2022-06-17

Introduction

The Portuguese Government approved a set of measures, including a general framework for preventing corruption. This happened under the National Anti-Corruption Strategy 2020-2024, approved by the Council of Ministers Resolution No. 37/2021, of 6 April 2021.  

Decree-Law No. 109-E/2021, of 9 December 2021, approved the Portuguese Framework for the Prevention of Corruption (the Portuguese Anti-Corruption Framework) and created an independent administrative entity, the National Anti-Corruption Mechanism (MENAC). MENAC replaced the Council for the Prevention of Corruption to promote transparency and integrity in public action and ensure the effectiveness of policies to prevent corruption and related offences. 

The Portuguese Anti-Corruption Framework requires public and private entities with 50 or more employees to adopt a regulatory compliance programme, which must include: (i) a risk prevention or management plan, (ii) a code of ethics and conduct, (iii) training programmes, (iv) reporting channels and (v) the designation of a compliance officer ("Responsável pelo Cumprimento Normativo").

This regulation also determines the implementation of internal control systems that ensure the effectiveness of the instruments of the regulatory compliance programme and the transparency and impartiality of procedures and decisions. It also provides sanctions, particularly administrative sanctions, for the non-adoption or deficient or incomplete adoption of regulatory compliance programmes.

Having the adaptation of the entities covered by this framework in mind, it was established that it would come into force and gradually take effect as follows:

  • The Portuguese Anti-Corruption Framework comes into force on 7 June 2022; and
  • The sanctioning regime will take effect from 7 June 2023, except for companies with 50 to 249 employees, where it will take effect from 7 June 2024.

 

Corruption

No unequivocal definition of corruption exists. However, there is consensus that corruptive conduct involves the abuse of public power or service duties to benefit the third party against payment of a sum of money or any other benefit.

Articles 372 to 374-B of the Portuguese Criminal Code provide for crimes of undue receiving of advantage and corruption crimes.

Corruption crimes have essentially two outlines: active and passive corruption, depending on whether the perpetrator is, respectively, offering/promising or requesting/accepting an undue material or non-material advantage. Another critical difference is whether the action requested or performed is contrary to the service duties of the corrupted officer.

Corruption crimes in international trade and private practices (set out in Law No. 20/2008 of 21 April 2008, as well as those included in the Criminal Liability Regime for Anti-Sporting Behaviour, approved by Law No. 50/2007 of 31 August 2007) are also included in the concept of corruption, even when there is no abuse of public power or function.

It is essential to mention that in society, the concept of corruption has a broader meaning. It includes other crimes perpetrated in the performance of public duties, such as embezzlement, economic participation in business, extortion, abuse of power, prevarication, influence peddling or money laundering.

Corruption and related offences comprise the following criminal offences: corruption, receiving and offering an undue advantage, embezzlement, economic involvement in business, extortion, abuse of power, prevarication, influence peddling, laundering or fraud in obtaining or diverting a subsidy, grant or credit.

 

Regulatory Compliance Programme

The Portuguese Anti-Corruption Framework imposes the adoption of a regulatory compliance programme by:

  • Legal entities, including branches, headquartered in Portugal with 50 or more employees;
  • State, autonomous regions, local authorities and corporate public sector companies with 50 or more employees; and
  • Independent administrative entities with regulatory functions and the Bank of Portugal.

Entities, either public or private entities, that do not meet the above requirements are not exempted from implementing instruments for the prevention of risks of corruption and related infractions. These must be adjusted to their size and nature.

The regulatory compliance programme must include the following minimum mandatory instruments:

  • Risk prevention or management plans;
  • Code of Ethics and Conduct;
  • Training programmes and awareness actions;
  • Reporting channels; and
  • Appointment of a Compliance Officer (“Responsável pelo Cumprimento Normativo”), whose role is to ensure and monitor the implementation of the regulatory compliance programme.

This regime also determines the implementation of internal control systems and prior assessment procedures that ensure the effectiveness of the instruments of the regulatory compliance programme.

The board of directors is responsible for adopting and implementing the regulatory compliance programme.

Entities must implement the regulatory compliance programme until 7 June 2022.

 

Minimum Mandatory Instruments 

  • Code of Coduct: Document establishing a set of ethical and deontological principles, values, and rules that the organisation’s employees must comply with;
  • Risk Prevention Plan: Instrument of internal risk control and management, i.e., control and management of the possibility of occurrence of some events with a negative impact on the organisation's objectives;
  • Reporting Channel: An internal reporting channel for corruption must be managed with independence, impartiality and absence of conflicts of interest, and ensure secrecy, confidentiality and data protection;
  • Trainning Programme: To ensure all employees clearly understand and embrace policies and procedures that affect their duties and responsibilities; and
  • Compliance Officer: Responsible for ensuring and controlling the application of the regulatory compliance programme, namely by implementing, controlling and reviewing the risk prevention plan.

 

Prevention Plan for Corruption Risks and Related Offences

The Prevention Plan for Corruption Risks and Related Offences (Risks Prevention Plan) is an essential instrument of control and management of internal risk, i.e. of control and management of the possibility of occurrence of any event with a negative impact on the organisation’s goals.

A Risks Prevention Plan should cover the whole organisation and its activity, including administration, management, operational or support areas.

Corporate groups can adopt and enforce a single Risks Prevention Plan covering the entire organisation and activity of the group, including management, operational or support areas of the corporate group entities.

A Risks Prevention Plan must include:

  • Identification, analysis and ranking of risks and situations that may expose the entity to acts of corruption and related offences, including the ones associated with the performance of duties by the members of the management and administrative bodies, considering the reality of the sector and the geographical areas in which the entity operates;
  • Preventive and corrective measures to reduce the probability of occurrence and impact of the risks and situations identified.

It must also contain:

  • The entity's areas of activity with risk of engaging in acts of corruption and related offences;
  • The likelihood of occurrence and foreseeable impact of each situation, in a way that would make it possible grading of risks;
  • Preventive and corrective measures to reduce the likelihood of occurrence and impact of the risks and situations identified. In cases of high or maximum risk, the most comprehensive prevention measures, being enforcement the priority; and
  • Appointment of a person responsible for the implementation, control and review of the Risks Prevention Plan, which may be the Compliance Officer.

 

Enforcement Control of the Risks Prevention Plan

To ensure that new or existing risks are adequately addressed, the execution of the Risks Prevention Plan should be subject to a review of internal controls, particularly:

  • Preparation, in October, of an interim evaluation report on situations of high or maximum risk identified;
  • Preparation, in April of the following year, of an annual evaluation report that quantifies the degree of execution of the preventive and corrective measures and the expectation of their full implementation.

Entities must ensure that the Risks Prevention Plan and relevant reports are disclosed to employees through the Intranet and official Internet website, if applicable, within ten days from implementation, review or amendments.

Public entities have an additional reporting obligation. They must report the Risks Prevention Plan and relevant reports to the Government members responsible for their management, supervision or control; the inspection services of the appropriate governmental area; and to MENAC within ten days from implementation, review or amendments.

the Risks Prevention Plan must be reviewed every three years or whenever changes occur, for instance, changes in the entity’s articles of association or corporate structure.

 

Code of Conduct

The Code of Conduct includes a set of ethical and deontological principles, values and rules that govern an organisation's activity and by which the members of its management bodies and employees should abide in their internal relationships as well as with customers, suppliers and stakeholders.

The Code of Conduct does not have an inside limitation. It may also be addressed to third parties, i.e., entities outside the organisation but which are contracted by or act on behalf of the organisation, in cases where the organisation may be responsible for their actions or omissions, under the "principal/ commissioner" liability regime.

The Portuguese Anti-Corruption Framework expressly requires the Code of Conduct to include the disciplinary sanctions for failure to comply with the Code’s rules under the law and have criminal sanctions for acts of corruption and related offences. On the other hand, it is necessary to adopt a specific procedure if a violation occurs. In other words, a report must be drawn up identifying the rules infringed, the sanction applied, and the measures implemented or to be implemented.

The Code of Conduct must be disclosed through the Intranet and official Internet website, if applicable, within ten days from its implementation, review or amendments.

Public entities have an additional reporting obligation. They must report the Code of Conduct to the Government members responsible for their management, supervision or control; the inspection services of the appropriate governmental area, if any; and to MENAC within ten days from implementation, review or amendments. The communications will be carried out through an electronic platform managed by MENAC.

The Code of Conduct must be updated every three years or whenever changes occur, for instance, changes in the entity’s articles of association or corporate structure.

 

Internal Reporting Channels

The Portuguese Anti-Corruption Framework itself states that the adoption of internal reporting channels for acts of corruption and related offences falls within the Whistleblowing Directive (EU) 2019/1937, which was transposed by Law No. 93/2021, of 20 December 2021, into Portuguese law.

This means that corruption and related offences are also included in the scope of the breaches set out in the Portuguese Whistleblowing Law, and the whistleblower may benefit from the relevant protection once specific (cumulative) conditions are met, namely:

  • The reporting person is acting in good faith;
  • The reporting person has a serious reason to believe that the information is accurate at the time of the report or public disclosure;
  • The information relates to a covered breach, i.e., a reportable breach; and
  • The complaint is made through appropriate report channels.

Each entity is free to choose how to implement the reporting channel. Regardless of the means chosen, the confidentiality of the reporting person or anonymity (if requested by the reporting person) must always be ensured. Complaints may be made anonymously.

The reporting channel must ensure the possibility of the complaint being made:

  • In writing: by post, via one or more physical complaint boxes, or an online platform, e.g., on the Intranet or Internet; or
  • Verbally: via a telephone line or other voice messaging system; or
  • Both.

 

Follow-up on internal complaints

The follow-up to an internal complaint is subject to mandatory deadlines, namely:

  • Seven days: the entity will notify the reporting person on the receipt of the complaint and inform in a clear and accessible manner the reporting person of the requirements, competent authorities and means and admissibility of an external complaint;
  • Three months from the reception of the complaint: the entity will inform the reporting person of the measures envisaged or adopted to follow up on the complaint and why. Following the complaint, the entity will take the appropriate internal actions to verify the allegations contained in the complaint and, where necessary, to bring to an end the breach reported, including by opening an in-house investigation or informing the competent authority to investigate the breach;
  • 15 days after the respective conclusion: the reporting person may request, at any time, for the entity to communicate the result of its analysis of the complaint.

Within the scope of the reporting channels, it is advisable to adopt a whistleblowing policy with specific procedures for information, response and handling of complaints.

Internal reporting channels can be operated:

  • Internally, for the purpose of receiving and following up complaints, by persons or services within the organisation; or
  • Externally, for the purpose of receiving complaints on behalf of the organisation, e.g. by external whistleblowing platform providers, external consultants, auditors.

Of these two options, the use of an external entity may prove to be the most appropriate option, as the Portuguese law requires that the independence, impartiality, confidentiality, data protection, secrecy and absence of conflicts of interest of whoever is in charge of managing the channel and following up on complaints is guaranteed.

If, however, the organisation chooses to manage and follow up on complaints itself, it is recommended that at least an assessment by an independent third party is made to verify that all safeguards, including response times and prompt follow-ups with the reporting person, are met, failing which fines may be imposed.

