Liability of Legal Persons and Proceedings Against Them).
The Czech CMS Guidelines were inspired by the DOJ CMS Guidelines, but also refer to other international resources such as the UK Anti-Bribery Guidelines and compliance standards ISO37001 and ISO19600. They are an internal document that is intended to be used as non-binding guidelines by public prosecutors. Among other things, it outlines:
- how companies should set-up their CMS;
- what a CMS should contain;
- what public prosecutors should look for during investigations and prosecution; and
- how a CMS should be evaluated in criminal prosecutions.
Although conceived for internal reference by public prosecutors, it is used by both public prosecutors and the courts, and is also referred to by practitioners (simply because there are no other guidelines). The Czech CMS Guidelines were substantially amended in 2018 and a new version was published in November 2020, featuring structural and technical amendments and references to the latest update of the DOJ CMS Guidelines, released in June 2020.
Understanding differences between the DOJ CMS Guidelines and the Czech CMS Guidelines
The DOJ CMS Guidelines and Czech CMS Guidelines show certain similarities in approaches and content, but the use and impact differ considerably because of major differences of legal systems they are embodied in.
The DOJ CMS Guidelines – a piece of the puzzle in a comprehensive justice manual
To best demonstrate their different purposes and position within their legal systems, we should think of the DOJ CMS Guidelines as a ‘tiny piece of a puzzle’ included in the DOJ’s manuals, containing considerable resources provided by the DOJ and complementing the FCPA Guide and other FCPA resources. These, together, form a comprehensive, coherent and transparent description of the work of the prosecution, their processes and the thinking behind them (the puzzle). Because the DOJ’s manuals are thorough and interconnected, companies and professionals can essentially follow the whole thought process of prosecutors and, with a relatively high degree of certainty, can understand what is expected from them, what they can expect to happen and when. Some critics have even pointed out that, so transparent is this process, companies can include certain crimes in their business plan, since they can be almost 100 per cent certain of how any conduct will be classified and they can quantify the fine that would result from the conduct being prosecuted.
The Czech CMS Guidelines – a standalone document
On the other hand, no such ‘justice manual’ or comprehensive set of guidance documents exists in the Czech Republic. The Czech law system is based in the continental system of codified law. The PGO (or any other public body) does not have any formal authority to publish any binding guidelines and even trying to make any general interpretations of the law might be seen as interfering in the balance of powers.
Referring back to the Czech CMS Guidelines, they should be seen as a ‘one-piece puzzle’ created by the PGO for the sole purpose of giving public prosecutors at least some explanation and guidance to section 8, subsection 5 of the Act on Corporate Criminal Liability, and how it is being seen by the Czech prosecution. Although they provide similar information as the DOJ CMS Guidelines, with a similar level of detail, they are not interconnected with any other act, guidelines or even other statutes in the same act. Thus, it is much harder for the companies to predict how will prosecuting authorities behave, how they will investigate the company or whether they will reward self-reporting in any way.
The Czech CMS Guidelines in detail
The proclaimed purpose of setting out section 8, subsection 5 is to avoid penalising companies that are properly managed and to motivate them to set up an effective CMS that will at least minimise the risk of a crime being committed.
One common misunderstanding among companies is that the Czech CMS Guidelines are a kind of CMS ‘compliance defence cookbook for companies’. According to this line of thinking, the more measures from the Czech CMS Guidelines the companies (formally) implement, the better their chances of escaping prosecution and sanctions. But this is not the case. Czech CMS Guidelines are not meant to be used by companies for creating their CMS. Their purpose is to provide prosecutors (most of whom, as mentioned above, might have never prosecuted companies) with a general but insightful information about what a CMS is and how to evaluate its implementation by the companies.
Risk analysis – the essential part
The fundamental and first step in setting up an effective CMS is risk analysis. Each company must first ascertain the main risks (internal and external) that they are exposed to and must then adapt the CMS based on these internal and external risks. Given the effort required to create a comprehensive and functional CMS, a risk-based approach should be emphasised. The company should classify each risk based on its severity and start to address with the biggest risks. First, the company should be able to document and explain the methodology that it used for its risk analysis and for all updates and reassessments of its analysis, as the structure and level of risks change over time. Prosecuting authorities will also want to see how often the risk analysis has been redone and why.