 

Training and Awareness Programme

Internal training shall ensure that administrative, management and other employees know and understand the policies and procedures to prevent corruption and related offences. In this case, the training hours count as statutory training time provided by the employer to the employee.

The Portuguese Anti-Corruption Framework does not foresee specific content for training or time sessions.

Each organisation is responsible for defining the content of its training programme and developing the necessary training actions for employees according to a risk-based approach.

Training must be transversal, although the content must be adapted to the respective recipients.

Training should take into account the different exposure of the board of directors, senior management and other employees to the risks of corruption and related infractions.

Along with internal training actions, the promotion of awareness-raising actions, both internally and externally, is another component necessary for implementing a PCN effectively.

Each organisation must inform its employees and the entities with which it relates – in its supply chain – of the policies and procedures in force that must be complied with and the consequences of non-compliance.

 

Compliance Officer (Responsável pelo Cumprimento Normativo)

The Portuguese Anti-Corruption Framework establishes that the Compliance Officer must be in a senior management position or equivalent. However, it does not determine what specific qualifications RCNs should have for performing their duties. However, we anticipate that they should be appointed based on their professional qualities and, in particular, their expertise in law and compliance practice.

The Compliance Officer is not a new “role". The Portuguese Anti-Money Laundering Law (Law 83/2017, of 18 August) expressly provides for the designation of a Compliance Officer in anti-money laundering and terrorist financing measures. Similarly, the Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR).

Although the Portuguese Framework does not establish the specific duties of the Compliance Officer, unlike what the Portuguese Anti-Money Laundering does, regarding money-laundering prevention, and GDPR for the Data Protection Officer (DPO), the Portuguese Anti-Corruption Framework imposes that the exercise of the Compliance Officer duties is performed independently, permanently and with decision-making autonomy. RCN must also have the internal information and human and technical resources necessary for the proper performance of their duties.

The question may arise whether the Compliance Officer for anti-money laundering or DPO can also act as the Compliance Officer for the Portuguese Framework. The answer to this question is not universal since it can depend, among other things, on the size and structure of the organisation itself and the procedures in place. If the entities covered are in a group relationship, the Portuguese Anti-Corruption Framework expressly states that a single person responsible for regulatory compliance can be appointed.

Although not legally specified, the Compliance Officer duties can be allocated to a team, but there should be a specific interlocutor with employees and competent authorities.

 

Internal Control and Prior Assessment Procedures

The entities covered, public and private, must implement an internal control system, which should include, among other things, the organisation plan, policies, methods, procedures and good control practices that consider the main corruption risks identified in the Risks Prevention Plan.

The internal control system must be proportionate to the nature, size and complexity of the entity and its business and be based on adequate risk management, information and communication models. The internal control system must also be supported by procedures manuals.

The implementation of the internal control system should also be subject to regular monitoring through random audits, with the results and conditioning factors being reported upstream, and the adoption of the necessary corrective or improvement measures.

The internal control system must be fit for preventing or repairing situations of conflict of interest :

  • In public entities, members of the administrative bodies, managers and employees must sign a declaration of absence of conflict of interests (form to be defined) in procedures in which they intervene relating to: (i) public procurement; (ii) granting of subsidies, subventions or benefits; (iii) urban, environmental, commercial and industrial licensing; licenciamentos urbanísticos, ambientais, comerciais e industriais; (iv) sanctioning procedures. In a case of a potential or existing conflict of interest, they must also disclose the issue to their manager or, in their absence, to the Compliance Officer.
  • In private entities, prior risk assessment procedures should be established in relation to third parties acting on their behalf, as well as suppliers and customers. To identify situations of conflict of interest, these procedures must be suitable for the title of beneficial owners, image and reputation risks and commercial relations with third parties.

 

Penalties

Very Serious misdemeanour

FINES FROM € 2.000 TO € 44.891,81 (LEGAL PERSONS) OR UP TO € 3.740,98 (NATURAL PERSONS)

  • Failure to adopt of implement a Risk Prevention Plan or if the adopted/ implemented Plan lacks any of the required elements; 
  • Failure to adopt a Code of Conduct or to adopt a Code that does not take into account the criminal norms regarding corruption and related offences or the risks of the Entity's exposure to these crimes; and
  • Failure to implement an Internal Control System.
Serious misdemeanour
 

FINES FROM € 1.000 TO € 25.000 (LEGAL PERSONS) OR UP TO € 2.500 (NATURAL PERSONS)

  • Failure to draw up control reports over the Risk Prevention Plan;
  • Non-revision of the Risk Prevention Plan or the Code of Conduct;
  • Failure to publicise the Risk Prevention Plan or the Code of Conduct and monitoring reports to employees; 
  • Failure to communicat the Risk Prevention Plan or the Code of Conduct and/ or control reports;
  • Failure to report in case of breach of the Code of Conduct or incomplete reporting.
 

Liability 

Liability for the perpetration of administrative offences lies upon:

  • Legal persons, when the acts are carried out by the members of their bodies, agents, representatives or employees in the performance of their duties or in their name and on their behalf. When the agent acts against the explicit orders or instructions of the legal persons or similar entities, their responsibility is excluded;
  • Owners of managerial bodies or managers, the person responsible for regulatory compliance and those responsible for the management or supervision of the areas of activity in which the administrative offence is committed when they engage in the acts or when, knowing or having knowledge of the acts, they do not adopt measures to put an end to them.

Directors or managers of legal persons or equivalent entities are alternatively liable:

  • For the payment of fines imposed prior to the beginning of the term of office when they are accountable for the insufficiency of assets for payment; or
  • For payment of fines imposed prior to the beginning of the term of office but where the final decision is only notified during the term of office and non-payment is attributable to them.

When several persons are liable to pay the fines, they are jointly liable.

 

If you wish to learn more, please download the PDF below. 

2022-06-15

Introduction

Law 19/2012, of May 8, 2012 (the “Competition Law”), which entered into in force on July 8, 2012 and repealed the former competition law, Law 18/2003, of June 11, 2003, establishes merger control rules applicable to concentrations having effects in Portugal.

The Competition Law brought relevant changes on merger control rules, particularly by (i) putting the merger substantive test in line with the Significant Impediment of Effective Competition (“SIEC”) test of the European merger rules; (ii) changing the turnover thresholds required for the notification to the Portuguese competition authority (Autoridade da Concorrência – the “Competition Authority”), including adding a new de minimis market share notification threshold, (iii) deleting the previous notification deadline, and (iv) amending some deadlines applicable to the merger procedure.

In order to prevent the risk of competition restrictions, the Competition Authority exercises control over planned concentrations with effects in the national market.

A concentration is the legal combination of two or more undertakings, by the merger between two or more undertakings or by the control acquisition, directly or indirectly, of the whole or parts of one or several other undertakings.
Following an assessment phase, the Competition Authority may approve the concentration, including upon the application of remedies to be carried out by the undertakings, or prohibit the transaction insofar as it creates significant impediments to effective competition in the national market, particularly in case of creation or reinforcement of a dominant position in the national market.

Undertakings that execute concentrations which have been suspended or prohibited by the Competition Authority may be subject to fines and the legal acts related to the transaction could be declared null and void. The maximum amount of the fine could be 10% of the aggregate annual turnover of the associated undertakings that have engaged in the prohibited behavior.

This paper reviews some of the most important legal aspects regarding merger control rules in Portugal.

 

Powers of the Competition Authority

The Competition Authority is an independent authority with financial autonomy, which was created in 2003 by Decree-Law 10/2003, of January 18, 2003. The role of the Competition Authority is to conduct the enforcement of the competition rules in Portugal with a view to ensuring an efficient market performance and a fair division of the resources and to protect the interests of the consumers under the market economy and free competition principles.

In contrast to antitrust practices, for which the Competition Authority is empowered to apply the Competition Law in parallel with European competition rules whenever an impact on trade between Member States exists; in merger control, the Competition Authority may only take action against concentrations to the extent that the relevant merger thresholds, as set out in Council Regulation (EU) 139/2004, of January 20, 2004 (the EU Merger Regulation), are not met. There is however a referral mechanism that allows the Competition Authority and the European Commission to transfer the case between themselves, both at the request of the involved undertakings and of the Competition Authority, in order for the undertakings to benefit from a one-stop-shop review.

The powers of the Competition Authority include:

  • The power to investigate any practices that may infringe the national and the European Union competition rules, to conduct the required procedures and to decide on the applicable sanctions, if any;
  • The power to decide on the compatibility of undertakings’ agreements with the competition rules and to conduct the applicable administrative procedures;
  • The power to review and decide on merger transactions and to conduct the applicable administrative procedures; and
  • The power to approve regulations on competition issues as well as codes of conduct and manuals of corporate good practices.

 

Notification thresholds

The Competition Law does not establish a specific deadline for the filing of a notification. Transactions subject to notification may not be however completed before clearance from the Competition Authority.

The notification is required to the extent one of the following thresholds is fulfilled:

  • Turnover threshold: the aggregate net turnover obtained in Portugal by the undertakings involved in the transaction (“Participating Undertakings”) exceeds €100 million in the preceding financial year (after deduction of taxes directly related to turnover), provided that the turnover individually obtained in Portugal by at least two of the Participating Undertakings exceeds €5 million; or
  • Standard market share threshold: the transaction leads to the acquisition, creation or reinforcement of a market share of equal to or above 50% of the national relevant market, or in a substantial part thereof; or
  • “De minimis” market share threshold: the transaction leads to the acquisition, creation or reinforcement of a market share equal to or above 30% and less than 50% of the national relevant market, or in a substantial part thereof, provided that the net turnover individually obtained in Portugal by at least two of the Participating Undertakings exceeds €5 million in the previous financial year.

Merger transactions may be subject to a preliminary assessment within at least fifteen working days prior to the notification of the transaction to the Competition Authority. This preliminary procedure aims to promote informal and confidential discussions on any proposed transaction with the Competition Authority. Typically, this preliminary procedure is made through one or more meetings with the Competition Authority and subsequent additional information requests. The preliminary procedure may, in practice, entail a reduction in time for the assessment of the transaction by the Competition Authority, as it may prevent that the notification form includes incomplete information and it may reduce any additional information requests by the Competition Authority. The preliminary procedure does not, however, imply the taking of a decision by the Competition Authority concerning the compliance of any transaction with the competition rules.

 

Merger control procedure

The merger control procedure is very similar to the review procedure set out in the EU Merger Regulation and relevant implementing regulation.

After the filing of the notification, which becomes effective after the Competition Authority receives payment of the relevant fees and insofar as the notification is complete, the Competition Authority publishes a summary of the notification on its website and in two national newspapers within five days, so that any interested third parties may present their comments or objections to the proposed transaction.

Within thirty working days from the date the notification becomes effective, the Competition Authority must complete the evidence taking proceeding and decide (Phase 1):

  • That the concentration is not subject to mandatory notification;
  • Not to oppose to the transaction; or
  • To initiate an in-depth investigation, if it considers that from the transaction, taking into account the evidence gathered, may result significant impediments to effective competition.

The in-depth investigation phase (Phase 2) may not exceed ninety working days from the notification date, which means that the deadline of Phase 2 already comprises the deadline of Phase 1 and, in practice, is of sixty working days.

In Phase 2, the Competition Authority must decide:

  • To authorize the transaction unconditionally;
  • To authorize the transaction subject to the fulfilment of certain commitments by the parties; or
  • To prohibit the transaction, in case it creates significant impediments to effective competition in the national market or in a substantial part of it – the so-called “Significant Impediment to Effective Competition”, SIEC test.

In case the Competition Authority fails to adopt a decision within ninety days from the filing date of the notification, the transaction will be deemed as approved.

Both clearance or prohibition decisions may be subject to appeal to the Competition, Supervision and Regulation Court (Tribunal da Concorrência, Regulação e Supervisão) created in 2011. The Competition Authority’s decision that prohibits the transaction may be also subject to an extraordinary appeal to the Minister of Economy.

 

Consequences for breach of merger control rules

The Competition Authority will prohibit any operations that create significant impediments to effective competition in the national market or in a substantial part of it – the SIEC test –, particularly whether the impediments result from the creation or the reinforcement of a dominant position in the internal market. The Competition Authority will be responsible for defining the criteria for the existence of a dominant position based on the precedents set by the European case law.

In general terms, an undertaking will be deemed to have a dominant position in the relevant market if it dominates the market and has no relevant competitors. Two or more undertakings operating jointly in the relevant market and having no relevant competitors will be also deemed to hold a dominant position in such market. Conversely, concentrations, which do not create a SIEC in the national market (or in a substantial part of it), are allowed and will be approved by the Competition Authority.

Failure to notify the Competition Authority (whenever the notification thresholds are met) or the completion of a transaction in breach of a decision issued by the Competition Authority refusing to approve the transaction or approving the transaction with remedies, may entail the parties to severe consequences, as follows:

  • A fine up to 10% of the previous year’s turnover for each of the involved undertakings;
  • Periodic penalty payments, in an amount not exceeding 5% of the average daily aggregate turnover of the undertakings in the preceding year to the Competition Authority’s decision for each day of failure; and
  • All legal acts related to the transaction are null and void to the extent that they are in breach of the Competition Authority’s decision. If the transaction has already been completed, the Competition Authority may order to perform the measures required for the re-establishment of effective competition in the market including, but not limited to, the splitting of the merged undertakings or the transfer of control over the acquired undertaking or business units thereof.

If you wish to find out more, please download our PFD down below. 

2022-06-08

The General Data Protection Regulation is directly applicable in all EU Member States since May 25, 2018 and it has certainly been the most significant global development in data protection laws across all EU Member States since the "Data Protection Directive".

The GDPR has a global scope, as businesses based outside the EU that offer goods or services to individuals in the EU may be required to comply with the GDPR.

The risk of fines up to 4% of annual worldwide turnover or €20 million is surely a strong incentive for companies to comply with the GDPR.

For entities to better comply with the GDPR, we present and analize a seven step plan detailing the main aspects of the GDPR that companies need to take.

Some of these steps include: (i) maping all your data by organizing data audits within your company's departments in order to understand the personal data held by your company and how your company can manage and protect data; (ii) reviewing your privacy policies, individuals’ consents, contracts throught the procedures to confirm whether individuals make use of their privacy rights; (iii) appointing a single DPO or making individual appointments for each legal entity and/or jurisdiction; (iv) training your employees and staring by reviewing and updating your internal policies and technical measures with your company's IT team to fulfil the privacy “by design” and the privacy “by default”. And, of course, reviewing your security measures, as well as (v) reviewing your current international data transfers and understanding if they will be justified under the GDPR. Consider adopting a data transfer key-solution with your legal team.

These are just some of the measures we propose and carefully explain in this study to better help your company fulfill the GDPR's requirements. 

2022-05-31

E-commerce is the process of buying and selling goods or services by electronic means, such as mobile applications and the Internet. E-commerce refers to both online retail as well as electronic transactions.

Nowadays, e-commerce can be carried out via websites or apps or via e-commerce marketplaces available on external websites or apps. Examples of marketplaces are: eBay, Amazon, Etsy and Alibaba.
Over the last few years, the share of persons ordering goods or services online increased steadily. Based on the results of the 2018 survey on “ICT usage and e-commerce in enterprises”, in the EU-28, the percentage of businesses that had e-sales increased by 7% and the businesses’ turnover realized from e-sales increased by 5%, between 2008 and 2017.
In 2019, EU-28 businesses gathered 20% of their total turnover from e-sales, 7% of which were gathered from web sales via own websites or apps and only 13% from EDI-types messages.
E-commerce obviously reflects Internet penetration and usage. From 2010 to 2019, the percentage of enterprises that had e-sales increased from 15% to 21%.

In the near future, the most competitive e-businesses will be able to gauge consumers’ needs and understanding what they want even before consumers do. Anticipating consumers’ behavior is crucial for the e-business success.
In recent years, consumer behaviors have been modifying in the ever-changing landscape of the digital world.
More and more businesses are investing in e-commerce (and “mobile commerce” – “m-commerce” – caused by an increasing use of smartphones), along with big data analytics and artificial intelligence (AI), to boost their industries.
In a report from Accenture on the future of AI, Accenture foresees that AI could boost profitability rates by 38% in the wholesale and retail industries by 2035.

Several generations of e-consumers emerged over the last few years, and the following can be distinguished:

  • The first generation of e-consumers – «consumers 1.0» – was practically eradicated by «consumers 2.0», who wanted more than simply being able to place online orders; they intended to view their preferences, orders history, invoices, etc.. Then they were replaced by «consumers 3.0», even more sophisticated and pointing toward greater online customization experiences. To satisfy those needs, e-commerce strategies had to change namely by using big data analytics and AI systems, to build personalized strategies, recommend new products as per consumers’ demands, make online payments easier and more secure.
  • «Consumers 3.0» are currently facing the fourth successor – «consumers 4.0» –, who are the evolution of the previous version, with a fundamental change: technology. These consumers demand a more digitized communication and relationship, with the full consumer experiences: innovative advertising, storytelling, humanized customer service through various channels, retail and online integration. Finally, «consumers 5.0» want their five senses to be stimulated. They are the digital natives that are influenced by interactive digital TV and immersive reality, which enable the replication of the human senses in simulated spaces: the consumer is influenced by websites, social networks, and seeks out critics or reviews on the product.

For e-businesses to adopt the best approach and make sure that everything is in order to face «e-consumers 5.0», this paper provides some tips that you should be aware of about e-commerce.

Websites are the foudation of e-commerce. A website needs to follow the legislation of the country it is based in, regardless of sales made to other EU countries, save for consumer law, copyright, electronic money and unsolicited emails.
Before you setting-up an online store, you must confirm whether your website fulfils all the e-commerce requirements. In general, when users access the website:

  • Information about your business must be available, including name, address, contact information, registration number, details of any trade association which you are party to, VAT number;
  • The website terms and conditions (T&C’s), a disclaimer and the privacy policy must be visible and accessible to them;
  • Users should clearly receive a message, by means of an interactive banner or a small pop-up, informing them about the use of cookies. A link on the use of cookies (the “cookies policy”) must be disclosed at the top or bottom of your website; and
  • There must be, at least, one way by which users may contact you, as they may need any support, e.g., purchase terms, after-sales assistance.

For an online sale to be valid and effective, you must provide consumers with:

  • A description of the goods, services or digital content;
  • The total price, including all applicable fees, taxes (VAT) and surcharges. If this cannot be determined, you the way it will be calculated must be provided;
  • Payment means and delivery schedules or, at least, an estimated delivery time for the goods;
  • Legal guarantee of goods and warranties, if any. In Portugal, the legal guarantee is of two years. For second-hand goods, a one-year guarantee may be agreed by the parties; and
  • The terms and conditions of the purchase and codes of conduct, if any, as well information on how such codes can be accessed electronically.

What are the specifics of data in e-commerce?

The GDPR has been directly applicable in the EU since 25 May 2018. E-businesses based outside offering goods or services to individuals in the EU are subject to the GDPR, and non-compliance can lead to fines of up to €20 million or 4%turnover.
One of the best ways to protect yourself is to have a well-designed privacy policy available at your website. The privacy policy, among others, must include: what data is collected; why it is collected; how data is stored and kept safe; if the data will be shared; how you can be contacted.
You must also take care about the use of cookies, as they may leave traces which, when combined with unique identifiers and other information, may be used for profiling and identifying your website’s users From an end-user privacy point of view, cookies may be:

  • Non-intrusive cookies, e.g. session cookies, users’ preferences cookies, or load-balancing cookies do not require prior consent; or
  • Privacy-intrusive cookies, e.g. cookies for tracking activity on social networks or third-party cookies (e.g. Google Analytics) when used for behavioral advertising, market research or analysis, require prior consent. 

Privacy-intrusive cookies require a «cookie consent rule», as set out in the GDPR. The consent must be a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the individuals’ agreement; silence, pre-ticked boxes or inactivity do not serve as consent.
You must provide customers all the list of privacy-intrusive cookies your website uses and require consent for each type of intrusive cookies.

Advertising law prohibits the use of unfair or deceptive acts or practices in sales means, advertising claims, and marketing and promotional activities, including on websites. Keep in mind that:

  • Your ads must be clearly identifiable as such;
  • The details, on whose behalf ads are made, must be clearly identified;
  • Promotional offers, competitions or games must be clearly identifiable and the conditions which are to be met to qualify for them or to participate must be presented clearly and unambiguously.

In a digital context, hyperlinks and metatags are commonly used for online advertising, as follows:

  • Hyperlink, or link, is a reference to data that a user can directly follow either by clicking or tapping. A hyperlink points to a whole document or to a specific element within a document;
  • Metatags are basically keywords (“tags”) that a web designer uses to label groups of information. When a user types a particular keyword on a search engine, this matches the keyword with the metatags of several web-pages and displays the most relevant results.

In order to boost their industries, e-businesses are employing big data analytics and machine learning (ML) to understand their customers’ preferences and gradually align their market offers with customers’ needs.
In the past few years, AI has developed algorithms and feed machine learning (ML); this latter one, a subset of AI built from a mathematical model of sample data (“training data”), used to make estimates without being explicitly programmed to perform a task.

What does the future hold for e-commerce? 

New EU rules are on the horizon to boost online businesses under conditions of fair competition, removing geo-blocking and addressing consumer, data protection and copyright issues.
These new rules focus on consumers’ collective actions, unfair terms in consumer contracts, indication of the prices of goods, unfair “B2C” commercial practices and consumer rights.
In the coming years, the future of the e-commerce seems very much linked to big data analytics and AI, along with new consumer, data protection and copyright issues. To face these next challenges, e-businesses should be well-prepared. You will need to set up new alliances with tech partners for the use big data and AI tools, which will be crucial for you to know your customers’ day to day activity and allow you to satisfy the needs of a new generation of customers that will expect to buy what they want, anywhere, and anytime.

To learn more, please download our PDF down below.