Suiting CMS to a specific company
There is no ‘one-size-fits-all’ template or format for CMSs. The Czech CMS Guidelines emphasise functional perspective. A functional and effective CMS is one that is suited to the specific environment of each organisation. In particular, it should take into account:
- the size of the organisation;
- regulatory complexity;
- the internationality and nature of the company;
- the sociocultural and environmental environment;
- technological maturity;
- the economic situation;
- the risk profile; and
- market environment of the legal entity.
In each case, the legal entity must be able to explain why it has opted for the measures it has implemented. In particular, each company should be able to answer questions from prosecuting authorities, such as how could this measure mitigate this crime or why did you choose this measure instead of another one? Resources allocated to mitigate the risks should be proportional to the size and the risk profile of the company.
Unlike the DOJ CMS Guidelines, the Czech CMS Guidelines specifically note that a CMS cannot be effective if it is the CMS of the parent company that has merely been implemented at the local subsidiary without any local risk assessment or adaptation. Czech CMS Guidelines highlights the responsibility of executive bodies or managing directors of individual companies registered in the commercial register, regardless of whether their internal position in the global company is on the level of the lower management. These bodies have the managerial duty of care to know what is happening in the company and to take the necessary measures to prevent damage to the legal person they represent.
The core cycle: prevention–detection–reaction
It is not enough for a CMS to be established. It must be constantly monitored and updated to remain to be able to tackle new compliance risks. Preventive measures aimed at minimising the risks of any misconduct identified in the risk analysis should be complemented both by detective measures designed to detect any such misconduct if breaches take place and by reactive measures that will subsequently improve the preventive measures that were originally breached.
Core behavioural principles should be binding on all persons whose conduct might be attributable to the company and attached to an employment or other contract. Higher-risk employees, managers and subcontractors should be bound by special codes and procedures that are stricter and suited to specific risks. Employees and other relevant persons should be familiar with these principles, be trained in them and be regularly tested on them. Higher risk business partners and key personnel should be hired only after background checks and other appropriate steps (eg, mitigation of conflict of interests) have been carried out. Higher-risk business partners should be monitored and audited.
Basic detective measures include an independent and confidential whistleblowing policy, the ‘four-eyes’ principle, regular audits and internal investigations. Although these are some of the most important measures (as there are still prosecutors who do not consider a CMS to be effective if a crime occurred), companies, nevertheless, tend to underestimate them. There are still many companies where the non-anonymous whistleblowing hotline goes straight to the director’s office, where the ‘four-eyes’ principle is based on the first eyes simply clicking ‘yes’ in the internal programme or where audits focus on accounting only. Companies need to explain to the prosecuting authorities how these measures could detect misconduct and the misconduct that occurred was only possible because of its sophistication.
How does the company react to misconduct? How does the company improve the CMS after it has detected any non-compliance or unmitigated risk? The worst-case scenario tends to be that the company has never reacted to anything (either because it has not enforced the CMS or simply because it has never detected any non-compliance). The company must react with zero tolerance to any non-compliant event and should, every time, conduct root cause analysis for each misconduct that it discovers, all to be able to effectively improve the CMS.
Conduct from the top
For a CMS system to be effective, support from the company’s management is essential. The Czech CMS Guidelines shift the emphasis from the tone from the top (which, in practice, often meant only routine signatures by the management on compliance documents or mass emails). This will not be enough in itself and clear support from management will be sought, along with the adoption of a role-model attitude and zero tolerance for any breach. Prosecuting authorities will look particularly closely at the role of this or that manager (most often, the supervisor of the offender), at his or her attitude, or at whether they have engaged in the misconduct. Employees of the company will most likely be interviewed by prosecuting authorities to answer these questions.
Assessment of the CMS by Czech prosecuting authorities
The Czech CMS Guidelines also demonstrate how prosecuting authorities should assess CMS and the necessary steps the prosecuting authorities should take when assessing CMSs.
It should first be noted that the prosecuting authorities will assess the CMS according to their own best judgement (the Czech CMS Guidelines are non-binding for them). Also, the law provides no automatic benefits for use of any CMS certifications or audits. Although many companies use several professional certified auditors to claim that they are ISO37001 or ISO19600 certified, this will not help the companies per se, but will be considered as an relevant effort when evaluating the compliance culture environment of the company.
Prosecuting authorities will look at the complexity of the measures and whether they seem suitable and sufficient in context of the company. They will conduct their own, briefer, risk analyses of the company and will weigh up the measures taken against the company’s risk profile. Primarily, each measures will be assessed as to whether it was set up in a way that effectively prevents and mitigates risk. They will very closely look at the company culture to see whether the CMS has been truly implemented and whether it was trusted. They will also want to see how the company measures effectiveness of the CMS.
Generally, prosecuting authorities assess the company’s CMS through three different lenses.
- CMS in relation to the crime committed.
- How does the company’s CMS work in general?
- How does the company fulfil other obligations?
One of the most important things is to have as complete documentation as possible. Prosecuting authorities will interview relevant personal from the company with the focus on those who have been in charge with compliance, but all too often companies with an surprisingly effective CMS in place struggle to provide physical evidence of this. Relevant employees leave, emails are lost or documents might even be binned when moving out of an office. Companies must remember that they might need to provide evidence of a working CMS up to five to eight years after misconduct has occurred. This not only refers to core documents (Code of Conduct, trainings, risk analysis, etc), but also to underlying documentation that explain rationales and decision-making processes, such as email threads and minutes of management meetings.
Cooperation with prosecuting authorities
The DOJ tries to incentivise companies to cooperate, disclose and report misconduct. In May 2019, the DOJ clarified that under its revised policy, a company seeking coperation credit is expected to disclose ‘all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved’ in the misconduct (excluding the product of attorney–client work). The early and full cooperation of companies might be rewarded through a substantial reduction in fines and the avoidance of prosecution. Prosecutors are willing to cooperate with companies that are motivated to disclose and share as much information as possible to get the full credit.
One of the motivations for companies to cooperate with the DOJ is (apart from impeding high sanctions and reputational damage) their trust in the underlying system and clearly stipulated incentives for the cooperation. As they know what to expect and can trust the outcome, full cooperation is in most cases a sound business decision.
The DOJ’s approach and practice greatly contrasts with that adopted in the Czech Republic. Companies are not incentivised by the law to reach a decision to self-report and cooperate with prosecuting authorities. Unlike the judge who can consider provisions on mitigating and aggravating circumstances, a public prosecutor can only decide that a company has released itself from criminal liability because it had an effective CMS in place. But this is in the sole discretion of the public prosecutor and there are no automatic benefits or cooperation credit. Therefore, a company cannot be certain about any benefits should it decide to cooperate, share information or report misconduct, and, at the end, the case will almost certainly be decided by an independent judge whose view on the matter might be quite different from the one of the public prosecutor.
Submission of documents and self-reporting
Yet companies can decide to cooperate in any case (after all, the Czech CMS Guidelines consider willingness to cooperate with prosecuting authorities to be a sign of a working CMS). However, cooperation in the Czech Republic is difficult for two reasons. First, the prosecuting authorities generally do not want to vary from the formally correct procedure under criminal law, which does not regulate for cooperation in general; indeed, public prosecutors often refer companies to formal instruments that are highly impractical (formal testimonies, admission of guilt, etc). And, secondly, because prosecuting authorities are extremely distrustful, convincing them that an honest attempt to cooperate is being made can be even more difficult.
The DOJ explicitly excludes any documentation protected under the attorney–client privilege. In the United States, cooperating companies will still get full credit for cooperation even if they refuse to handover protected documents. In the Czech Republic, there is no concept of attorney–client privilege. Cooperating companies in the Czech Republic must handover any relevant documentation unless it is protected by special laws.
Instead of the attorney–client privilege, there is a confidentiality obligation of attorneys. The only protected documentation in this respect (eg, a report from the internal investigation) is the work-product located in the office of a registered attorney. To have the status of an attorney, attorneys must meet the requirements laid down by the Advocacy Act (companies’ inhouse counsel are not regarded as attorneys under Czech law). For legal privilege to be preserved, any engaged third parties must be subcontracted by the attorney and work directly for the attorney.