2022-05-11

Introduction

Sustainable financing, with an emphasis on "green" financing, reveals the growing concern with new environmental, social and governance (ESG) challenges.

Sustainability has a tangible financial dimension that has been growing at an exponential rate. According to Refinitiv, in 2021 sustainable bonds reached a global value of $1 trillion, which represents 10% of the global debt market.

Because we believe that sustainability is an essential aspect of company’s business purpose and will become a pre-condition for accessing financial markets in the future, MACEDO VITORINO has created a Green Finance Team dedicated to the development and financing of green projects.

Our Green Finance Team has deep knowledge of the energy sector and the key regulatory and financial issues in preparing and structuring up green finance transactions.

The pace of development of the green debt and equity markets means that green finance will become dominant in the medium term. In the long term, companies that do not meet sustainability requirements will face increasing difficulties in accessing the financial markets.

 

Background

According to McKinsey, to prevent a rise of more than 1.5°C, no more than 400 gigatons can be emitted, which means cutting present emissions levels by two-thirds over the course of the decade.

In 2019, the European Union (EU) approved the "European Green Deal" with the aim of transforming Europe’s economy and set the following objectives:

  • Neutral greenhouse gas emissions by 2050; and 
  • Reduction of greenhouse gas emissions by at least 55% (compared to 1990) by 2030. 

The Portuguese National Plan for Energy and Climate (PNEC) establishes the following goals for 2030:

  • Reduce greenhouse gas emissions by 45-55% compared to 2005; 
  • Increase to 47% the share of energy from renewable sources in gross final energy consumption; and 
  • Reduce primary energy consumption by 35% compared to 2005. 

 

Green Finance: The New Framework

McKinsey estimates that to reach a net-zero transition between 2021 and 2050, requires a capital spending on physical assets for energy and land-use systems of about $275 trillion, an average of $9.2 trillion per year.

Investors are increasingly interested in green finance. According to Refinitiv, in 2021 "sustainable" bond issuance will exceed the $1 trillion mark for the first time, representing a 45% increase in debt when compared to 2020.

Sustainable bonds accounted for 10% of overall global debt market activity, which exceeds the 6.6% of 2020 by large.

The global value of green bonds reached $488.8 billion, almost doubling the 2020 levels. In number of issues, green bonds have increased by 54% compared to 2020.

Europe accounted for 54% of the sustainable bond market, compared to 22% for America and 18% for the Asia Pacific region.

 

The ICMA Principles

  • Use of proceeds. Bond proceeds should be utilised in eligible green projects (i.e. projects with clear environmental benefits that should be assessed and, if possible, quantified by the issuer).
  • Project evaluation and selection. The issuer should communicate to investors the environmental sustainability objectives, the process for determining the eligibility of projects and the complementary procedures by which it identifies and manages the environmental and social risks associated with the project.
  • Management of proceeds. Bond proceeds should be credited to sub-accounts or accounts controlled by a formal internal process to ensure that the proceeds are utilised in eligible green projects and can be audited by the issuer and external auditors.
  • Reporting. Issuers should disclose, and keep available information about, the use of proceeds, projects and their impact, on an annual basis or whenever there is a material change, including qualitative and, where possible, quantitative performance indicators.

 

Eligible Investments

The main types of 'green' investments identified by ICMA are, among others:

  • Renewable energy, including production, transmission, appliances and products;
  • Energy efficiency, such as in new and refurbished buildings, energy storage, district heating, smart grids, appliances and products;
  • Pollution prevention and control;
  • Clean transportation, such as electric, hybrid, public, rail, infrastructure for clean energy vehicles and reduction of harmful emissions;
  • Sustainable water and wastewater management;
  • Climate change adaptation, including information support systems such as climate observation and early warning systems; and
  • Green buildings.

 

The EU taxonomy regulation

Regulation (EU) 2020/852 on the establishment of a regime for the promotion of sustainable investment (referred to as the "Taxonomy Regulation") qualifies an economic activity as environmentally sustainable if that economic activity:

  • Contribute substantially to one or more environmental objectives, i.e. (i) climate change mitigation, (ii) adaptation to climate change, (iii) sustainable use, (iv) protection of water and marine resources, (v) transition to a circular economy, (vi) prevention and control of pollution and (v) protection and restoration of biodiversity and ecosystems;
  • Not significantly impair any of the environmental objectives listed in Article 17 of the Taxonomy Regulation;
  • It is developed in accordance with certain minimum safeguards; and
  • Satisfy the technical assessment criteria set by the Commission in Delegated Regulation (EU) 2021/2139.

 

Requirements of the taxonomy regulation

The Taxonomy Regulation requires projects to comply with the following requirements:

  • Identify the most relevant potential contributions to the environmental objective and the minimum requirements that must be met to avoid significant harm to any relevant environmental objectives;
  • Be quantifiable or, when this is not possible, use sustainability indicators;
  • Be based on conclusive scientific evidence and the precautionary principle;
  • Take life-cycle considerations into account by considering the environmental impact of the economic activity and the environmental impact of products and services resulting from that activity, the nature and scale of the economic activity, and the potential market impact of the transition to a more sustainable economy; and
  • Covering all relevant economic activities in a specific sector and ensuring that these activities are treated equally.

 

The future Green Bond regulation

The European Commission's proposed Green Bond Regulation sets out the following requirements for bonds to receive the designation "European Green Bond“ or “EuGB”:

  • The proceeds of the bonds should be allocated to activities that comply with the Taxonomy Regulation (Regulation (EU) 2020/852)
  • Before issuing EuGB, issuers must complete a factsheet in accordance with the model attached to the Regulation, obtain external certification and publish both documents;
  • Issuers must prepare an annual report on the allocation of the proceeds until they are fully used and a report on the environmental impact of the use of the proceeds at least once during the lifetime of the bonds; and
  • Issuers should obtain a post-issuance verification of the report regarding the allocation of revenues by an external entity.

 

What we can do

We can help funders and promoters with all legal aspects of funding, including:

  • Identify eligible projects against the European Taxonomy and the ICMA Principles;
  • Strategic advice on the definition of project eligibility criteria;
  • Define "green" commitments regarding the application of funds and the project;
  • Preparation of the technical file and financial documentation required for financing;
  • Collaborate with technical advisors in the certification and auditing of the project; and 
  • Monitor and verify compliance with "green" commitments throughout the life of the contract. 

If you wish to learn more, please download our PDF down below. 

2022-05-09

Data is everywhere. Information assets are highly valued by companies. Nowadays, businesses depend more frequently on information technologies and data than a few years ago, mainly before the entry into force and application of the European General Data Protection Regulation (GDPR).

In M&A transactions, data is the key for the evaluation of the target company and the risks associated with the deal. Transactions rely on cybersecurity to protect sensitive and confidential information. However, as insurance coverage over information assets is still not widely sought for, risks are greater for companies that may be more vulnerable during M&A transactions.

But if not the risk of an information breach, or the risk of mispricing the transaction, then the risk of being held legally liable for such breach, including personal data violation, must be of alarming to businesses during M&A transactions.

Within the context of a transaction, there are two key points regarding data protection compliance to be considered: whether personal data can be transferred from the target to the acquiror; and whether the parties comply with privacy laws.
In general, asset deals may be more exposed to data protection compliance risks than share deals or corporate reorganizations, since, in these latest two cases, there is no change in the position of the parties to contracts with employees, customers, and suppliers; that is, there is no transfer of the data controller position, which, even though a shareholders’ change, will remain the same entity. However, there are still significant compliance risks associated with share deals. The differences stages of a M&A transaction require different measures to ensure proper data protection compliance.

With this paper, we intend to provide you with the main points of interest that should concern the parties to a transaction, and to outline potential solutions to minimize or eliminate compliance risks.

 

Pre-signing

The typical M&A transaction kicks off with a due diligence on the acquiror, the target, or both. The due diligence is essentially an analytical review of data disclosed by the relevant party to a transaction. And the disclosure of data poses a significant compliance risk for those attributed the duty off keeping it safe.
Usually, access to data in a due diligence is assured via a data room, from which the reviewing party will obtain the contents that are object of the due diligence, including personal data, e.g., information on employees, customers. For this purpose, it may be advisable that data rooms disable save and print options, which is already common practice in many transactions.

Even before the transaction agreement is done, the parties are already obliged to comply with applicable data protection rules, as the pieces of information reviewed during a due diligence will most likely include personal data. And because data rooms usually host personal data, the parties to a transaction must execute data processing agreements with data room providers.
Personal data includes any information relating to an identified or identifiable natural person, as defined by the GDPR.
Deal structure and industry-specific due diligence is of great relevance, too. On one hand, personal data cannot always be transferred in asset deals, and, on the other, for businesses which are data-intensive, handling great amounts of personal data, it is advisable to conduct further compliance due diligence focusing on data protection.

When extra care is advisable, because e.g., the target company handles sensitive data, there are at least three main areas of play:

  • The transferability of data and, when applicable, the consent of data subjects on data transfer;
  • Whether the original purposes of the data processing (and for which, for example, data subjects gave their consent) are compatible with the acquiror’s business and data processing purposes in connection with the M&A transaction; and
  • The security standards in place at both target and acquiror to keep data safe.

Either for valuation or risk assessment, the acquiror should hence understand what the target’s liabilities on privacy matters are, as the acquiror may take on the target’s liabilities at completion.

What you should watch for:

  • Access to the data room should be restricted and information disclosed in the data room should be the necessary (data minimization principle). The employees or customers should not be identified or identifiable. For this purpose, and so that the information keeps meaningful value to the due diligence, the disclosing party can anonymize/pseudonymize information;
  • Alternatively, employees or customers should be informed that their information will be processed for the purpose of a due diligence and the disclosing party should obtain their consent. Not only this is impractical in large transactions, but also the parties should consider the fact that consent is only an appropriate lawful basis for data processing if it is genuine, which is not likely in an employment context, and thus the parties should rely on a different lawful basis for transferring data of employees;
  • The information disclosed should be limited to that that is strictly necessary to perform the due diligence. For this purpose, e.g., employment agreements can be sampled, or the information can be aggregated, or only key information can be disclosed, or the disclosure of sensitive data should be avoided;
  • The valuation of the target company should take into consideration that there may be restrictions to the use of personal data by the acquiror post-closing;
  • Whenever the target is processing data on behalf of a third party, data sharing agreements will likely include change of control or change of ownership clauses, which should be accounted for by the acquiror;
  • Both deal structure and the industry of the target are relevant for the purpose of assessing price, exposure to risk and steps required for a compliant M&A transaction.

 

Signing

If it were not for the comprehensive set of privacy rules, the assumption would be that the target company owned (and could freely exploit) the personal data it acquired over the years. But that is not the case.
Once the due diligence is complete, the transaction documents should safeguard the party’s position in view of any potential data breaches or infringement of data protection rules.

There are plentiful ways to ensure one’s position during negotiations and at signing: contract negotiations should entail an adequate level of protection against the findings resulting from the due diligence, whether this is reflected on the price or in contractual provisions; the share and purchase agreement should include representations and warranties that are tailored for data protection compliance and/or transferring the risk of violation; the counterparty should be able to warrant that it is compliant with privacy laws and has put in place adequate security standards, etc.
The target should warrant the acquiror, e.g., that there are not any pending proceedings related with data security breaches, that it has adequate security standards in place, or that it is compliant with the applicable privacy laws. Indemnification clauses and limitations of liability are also relevant in view of any potential breaches and/or liability resulting from the target’s business up until the completion date.
Insomuch as some transactions may be of greater complexity as regards data, data sharing and data integration, it may be cost-effective and legally advisable to include ancillary services agreements for the specific purpose of ensuring data protection compliance in the transaction documents.
There should be extra care in international M&A transactions due to potential international data transfers.
If data is transferred to a country outside of the EU-EEA, an assessment of the level of adequacy of the jurisdiction, to which the data will be transferred, has to be carried out. Alternatively, mechanisms such as standard contractual clauses, binding corporate rules, approved codes of conduct, approved certifications or a combination thereof have to be included in the transaction documents.
At signing, if the target processes or controls data, the acquiror should have obtained a comprehensive catalogue of data and respective consents, Records of Processing Activities (RoPAs), Data Protection Impact Assessments (DPIAs), if applicable, and Legitimate Interests Assessments (LIAs).

What you should watch for:

  • Data breaches and infringements of privacy laws are costly. Whenever appropriate, privacy-related risks should be accounted for with remediation and indemnification clauses;
  • If deemed adequate, it may be advisable that the parties agree to conditions precedent and covenants in respect to data processing;
  • Non-disclosure agreements (NDAs) should include data protection clauses and contractual penalties in case of failure to keep information confidential. We should note that NDAs executed by the parties for the purpose of ensuring confidentiality during the transaction process will most likely expire at signing of the asset purchase agreement (APA) or share purchase agreement (SPA), so it may be relevant to execute a new NDA at signing or include a non-disclosure provision in the purchase agreement;
  • If the target does not warrant that it is legally authorised to share the data with the acquiror, the acquiror risks exposure to liability for unauthorised processing of data;
  • Insurance on cyber risks is valuable and may even be a solution to a deadlock where the target is reluctant to be exposed to such a relevant liability.

 

Pre and post-closing

The day the share and purchase agreement are executed by the parties does not always match the closing of the transaction. The period between signing and the closing date could, in fact, take months. During this period, the transaction parties may also exchange information.
The parties should take into consideration that while the transaction is not closed, the acquiror is a third party and sharing information can result in responsibility before the competition authorities.

Some deals require a level of confidentiality that is sometimes conflicting with the interests of privacy laws. The timing for transfer of liability is key, then. When possible, and to avoid unnecessary exposure to compliance risks, the acquiror can be provided with statistical information instead of actual data, even if it is pseudonymized.

After the deal is closed, it is likely that the acquiror might have to face limitations on the use of data.

The acquiror should mind that the consent provided to the target by data subjects sometime in the past may both enable and limit the data processing by the acquiror. And even in a share deal, where the controller of data does not change, privacy policies will need to be updated, should the purpose or use of personal data change after completion.

What you should watch for:

  • Data sharing before the closing date should be limited to that strictly necessary for data integration purposes, and those handling data should be limited to the minimum;
  • Should the transaction not occur, the parties must be able to adequately eliminate and dispose of any data obtained during negotiations and before closing date;
  • Consent is not transferable in the context of an M&A transaction unless the data subject was informed of such a possibility when providing his consent, so this should be considered by the acquiror;
  • Data sharing before the closing date should be limited to that strictly necessary for data integration purposes, and those handling data should be limited to the minimum;
  • Where the purpose or use of data does change after completion, the acquiror will need to obtain the consent of the data subjects for their data to be processed under the revised privacy policies.

 

How does the GDPR impact M&A?

In the context of an M&A transaction, personal data of many sorts is handled and/or transferred from target to acquiror. This will include employees’ information, applicants’ CVs, IP addresses, suppliers’ information, etc..
The right to data privacy is not an absolute right. It is relative to its function in society. Throughout the transaction process, it is crucial that the parties weigh their legitimate interests against the fundamental rights and freedoms of data subjects.
The assessment of an adequate balance between the right to protection of individual data and freedom of enterprise adds a layer of complexity to M&A that is novel to the market.

During negotiations, the acquiror is a third party as it is neither the data subject, nor the controller, processor, or an entity who, under the direct authority of the controller or processor, are authorized to process personal data. This puts the parties in a very delicate position as to what information can be shared at a stage where trust and disclosure is key to the success of the transaction:

  • On one side, the logistics are seriously impacted as parties must go on tiptoe through each stage of negotiations and even after executing the agreement, bearing in mind that sharing information means exposure to a compliance risk.
  • On the other, data privacy influences both valuation and deal structure. As we explored, the price may be adjusted by exposure to compliance risks, and the structure of the deal must be compatible with the transfer of data from the target to the acquiror.
  • On the third, where transactions are negotiated behind closed doors, the current data protection framework, compliance obligations, and recent history of sanctions motivated by infringements during negotiations, suggest that even though the door is closed, it is not locked, and personal data protection concerns may not be neglected.

If you wish to find out more, please download our PDF down below.

2022-05-04

Like the rest of the world, Portugal has been suffering from the devasting impact of the coronavirus pandemic. The measures adopted to prevent the spread of COVID-19 had a significant impact on the country´s economy.

Despite this, Portugal is currently the country with the highest percentage of people fully vaccinated, with 83,5% of the population fully vaccinated, as of September 2021, which is already encouraging the Government to open the economy and will decrease the numbers of the setback caused by the crisis.

Portuguese GDP fell 7.7% in 2020 and is expected to recover by 4.8% in 2021. Exports are also expected to recover 9.2% in 2021 after falling 20.1% in 2020. As expected, tourism, textile and footwear sectors, which are highly dependent on export markets, were severely hit.

However, investment in tourism, real estate, renewable energy and other longer-term projects in Portugal maintain their course. Despite the present difficulties, local and international investors remain confident in longer term prospects and in the resurge of tourism when the Covid-19 pandemic is behind us.

More importantly, against a backdrop of social unrest in many other developed countries in recent years, Portugal offers security, little social unrest and an inclusive and open society with low levels of racism, religious tensions and sex biases. According to Institute for Economics & Peace’s “Global Peace Index 2021”, Portugal ranks 4th in the most peaceful countries in the world, 3rd amongst European countries. Portugal also ranks 9th in Societal Safety and Security domain amongst the countries in the world.

Other opportunities will arise from the recently announced National Investment Program (Programa Nacional de Investments) with investments in 85 infrastructure projects over the next 10 years, supported by the European Union, with EUR. 21,660 million to be invested in the transportation sector, mainly in upgrading or building new railroads and subway infrastructure, EUR. 13,060 million in renewable energy and EUR. 7,418 million in environment related investments.

This guide reviews the main aspects to be considered by foreign investors looking at Portugal as a place to invest, such as how to set up of a business, government incentives, employment rules, tax system, intellectual property protection, investing in real estate and judicial system.

For more information go to www.macedovitorino.com/en/why-portugal.

2022-05-02
Introduction

Competition is not only necessary to achieve economic efficiency, but it is one of the essential conditions of a market economy as well. Companies committed to the preservation of fair competition should develop and foster a competitive culture and help its directors and employees ensure the company complies with competition laws.

The purpose of a competition guide is to explain the basic provisions of European and national competition laws to make companies (executive bodies and employees) aware of the basic competition rules and how these rules may affect their business.

A competition guide does not cover all circumstances/ issues companies can run into, but it provides enough information regarding competition law, which helps companies recognizing patterns and specific situations and require legal advice if needed.

Competition guides make it easier for companies (especially the ones operating in several different countries) to develop a consistent approach wherever the company is operating so that its employees may apply business practices in line with the company’s global standards.

A training program is required to implement a competition guide, which is essential to keep companies regularly aware of competition issues. This would include training sessions, information on antitrust developments, updates of the competition guide, etc.

Companies should encourage their employees and business partners to feel personally responsible for the strict application of competition rules set out in competition guides. Otherwise, the development of a competitive culture may be at risk.

Overview

The main provisions on anti-competition practices of the European Union Competition Law are outlined in Articles 101 and 102 of the Treaty on the Functioning of the EU (“TFEU”).

EU Competition Law applies to all companies doing business within the Member States or which can affect trade between the Member States of the European Economic Area (“EEA”) regardless of whether these companies are established in one of those countries or not.

On the other hand, the Portuguese Competition Law, which was approved by Law 19/2012, of 8 May 2012 (the “Competition Law”), applies to restrictions of competition in Portugal.

The rules on anti-competitive practices laid down in Articles 9 to 11 of the Competition Law are similar to those of Articles 101 and 102 of TFEU as developed by the European case law. Between TFEU and the Competition Law, there could be differences resulting from:

  • Adaptation to Portuguese legal concepts;
  • Particular features of the Portuguese markets;
  • Portuguese culture and experience; and
  • Interpretation by the Portuguese lawmakers and the Competition Authority of European case law.

There are, however, practices forbidden by both:

  • Cartels. All agreements intended to prevent, restrict, or distort competition are prohibited. Does not matter the form of agreement. There are two types of agreements: horizontal agreements (the ones between companies acting on the same marketing stage, e.g. agreements with competitors) and vertical agreements (the ones between companies acting on different marketing stages, e.g. agreements with suppliers and customers; and
  • Abuse of dominant position. Competition law forbids undertakings from abusing their dominant position to prevent, distort, or restrict competition in the market or a substantial part of it.
Horizontal and vertical agreements

Agreements between competitors (horizontal agreements)

Under Competition Law, the term “agreement” has a very broad meaning and includes all kinds of agreements between two or more competitors, i.e., two or more companies operating at the same level(s) in the market, like levels of production or distribution.

But not all agreements with competitors are illegal. Agreements with competitors that do not restrict competition are legal but sometimes must be notified to the relevant competition authorities.

In what concerns dealings with competitors, there are some general principles to be considered:

  • Prices and conditions of supply. To agree or co-operate in any way with competitors to fix prices is prohibited. Competitors cannot, specifically: (i) jointly determine selling or purchase prices, price increases, and specific minimum or maximum prices or price ranges, and (ii) jointly agree to rebates, discounts, and other supply conditions.
  • Market sharing. It is forbidden to share or allocate markets in any form. More specifically, competitors cannot, specifically: (i) share or allocate markets regarding specific territories, products, customers, or sources of supply, and (ii) fix production, buying, and selling quotas between competitors;
  • Boycotts. It is forbidden to refuse to deal with one or more customers or suppliers to hinder such customers or suppliers to do business in a market. It is however possible to have a competitor as a supplier or customer at an arm’s length basis, as long as all other antitrust rules are observed; and
  • Joint ventures. Joint venture agreements between competitors can be beneficial, e.g., by facilitating technological advances (efficiencies), but can also affect or restrain competition. Because of that, these agreements should not be closed without legal advice.
Agreements with suppliers and customers (vertical agreemnts) 

Unlike agreements between competitors, many agreements with suppliers and customers are necessary for companies to develop their business activity and entirely appropriate.