Settlements – not used in the Czech Republic
One of the biggest differences between the DOJ and Czech prosecutors (which companies often find unbelievable) is the system and practice of settlements. Take an example of FCPA trials, which are extremely rare in the United States. Cases do not often make it to court as companies resolve charges with the prosecution. A combination of, on the one hand, a well-established practice and coherent body of trustworthy DOJ manuals and, on the other, reputational and monetary concerns of companies have evolved into a system where cooperation and negotiating with the prosecution is standard practice. The tendency to resolve charges efficiently has gone so far that DOJ prosecutors have sometimes been described as overly cooperative and lacking any deterrent for future criminal activity.
Czech prosecutors stand at the other end of this spectrum. A tiny percentage of cases are resolved out of court. A Czech out-of-court resolution system exists, but it was not designed for companies (or, at least, has never taken the prosecution of companies into account) and has essentially been constructed for prosecuting individuals. Although there are instruments that can be used by companies, the practical technicalities of doing so were omitted when corporate criminal liability was introduced into legislation and so they remain unsuitable for companies. The few leniency policies that exist are limited to tax offences, among few others. Leniency for other crimes such as corruption does not apply to companies.
As things stand, a guilt and sanctions agreement made between the offender and the public prosecutor is the only out-of-court resolution that has been used in practice. However, consider that this instrument has so far only been successfully used in 1.5 per cent of the cases (around 70 per cent of the draft agreements were refused by courts, which sometimes insist on prosecuting some of the crimes in public interest). The offender needs to admit to his or her guilt and agree to sanctions that will then have to be confirmed by a court. The biggest downside of this instrument is that the company must admit the guilt, which not only entails reputational damage but might also preclude the company from participating in public tenders.
Summary and ending notes
The Czech CMS Guidelines are considered by attorneys, companies and prosecuting authorities to be quite a large step ahead of their time. So far ahead of other aspects of Czech criminal law, in fact, that it might take a while for the practice to catch up.
Companies who are acquainted with the DOJ CMS Guidelines will not be surprised by content of the Czech CMS Guidelines as they are largely inspired by relevant international standards and guidelines. But they should also be aware of their downsides and bear in mind that the biggest differences is how they link in with criminal law and practice. The primary purpose of Czech CMS Guidelines, which has not yet been achieved, is to educate public prosecutors about companies’ compliance management systems and to unify their approach towards them. But, as the Czech law does not provide for any cooperation credit nor practical out-of-court resolutions suitable for companies, predicting prosecuting authorities’ steps or outcome of cooperation and self-reporting is especially difficult.
As a result, companies rarely cooperate with prosecuting authorities and self-reporting is uncommon because the only way to resolve the matter out of the court is to admit guilt. This is currently debated by the Organisation for Economic Co-operation and Development and International Bar Association who strive to convince national legislators to establish a predictable system and procedure of out-of-court settlements for companies to incentivise them to report misconduct without fear.
 Accessible at https://www.justice.gov/criminal-fraud/page/file/937501.
 See Act no. 418/2011 Sb , on the Criminal Liability of Legal Persons and Proceedings Against Them, Section 8 subsection 5.
 Accessible at the webpage of the Czech Prosecutor General’s Office at https://verejnazaloba.cz/wp-content/uploads/2020/11/Metodika-NSZ-k-%C2%A7-8-odst.-5-ZTOPO-2020.pdf.
 When we use the term ‘prosecution authorities’, we mean the public bodies that conduct the criminal investigation and prosecution (excluding courts). Most often, the police investigate crimes and public prosecutor supervises and instructs the police (or can at any time take over the investigation). Other units can investigate crimes in specific situations (eg, the General Inspection of Security Forces investigates crimes of the police).
 In a survey from 1989, 52 per cent of respondents admitted that they had bribed someone one or more times during the past year.
 Corruption and Anti-Corruption endeavours are regularly assessed by several international organisations whose member is the Czech Republic. Even in 2014, the Czech Republic was still perceived as having major problems with widespread corruption, nepotism and patronage (See report at https://ec.europa.eu/home-affairs/what-we-do/policies/organized-crime-and-human-trafficking/corruption/anti-corruption-report_en). Serious insufficiencies were also found by GRECO’s fourth round of evaluation its anti-corruption recommendations from 2019 (see at https://www.coe.int/en/web/greco/-/czech-republic-publication-of-the-interim-compliance-report-of-fourth-evaluation-round.