When it comes to vertical agreements, companies should respect the following principles:

  • Resale prices. The producer must not set the resale prices charged by the distributor. It is not allowed to, specifically: (i) fix or set resale prices to distributors or dealers for any product, (ii) require the distributor to stick to the recommended resale prices, (iii) terminate the agreement with a distributor due to their refusal to stick to the recommended resale prices, (iv) coordinate the price policy with the distributor according to the market situation, (v) forbid the distributor from granting any discounts, etc.;
  • Exclusivity. While closing exclusive distribution, purchase, franchise, or license agreements, companies must comply with certain rules. For instance, it is forbidden to (i) prevent from making passive sales to customers outside its exclusive customer group or territory prescribe not to passively supply customers from outside the territory, (ii) forbid a distributor from accepting a customer’s inquiry from outside the territory, (iii) forbid a distributor from supplying products to other distribution channels upon corresponding orders, (iv) refuse orders from distributors exporting products due to territory restrictions;
  • Parallel trade. Parallel trade is a consequence of free trade within a market. It is not allowed to: (i) impose export bans, (ii) prevent from exporting to customers from outside the territory, (iii) refuse orders from partners exporting products due to territory restrictions;
  • Tying. Tying clauses that make a product supply subject to the acceptance of supplementary obligations to buy other goods and/or services which, either by their nature or according to commercial usage, have no connection with the contract subject, generally should not be used, especially when companies have a significant market share in the first product;
  • Competition clause. Under certain circumstances, it is possible to forbid a distributor or licensee to sell or manufacture competing products. It is allowed to do so to extend the prohibition beyond the duration of the agreement;
  • Patent, trademark, copyright. When licensing patents, copyrights, know-how, or trademarks, it is not allowed to (i) forbid the partner from contesting the secrecy of the licensed know-how or the licensed trademarks and patents, (ii) forbid the partner from contesting the validity of the licensed patent, (iii) fix the price that the licensee charges for its product, (iv) reach agreements with other patent owners regarding royalties to be charged for competing patents; and
  • Improvements and new applications. In patent licensing and know-how licensing agreements, either party should generally be free to compete with its developed products, improvements, or new applications of the technology in so far as these are severable from the licensee’s initial know-how. However, it is not allowed to restrict either party from competing with the other party when it comes to research and development, manufacture, use, or sale of any own developed product, improvement, and a new application of the technology.
Abuse of dominant position

An undertaking has a dominant position when it has a position of economic strength (and market power) that enables it to prevent effective competition and to behave independently from its competitors, customers, and consumers to an appreciable extent.

Although several factors should be considered in the assessment of a company’s position, the market share of the product is the main factor. Market shares are calculated based on geographical and product markets.

Dominant companies have a special responsibility to behave fairly having to comply with special rules to protect competitors, customers, and market structure from abusive behaviour. Many of the commercial policies and tools that are legal for a non-dominant company may be abusive if carried out by a dominant company. As a result, companies in a dominant position (unilateral or collective) should act carefully so to avoid any abuse of such a dominant position.

The following are examples of abuse:

  • Discrimination/Different terms of sale. A company with a dominant position must not discriminate in its terms of sale when dealing with similar customers under comparable circumstances. It is however possible to (i) grant different terms of sale (rebates) to distributors providing special services that are not met by other distributors, (ii) grant different terms of sale to distributors of another stage in the distribution channel (wholesalers/retailers) since such distributors are providing different services;
  • Hindrance of competitors. Market-dominant companies are not allowed to substantially restrict the access of competitors to customers or dealers by imposing (i) exclusive purchase commitments on customers, (ii) fidelity rebates, (iii) rebates with similar effects, and (iv) unfair or predatory price (method in which a seller sets a price so low that other suppliers cannot compete and are forced to exit the market); and
  • Refusal to supply. A refusal to sell to distributors or customers might constitute an abuse of a dominant position. It is not allowed, specifically, to (i) refuse to sell to a customer which meets the same requirements as other customers which are supplied, and (ii) reduce supplies to comparable customers in different ways without an unbiased justification.
Consequences of breaching competition rules

Not complying with competition laws can seriously negatively impact companies. These are the main risks companies might face are:

  • Fines. Companies that breach antitrust rules might be subject to significant fines and compulsory penalties. The European Commission and national competition authorities, including the Portuguese one, can impose fines of up to 10% of the consolidated total turnover of companies. Competition Authorities might take into account the company size, the seriousness of the illegal business practices at stake, the duration of the illegal practices, and the existence of repeat offenses to increase the discouraging effect of fines;
  • Civil liability. A company can be sued for damages by those who can demonstrate that they have sustained losses caused by anti-competitive practices carried on by that company. Although actions for damages resulting from breach of competition rules are not a common solution in Portugal, a set of measures has been implemented recently, so it is expected that damages actions will be used more frequently by injured parties soon;
  • Contractual risk. Any contractual provision infringing antitrust laws is generally void, which means it cannot be enforced before local courts. The entire contract could also be void in certain circumstances.
  • Reputation risk. Violation of antitrust laws is more and more perceived by the stakeholders as unethical behaviour that can seriously impact the image and reputation of a company and make it look like it does not observe/regard the highest corporate governance standards. Share price can also be significantly affected. Recent studies tend to show a correlation between cartel investigations and a decrease in the share price.

A competition guide is of the utmost importance for companies’ executive bodies, employees, and business partners to understand fully that any breach of applicable competition laws might seriously damage a company’s business activity.

Recommendations

Practical recommendations

Undertakings usually are part of professional associations. These professional associations may be subject to monitoring by the Competition Authority, as professional associations might lead to collusion between competitors.

Because of what was said above, undertakings’ employees should comply with specific rules when dealing with these professional associations, particularly regarding membership, meetings, and information exchange.

In most cases, it is not possible to notify the Competition Authority to get a clearance on specific matters. An individual assessment could be more easily made based on a set of rules on competition and, of course, companies can always require external legal opinion in sensitive cases.

Companies can follow some guidelines when dealing with professional associations:

  • Do not exchange nor accept receiving sensitive information;
  • Declare that the company does not want to receive any sensitive information, and protest in writing in case it happens;
  • Do not attend professional associations meetings without written minutes attesting to the agenda and those resolutions are taken under the law;
  • Make sure informal conversations before, during or after such meetings are not about anticompetitive subjects and be properly aware of what could be the content of those discussions;
  • Require professional associations to have a confidential collection system, the so-called “black box system”; and
  • In case the professional association your company is part of does not have a competition guide, suggest/ recommend it adopts one.
How to communicate with clients and competitors 

Communications between companies, their clients, and their competitors are fundamental for the development of their business activities. Companies should use care in their written and oral communications.

The use of inappropriate words in internal or external communications could be misinterpreted as indicative of anticompetitive behaviour. Companies should be conscious that any documents, as a rule, may be subject to seizure by the competition authorities.

To prevent these situations, undertakings should define a set of rules on how to communicate with their clients and competitors. For instance:

  • Do not use expressions that have ambiguous or controversial meaning, especially when it relates to their competitors or competitive behaviour;
  • Do not suggest that their marketing or pricing decisions (based on the company strategy, such as market status, competitor behaviour, customer threats, etc.) should be founded on grounds other than those;
  • Indicate the source of any sensitive information, such as market shares, prices, production capacities; and
  • Write carefully and clearly in memoranda, letters and emails and keep in mind that everything written may be disclosed publicly in an adversarial proceeding.
How to handle documentation

Competition Law requires undertakings to cooperate with the Competition Authority, which implies that they should disclose all information/documentation relating to an investigation procedure in course.

Regardless of specific rules on keeping documentation (for instance, accounting and tax documentation), companies should be aware that some documents could be relevant in an investigation procedure since they could have an important role as evidence or negotiating tool in the scope of settlements or leniency/reduction of fines program.

Once an investigation/litigation is initiated, documents of any kind which directly or indirectly related to the subject of the proceedings must be immediately retained and never destroyed or concealed. Destruction of sensitive documents (even as part of a general retention/destruction policy) or the appearance of a cover-up in the context of an investigation procedure or lawsuit could result in very high fines.

How to react to competition authorities' dawn-raids

Competition authorities have wide investigative powers, which include the power to make inquiries, do searches in companies’ premises, examine, copy, and seize documents as well as seal the premises if necessary.

To react against the so-called “dawn-raids” of competition authorities, companies should define a set of guidelines.

For example, in what concerns the access to documents in the possession of attorneys, the Portuguese Competition Authority, in line with European case law, understands that the client/attorney secrecy privilege only applies to outside counsel and not to in-house lawyers. However, the Lisbon Commerce Court has ruled, in a recent decision, which may be followed by other Portuguese courts, that communications with in-house lawyers should be deemed privileged.

Employees should be aware of the investigative powers of these authorities and know the measures that they can adopt in these circumstances.

All employees, who are likely to be confronted with dawn-raids, for instance, receptionists, managers, lawyers, should be well trained to adopt the right behaviour, as a good relationship with the competition authorities is in the best interest of companies.

Refusal to cooperate could create an incorrect impression, as if the company had something to hide.

Undertakings and/or their employees can be fined by competition authorities.

Final remarks

To avoid risks, companies should be aware of the risks that their employees’ daily informal behaviours can lead to anti-competitive practices and seriously harm the company business even when such conduct was not intended by the company’s management.

The best approach is to:

  • Ensure cooperation with the authorities;
  • Grant access to information that is duly requested by the authorities;
  • Keep documentation;
  • Get legal advice on what is allowed and what is not; and
  • Develop internal proceedings that promote a competition compliance culture.

To learn more, please download our PDF.

2022-02-16
Introduction

A whistleblower program, if well-designed, is an adequate tool to build a culture of good communication and corporate social responsibility, where reporting persons are considered to contribute to self-correction and excellence within the organisation significantly.

The most significant risks typically occur in a work-related environment, such as theft or fraud, bribery/corruption, environmental misconducts, health and safety concerns, privacy issues, employer’s policy breaches.

Employees are the ones to which it is easier to detect a breach. Still, they do not often report violations, mainly because they either believe that the breach cannot be effectively addressed or that there is a risk of retaliation.

As part of compliance programmes, reporting channels can be used as a risk management tool, giving organisations the chance to become aware of concerns/misconducts at earlier stages and prevent or mitigate financial and reputational risks.

Reporting channels allow building a confident and secure environment. Employees are encouraged to openly speak about their concerns with the management as their first preferred course of action. Confidentiality, response times, and follow-up must be ensured. Otherwise, a reporting channel will quickly fail its credibility and trust before its primary recipients – the employees.
This paper explains the main steps organisations need to take to comply with the Directive (EU) 2019/1937 (the ‘EU Whistleblowing Directive’ or the ‘Directive’) and Law 93/2021 of 20 December 2021, which implemented the Directive in Portugal.

The time to act is now for those who have not yet taken steps to ensure that a whistleblowing programme with effective report channels is in place. The Portuguese Whistleblowing Law requires ongoing internal reporting channels by 18 June 2022.

 

The EU Whistleblowing Directive

Currently, whistle-blower protection provided in the EU is fragmented across its Member States. This situation is due to different reasons, including cultural ones.

The purpose of the EU Whistleblowing Directive is to create a harmonised legal framework, which will introduce substantial changes in approach to whistleblowing in the many Member States, including Portugal, and with effects for employers with EU cross border operations.

The Directive affects all legal entities in the private and public sector with 50 or more employees and, regardless of the number of employees, entities within the scope of some EU acts, including Anti-Money Laundering (AML) rules. These organisations must provide means for employees to report misconducts that occurred in a work-related environment, including, but not limited to, the following: public procurement; prevention of money laundering; environment; personal privacy data.

The definition of “employees” has a broad range, comprising those with the employee’s status and freelance employees, contractors, subcontractors, suppliers, shareholders, management roles, former and prospective employees.

The deadlines to incorporate the minimum standards of the Directive into local laws are as follows:

  • Businesses and government organisations with or more than 250 employees, entities falling into the scope of EU some acts (such as AML rules), and municipalities serving 10,000 inhabitants must implement an internal reporting system by 17 December 2021; and
  • Businesses and government organisations with 50 to 249 employees must have their internal reporting system by 17 December 2023.

Organisations must have systems in place to monitor and follow up on reports. They must be prepared to understand the steps to protect whistle-blowers following their reports, safeguard their identity, and ensure that employees will not suffer any retaliation.

The Directive contains the minimum standards for accepting, processing, and reporting information received from whistle-blowers. The EU Member States may impose additional requirements on top of these, so it is recommended to keep track and review the local whistleblowing legislation.

 

Reporting channels

In Portugal, the Whistleblowing Directive was implemented by Law 93/2021, of 20 December 2021.

The Portuguese Whistleblowing Law imposes that local businesses and government organisations with or more than 50 employees, “obliged entities” falling into the scope of the Portuguese Anti-Money Laundering Law (Law 83/2017, of 18 August 2017), and municipalities serving 10,000 inhabitants implement an internal reporting system by 18 June 2022.

Employees must first use internal reporting channels before using external channels. The procedures for internal reporting channels shall include:

  • Setting-up of channels for receiving the reports which need to be designed, established, and to operate in a secure manner that guarantees that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protested, and prevent access thereto by non-authorized staff members;
  • Acknowledgment of receipt of the report within seven days of that receipt;
  • An impartial person or department competent for following-up on the reports and which will maintain communication with the reporting person and, where necessary, ask for further information from and provide feedback to the reporting person;
  • Provision of feedback within a reasonable timeframe, not exceeding three months from the acknowledgement of receipt or, if no acknowledgement was sent to the reporting person, three months from the end of the seven days after the report was made; and
  • Provision of clear and easily accessible information regarding the procedures for reporting externally to competent authorities.

Employees must use external channels in case internal channels cannot reasonably be expected to function correctly. This may occur if employees have valid reasons to believe that:

  • They will suffer retaliation in connection with the reporting, including as a result of a breach of confidentiality, or
  • Competent authorities will be better placed to address the breach effectively.
 
Internal reporting channels

Main features

Employees can address complaints in writing and/or verbally. Complaints can be submitted anonymously.

Internal reporting channels can be operated in-house to receive and follow-up on complaints by persons or services selected for that purpose, or externally, to receive complaints only.

Independence, impartiality, confidentiality, data protection, secrecy, and absence of conflict of interest of the person(s) or entity chosen for this purpose must be safeguarded.

That person or entity will have to act diligently to follow up on the report.

Appropriate actions must be taken to verify the assertions made in the report and, where necessary, to cease the reported violation by opening an internal investigation or informing the competent authority to investigate the breach.

 

Deadlines for the follow-up of reports

  • Seven days: acknowledge receipt of the report to the reporting person should occur within seven days of that receipt. Within the same deadline, the reporting person must be informed, in a clear and easily accessible way, on relevant procedures and external reporting procedures to relevant competent authorities.
  • Three months: follow-up and feedback should take place within a reasonable timeframe, given the need to promptly address the issue that is the subject of the report and the need to avoid unnecessary public disclosures. This timeframe should not exceed three months but could be extended to six months, if necessary, due to the specific circumstances of the case, in particular the nature and complexity of the subject of the report, which may require a lengthy investigation.

The reporting person can, at any time, request the organisation to disclose the outcome of the review carried out following the report and within 15 days as of its conclusion by the organisation.

 
External reporting channels

Main features

Competent authorities will establish external reporting channels, independent and distinct from other communication channels, to receive and pursue reports. They will also publish information on the reporting procedures in a separate, easily identifiable, and accessible section on their websites.

When there is no competent authority to address the report or in cases where the target of the report is the competent authority itself, the report must be addressed to the Portuguese Anti-Corruption Authority and, if this authority is the target, to the Public Prosecutor's Office.

Reports will be dismissed when the competent authority, by a reasoned decision (to be notified to the reporting person), considers that:

  • The reported offense is of minor seriousness, insignificant or manifestly irrelevant;
  • The complaint is repeated and contains no new elements of fact or law that justify a different follow-up to the first complaint; or
  • The complaint is anonymous and there is no evidence of an infringement.

 

Deadlines for the follow-up of reports

  • Seven days: acknowledge receipt of the report to the reporting person should take place within seven days of that receipt unless the reporting person explicitly requested otherwise, or the competent authority reasonably believes that acknowledging receipt would jeopardise the protection of the reporting person's identity;
  • Three months: for the organization to notify the whistleblower of the measures envisaged or adopted to follow up the complaint with the relevant grounds.

The reporting person can, at any time, request the competent authority to disclose the outcome of the review carried out following the report and within 15 days as of its conclusion by the competent authority.

Competent authorities will review the procedures for receiving and handling reports every three years, considering their experience and that of other competent authorities.

 
Safeguards

In addition to implementing effective, confidential and secure reporting channels, it is crucial ensuring that reporting persons are protected effectively against retaliation.

Retaliation means any direct or indirect act or omission which occurs in a work-related context, is prompted by internal or external reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person.

For instance, employees need specific legal protection to acquire the information they report through their work-related activities. Therefore, employees risk work-related retaliation for breaching the duty of confidentiality or loyalty. Employees may also find themselves in a position of economic vulnerability in the context of their work-related activities.

Protection should be provided against retaliatory measures taken not only directly vis-à-vis employees themselves but also those that can be taken indirectly, including vis-à-vis facilitators, colleagues or relatives of the reporting person who are also in a work-related connection with the reporting person's employer or customer or recipient of services.

Once employees make their report, they should be protected by:

  • Steps are being taken to prevent retaliation, harassment and threats against them by issuing fines to anyone looking to hinder the process in such a manner;
  • Suspension, lay-off, dismissal or equivalent measures;
  • The burden of proof being reversed so that the business or municipality has to provide evidence that it was not trying to retaliate against a whistleblower;
  • Being offered free advice and information on procedures;
  • Understanding that, by exposing wrongdoing, they did not contravene contracts, non-disclosure agreements or similar;
  • Being offered financial assistance;
  • Being offered psychological support.
 
The role of the management

Many organisations make their internal reporting system accessible to their employees but do not actively encourage its use. Only a few seek to instil a sense of obligation by sending the message that persons who perceive misconduct but do not raise the alarm are complicit in their apathy or indifference.

Whistleblowing programmes may fail if the high-level management cannot provide proper assurance that those who report issues will not be ignored, silenced, or punished for the bad news.

In turn, middle-level management must balance supporting the programme and preventing access due to much control. Too much management control over the process can hinder its use.

Doubts about management commitment can still arise if the reporting channel is exclusively handled in-house and without the involvement of an independent and impartial third party.

Ensuring the protection and safety of whistleblowers is necessary for the effectiveness of a whistleblowing programme.

A whistleblowing programme must guarantee confidentiality and allow discreet or anonymous reports. If an individual feels seriously threatened or in a situation where a company has only a few employees, guarantees of confidentiality may not be sufficient to encourage whistleblowing, in which case it would be necessary to offer anonymity.

Any reports must be stored confidentially and securely. Each organisation needs to take steps to protect whistleblowers' identities and comply with the General Data Protection Regulation (GDPR). Having a central tracking system to enter, monitor, and update case details will help ensure this while at the same time simplifying the investigation procedure.

Providing feedback to the reporting person as part of the investigation process will also show that the issue is assessed and taken seriously by the organisation.

The programme still needs to be informed to all employee levels. The announcement must have a clear and strong message and be repeated from time to time. This communication that the programme enjoys support at the highest-level management and that the use is an act of loyalty, not infidelity, is crucial and stresses the message that reporting is the right thing to do.

If you wish to know more, please download our PDF down below. 

2022-01-13
Introduction

Competition is not only necessary to achieve economic efficiency, but it is one of the essential conditions of a market economy as well. Companies committed to the preservation of fair competition should develop and foster a competitive culture and help its directors and employees ensure the company complies with competition laws.

The purpose of a competition guide is to explain the basic provisions of European and national competition laws to make companies (executive bodies and employees) aware of the basic competition rules and how these rules may affect their business.

A competition guide does not cover all circumstances/ issues companies can run into, but it provides enough information regarding competition law, which helps companies recognizing patterns and specific situations and require legal advice if needed.

Competition guides make it easier for companies (especially the ones operating in several different countries) to develop a consistent approach wherever the company is operating so that its employees may apply business practices in line with the company’s global standards.

A training program is required to implement a competition guide, which is essential to keep companies regularly aware of competition issues. This would include training sessions, information on antitrust developments, updates of the competition guide, etc.

Companies should encourage their employees and business partners to feel personally responsible for the strict application of competition rules set out in competition guides. Otherwise, the development of a competitive culture may be at risk.

Overview

The main provisions on anti-competition practices of the European Union Competition Law are outlined in Articles 101 and 102 of the Treaty on the Functioning of the EU (“TFEU”).

EU Competition Law applies to all companies doing business within the Member States or which can affect trade between the Member States of the European Economic Area (“EEA”) regardless of whether these companies are established in one of those countries or not.

On the other hand, the Portuguese Competition Law, which was approved by Law 19/2012, of 8 May 2012 (the “Competition Law”), applies to restrictions of competition in Portugal.

The rules on anti-competitive practices laid down in Articles 9 to 11 of the Competition Law are similar to those of Articles 101 and 102 of TFEU as developed by the European case law. Between TFEU and the Competition Law, there could be differences resulting from:

  • Adaptation to Portuguese legal concepts;
  • Particular features of the Portuguese markets;
  • Portuguese culture and experience; and
  • Interpretation by the Portuguese lawmakers and the Competition Authority of European case law.

There are, however, practices forbidden by both:

  • Cartels. All agreements intended to prevent, restrict, or distort competition are prohibited. Does not matter the form of agreement. There are two types of agreements: horizontal agreements (the ones between companies acting on the same marketing stage, e.g. agreements with competitors) and vertical agreements (the ones between companies acting on different marketing stages, e.g. agreements with suppliers and customers; and
  • Abuse of dominant position. Competition law forbids undertakings from abusing their dominant position to prevent, distort, or restrict competition in the market or a substantial part of it.
Horizontal and vertical agreements

Agreements between competitors (horizontal agreements)

Under Competition Law, the term “agreement” has a very broad meaning and includes all kinds of agreements between two or more competitors, i.e., two or more companies operating at the same level(s) in the market, like levels of production or distribution.