 Act No. 418/2011 Sb , On the Criminal Liability of Legal Persons and Proceedings Against Them.
 Available at the annual report of the Czech Prosecutor General’s Office, available at https://verejnazaloba.cz/nsz/cinnost-nejvyssiho-statniho-zastupitelstvi/zpravy-o-cinnosti/zprava-o-cinnosti-za-rok-2019/ . In January 2020, one of first potentially hallmark decision was taken by the court regarding one of the largest bribery cases in which the company Metrostav’s CMS was considered in more detail. Metrostav, one of the biggest construction companies in the Czech Republic and which primarily works for state, was banned from public tenders for three years for influencing public tenders with a value of tens of millions of US dollars.
 Act no 40/2009 Sb, Criminal Code, which sets out conditions for the criminal liability and individual crimes.
 By the Act no 183/2016 Sb.
 Please note that the term ‘compliance management system’ was introduced to the Czech law by the Czech CMS Guidelines for the purposes of criminal defence according to the section 8, subsection 5 of the Act on Corporate Criminal Liability.
 First version of the methodology accessible at https://verejnazaloba.cz/wp-content/uploads/2020/01/Aplikace-%C2%A7-8-odst.-5-ZTOPO.-Pr%C5%AFvodce-novou-pr%C3%A1vn%C3%AD-%C3%BApravou-pro-st%C3%A1tn%C3%AD-z%C3%A1stupce.pdf.
 For some of the relevant examples, decisions of the Czech Supreme Court, which referred to the Czech CMS Guidelines, can be provided: Decision No. 6 Tdo 1332/2018, 3 Tdo 329/2018 or more recently the decision of the regional court in Prague for the hallmark Metrostav case, No. 4 T 42/2016.
 Last version from November 2020 accessible at the webpage of the Czech Prosecutor General’s Office, https://verejnazaloba.cz/wp-content/uploads/2020/11/Metodika-NSZ-k-%C2%A7-8-odst.-5-ZTOPO-2020.pdf.
 Accessible at https://www.justice.gov/criminal-fraud/page/file/937501 Accessible at https://www.justice.gov/criminal-fraud/page/file/937501.
 See, eg, the statement from Assistant Attorney General Leslie R Caldwell on 17 April 2015, accessible at https://www.justice.gov/opa/speech/assistant-attorney-general-leslie-r-caldwell-delivers-remarks-new-york-university-law.
 Although there are discussion at the Czech Prosecutor General’s Office that the Czech CMS Guidelines should have a section dedicated to concerns and multinational companies, this has not yet been implemented.
 See https://www.justice.gov/opa/pr/department-justice-issues-guidance-false-claims-act-matters-and-updates-justice-manual and 4-4.112 - Guidelines for Taking Disclosure, Cooperation, and Remediation into Account in False Claims Act Matters in the Justice Manual at https://www.justice.gov/jm/jm-4-4000-commercial-litigation#4-4.112.
 See eg, Justice Manual’s Principles of Principles of Federal Prosecution Of Business Organization, part 9-28.710 – Attorney–Client and Work Product Protections at https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations.
 Act no. 85/1996 Sb. On Advocacy.
 Attorneys are only lawyers registered with the Czech Bar Association or ‘European Attorneys’ pursuant to European Union Law. European Attorneys are those recognized as attorneys in their home state in the European Union or Switzerland. Confidentiality obligation also binds attorney’s employees and others working together with the attorney in connection with the provision of legal services.
 See eg, interesting summary: Getting DPA Review and Rejection Right by Elizabeth Daniels, accessible at https://cpilj.law.uconn.edu/wp-content/uploads/sites/2515/2018/10/16.1-Getting-DPA-Review-and-Rejection-Right-by-Elizabeth-Daniels.pdf.
 According to Act no 141/1961 Sb. on Criminal Procedure, Section 175a.
 And even in those cases, the relevant companies are very likely very small entities with several employees. For details see the annual report of the Czech Prosecutor General’s Office, available at https://verejnazaloba.cz/nsz/cinnost-nejvyssiho-statniho-zastupitelstvi/zpravy-o-cinnosti/zprava-o-cinnosti-za-rok-2019/.