But not all agreements with competitors are illegal. Agreements with competitors that do not restrict competition are legal but sometimes must be notified to the relevant competition authorities.

In what concerns dealings with competitors, there are some general principles to be considered:

  • Prices and conditions of supply. To agree or co-operate in any way with competitors to fix prices is prohibited. Competitors cannot, specifically: (i) jointly determine selling or purchase prices, price increases, and specific minimum or maximum prices or price ranges, and (ii) jointly agree to rebates, discounts, and other supply conditions.
  • Market sharing. It is forbidden to share or allocate markets in any form. More specifically, competitors cannot, specifically: (i) share or allocate markets regarding specific territories, products, customers, or sources of supply, and (ii) fix production, buying, and selling quotas between competitors;
  • Boycotts. It is forbidden to refuse to deal with one or more customers or suppliers to hinder such customers or suppliers to do business in a market. It is however possible to have a competitor as a supplier or customer at an arm’s length basis, as long as all other antitrust rules are observed; and
  • Joint ventures. Joint venture agreements between competitors can be beneficial, e.g., by facilitating technological advances (efficiencies), but can also affect or restrain competition. Because of that, these agreements should not be closed without legal advice.

Agreements with suppliers and customers (vertical agreemnts) 

Unlike agreements between competitors, many agreements with suppliers and customers are necessary for companies to develop their business activity and entirely appropriate.

When it comes to vertical agreements, companies should respect the following principles:

  • Resale prices. The producer must not set the resale prices charged by the distributor. It is not allowed to, specifically: (i) fix or set resale prices to distributors or dealers for any product, (ii) require the distributor to stick to the recommended resale prices, (iii) terminate the agreement with a distributor due to their refusal to stick to the recommended resale prices, (iv) coordinate the price policy with the distributor according to the market situation, (v) forbid the distributor from granting any discounts, etc.;
  • Exclusivity. While closing exclusive distribution, purchase, franchise, or license agreements, companies must comply with certain rules. For instance, it is forbidden to (i) prevent from making passive sales to customers outside its exclusive customer group or territory prescribe not to passively supply customers from outside the territory, (ii) forbid a distributor from accepting a customer’s inquiry from outside the territory, (iii) forbid a distributor from supplying products to other distribution channels upon corresponding orders, (iv) refuse orders from distributors exporting products due to territory restrictions;
  • Parallel trade. Parallel trade is a consequence of free trade within a market. It is not allowed to: (i) impose export bans, (ii) prevent from exporting to customers from outside the territory, (iii) refuse orders from partners exporting products due to territory restrictions;
  • Tying. Tying clauses that make a product supply subject to the acceptance of supplementary obligations to buy other goods and/or services which, either by their nature or according to commercial usage, have no connection with the contract subject, generally should not be used, especially when companies have a significant market share in the first product;
  • Competition clause. Under certain circumstances, it is possible to forbid a distributor or licensee to sell or manufacture competing products. It is allowed to do so to extend the prohibition beyond the duration of the agreement;
  • Patent, trademark, copyright. When licensing patents, copyrights, know-how, or trademarks, it is not allowed to (i) forbid the partner from contesting the secrecy of the licensed know-how or the licensed trademarks and patents, (ii) forbid the partner from contesting the validity of the licensed patent, (iii) fix the price that the licensee charges for its product, (iv) reach agreements with other patent owners regarding royalties to be charged for competing patents; and
  • Improvements and new applications. In patent licensing and know-how licensing agreements, either party should generally be free to compete with its developed products, improvements, or new applications of the technology in so far as these are severable from the licensee’s initial know-how. However, it is not allowed to restrict either party from competing with the other party when it comes to research and development, manufacture, use, or sale of any own developed product, improvement, and a new application of the technology.
Abuse of dominant position

An undertaking has a dominant position when it has a position of economic strength (and market power) that enables it to prevent effective competition and to behave independently from its competitors, customers, and consumers to an appreciable extent.

Although several factors should be considered in the assessment of a company’s position, the market share of the product is the main factor. Market shares are calculated based on geographical and product markets.

Dominant companies have a special responsibility to behave fairly having to comply with special rules to protect competitors, customers, and market structure from abusive behaviour. Many of the commercial policies and tools that are legal for a non-dominant company may be abusive if carried out by a dominant company. As a result, companies in a dominant position (unilateral or collective) should act carefully so to avoid any abuse of such a dominant position.

The following are examples of abuse:

  • Discrimination/Different terms of sale. A company with a dominant position must not discriminate in its terms of sale when dealing with similar customers under comparable circumstances. It is however possible to (i) grant different terms of sale (rebates) to distributors providing special services that are not met by other distributors, (ii) grant different terms of sale to distributors of another stage in the distribution channel (wholesalers/retailers) since such distributors are providing different services;
  • Hindrance of competitors. Market-dominant companies are not allowed to substantially restrict the access of competitors to customers or dealers by imposing (i) exclusive purchase commitments on customers, (ii) fidelity rebates, (iii) rebates with similar effects, and (iv) unfair or predatory price (method in which a seller sets a price so low that other suppliers cannot compete and are forced to exit the market); and
  • Refusal to supply. A refusal to sell to distributors or customers might constitute an abuse of a dominant position. It is not allowed, specifically, to (i) refuse to sell to a customer which meets the same requirements as other customers which are supplied, and (ii) reduce supplies to comparable customers in different ways without an unbiased justification.
Consequences of breaching competition rules

Not complying with competition laws can seriously negatively impact companies. These are the main risks companies might face are:

  • Fines. Companies that breach antitrust rules might be subject to significant fines and compulsory penalties. The European Commission and national competition authorities, including the Portuguese one, can impose fines of up to 10% of the consolidated total turnover of companies. Competition Authorities might take into account the company size, the seriousness of the illegal business practices at stake, the duration of the illegal practices, and the existence of repeat offenses to increase the discouraging effect of fines;
  • Civil liability. A company can be sued for damages by those who can demonstrate that they have sustained losses caused by anti-competitive practices carried on by that company. Although actions for damages resulting from breach of competition rules are not a common solution in Portugal, a set of measures has been implemented recently, so it is expected that damages actions will be used more frequently by injured parties soon;
  • Contractual risk. Any contractual provision infringing antitrust laws is generally void, which means it cannot be enforced before local courts. The entire contract could also be void in certain circumstances.
  • Reputation risk. Violation of antitrust laws is more and more perceived by the stakeholders as unethical behaviour that can seriously impact the image and reputation of a company and make it look like it does not observe/regard the highest corporate governance standards. Share price can also be significantly affected. Recent studies tend to show a correlation between cartel investigations and a decrease in the share price.

A competition guide is of the utmost importance for companies’ executive bodies, employees, and business partners to understand fully that any breach of applicable competition laws might seriously damage a company’s business activity.

Recommendations

Practical recommendations

Undertakings usually are part of professional associations. These professional associations may be subject to monitoring by the Competition Authority, as professional associations might lead to collusion between competitors.

Because of what was said above, undertakings’ employees should comply with specific rules when dealing with these professional associations, particularly regarding membership, meetings, and information exchange.

In most cases, it is not possible to notify the Competition Authority to get a clearance on specific matters. An individual assessment could be more easily made based on a set of rules on competition and, of course, companies can always require external legal opinion in sensitive cases.

Companies can follow some guidelines when dealing with professional associations:

  • Do not exchange nor accept receiving sensitive information;
  • Declare that the company does not want to receive any sensitive information, and protest in writing in case it happens;
  • Do not attend professional associations meetings without written minutes attesting to the agenda and those resolutions are taken under the law;
  • Make sure informal conversations before, during or after such meetings are not about anticompetitive subjects and be properly aware of what could be the content of those discussions;
  • Require professional associations to have a confidential collection system, the so-called “black box system”; and
  • In case the professional association your company is part of does not have a competition guide, suggest/ recommend it adopts one.

How to communicate with clients and competitors 

Communications between companies, their clients, and their competitors are fundamental for the development of their business activities. Companies should use care in their written and oral communications.

The use of inappropriate words in internal or external communications could be misinterpreted as indicative of anticompetitive behaviour. Companies should be conscious that any documents, as a rule, may be subject to seizure by the competition authorities.

To prevent these situations, undertakings should define a set of rules on how to communicate with their clients and competitors. For instance:

  • Do not use expressions that have ambiguous or controversial meaning, especially when it relates to their competitors or competitive behaviour;
  • Do not suggest that their marketing or pricing decisions (based on the company strategy, such as market status, competitor behaviour, customer threats, etc.) should be founded on grounds other than those;
  • Indicate the source of any sensitive information, such as market shares, prices, production capacities; and
  • Write carefully and clearly in memoranda, letters and emails and keep in mind that everything written may be disclosed publicly in an adversarial proceeding.

How to handle documentation

Competition Law requires undertakings to cooperate with the Competition Authority, which implies that they should disclose all information/documentation relating to an investigation procedure in course.

Regardless of specific rules on keeping documentation (for instance, accounting and tax documentation), companies should be aware that some documents could be relevant in an investigation procedure since they could have an important role as evidence or negotiating tool in the scope of settlements or leniency/reduction of fines program.

Once an investigation/litigation is initiated, documents of any kind which directly or indirectly related to the subject of the proceedings must be immediately retained and never destroyed or concealed. Destruction of sensitive documents (even as part of a general retention/destruction policy) or the appearance of a cover-up in the context of an investigation procedure or lawsuit could result in very high fines.

How to react to competition authorities' dawn-raids

Competition authorities have wide investigative powers, which include the power to make inquiries, do searches in companies’ premises, examine, copy, and seize documents as well as seal the premises if necessary.

To react against the so-called “dawn-raids” of competition authorities, companies should define a set of guidelines.

For example, in what concerns the access to documents in the possession of attorneys, the Portuguese Competition Authority, in line with European case law, understands that the client/attorney secrecy privilege only applies to outside counsel and not to in-house lawyers. However, the Lisbon Commerce Court has ruled, in a recent decision, which may be followed by other Portuguese courts, that communications with in-house lawyers should be deemed privileged.

Employees should be aware of the investigative powers of these authorities and know the measures that they can adopt in these circumstances.

All employees, who are likely to be confronted with dawn-raids, for instance, receptionists, managers, lawyers, should be well trained to adopt the right behaviour, as a good relationship with the competition authorities is in the best interest of companies.

Refusal to cooperate could create an incorrect impression, as if the company had something to hide.

Undertakings and/or their employees can be fined by competition authorities.

Final remarks

To avoid risks, companies should be aware of the risks that their employees’ daily informal behaviours can lead to anti-competitive practices and seriously harm the company business even when such conduct was not intended by the company’s management.

The best approach is to:

  • Ensure cooperation with the authorities;
  • Grant access to information that is duly requested by the authorities;
  • Keep documentation;
  • Get legal advice on what is allowed and what is not; and
  • Develop internal proceedings that promote a competition compliance culture.

To learn more, please download our PDF.