India has borne witness to an increase in white-collar crimes in recent years.
Enhanced financial stress due to the COVID-19 pandemic and subsequent lockdowns can prove fertile circumstances for a further increase in white-collar crimes such as accounting fraud, money laundering, etc. Moreover, due to increased governmental regulation in areas such as logistics and supply chain management, there may be an increase in the instances of bribery.
Cybercrimes have reportedly been increasing since India went into lockdown, for instance, there was an estimated increase of 86% in cybercrime reporting.
In light of the above scenario, it becomes increasingly important to examine the current legal framework.
Some of the key legislations dealing with such crimes include:
Prevention of Corruption Act, 1988 (“PCA”)
The PCA criminalizes offences related to bribery of public servants. The Act punishes public servants for obtaining undue advantage for improper performance of duties and for criminal misconduct for illicit enrichment and misappropriation of entrusted property. It also punishes individuals for inducing such improper performance and for offering bribes to public servants. Commercial organizations are also liable for fine if persons associated to them pay bribes to public servants for the organizations’ advantage.
Companies Act, 2013 (“CA”)
The CA considers the role of key stakeholders in white-collar crimes involving companies. The Act obligates auditors to report fraud and casts a fiduciary duty on directors to act in the best interests of the company and not make undue gains. Fraud in relation to affairs of a company, which includes acts committed with intent to deceive or gain undue advantage from the company is punishable. The CA (as well as the SEBI LODR) makes provision for specified companies to establish a vigil mechanism for directors and employees to report genuine concerns.
Prevention of Money Laundering Act, 2002 (“PMLA”)
As per the PMLA any person who is involved in any activity connected with the proceeds of crime, including its concealment, possession, acquisition or use, and projecting or claiming it as untainted property, shall be guilty of offence of money laundering and punished with a term of imprisonment of more than 3 years but which may extend to 7 years and shall also be liable to fine.
Information Technology Act, 2000 (“IT Act”)
Cybercrimes are governed by offences under the IT Act, the key provisions under which include offences relating to tampering with computer source documents, computer-related offences such as destroying information, phishing or introducing virus on computer systems, identity theft, cheating by personation, violation of privacy, cyber terrorism and failure to prevent and retain information by intermediaries.
Upon a review of India’s legal framework to tackle white-collar crimes, we notice a few shortcomings:
Firstly, the PCA deals only with the bribery of public servants; there is no specific law for the private sector, which is left to be governed by provisions under the Indian Penal Code and the CA. Since a sizeable chunk of economic power is now privatized, a nuanced law on bribery in the private sector becomes essential. The United Kingdom’s Bribery Act of 2010, for instance, applies to both public and private bribery. A private member’s bill in this regard was introduced in Lok Sabha in 2018 by Mr. Udit Raj, but there has been no further progress on this front.
Secondly, there are still essential gaps in the law vis-à-vis the PCA. Although section 9 provides that it is a defense for a commercial organization to state that it had put adequate procedures in compliance of prescribed guidelines to prevent associated persons from indulging in bribery, the Central Government is yet to notify any such guidelines.
Further, section 20 provides that when a public servant is found to have accepted an undue advantage, it must be presumed that such acceptance was for the commission of an offence of bribery. However, the Supreme Court in P Satyanarayan Murthy vs State of Andhra Pradesh observed that this presumption can be drawn and applied only after proving demand for and acceptance of illegal gratification for doing or forbearing to do any official act. The judgement seems to contradict the presumptive intent of Section 20. In Neeraj Dutta vs. State of NCT of Delhi, the Supreme Court expressed reservations regarding the validity of this finding in the case of P. Satyanarayana Murthy and therefore referred the matter to a larger bench, which is presently pending.
Thirdly, we notice that protections afforded to whistleblowers under the vigil mechanism provided under the CA may prove inadequate since no specifics have been provided, leaving much to the discretion of companies resulting in whistle-blowing employees being discriminated against. Therefore, we wish to highlight the need of a comprehensive statutory time-bound whistle-blowing policy aimed at incentivizing and protecting whistleblowers.
Furthermore, the Whistleblowers Protection Act, 2014 was enacted with a view to eliminate corruption in the government and public sector undertakings by ensuring adequate protection to the complainants. Since then, the Ministry of Personnel, Public Grievances and Pensions has issued a clarification that the law requires further amendments before being operationalized. The amendment bill introduced in 2015 is yet to be passed by the Parliament.
Lastly, the IT Act is unable to offer adequate protection against cyber-crimes in the wake of increased digitalization and exponential increase in cybercrimes. A major issue is that the penalties levied under the IT Act (often within the range of few lakh rupees) are minimal in magnitude and might not prove a sufficient deterrent for the bigger players in the market.
Further, the exemption of intermediaries from liability under section 79 (for any third party information, data or communication link made available by them) should be read in a narrower sense, conferring stricter duties on intermediaries, who possess various tools such as AI or machine learning, enabling screening processes.
Another issue is that the IT Act does not adequately address privacy and data protection concerns, especially now that privacy has been held to be a fundamental right. The Personal Data Protection Bill is a step forward but remains under consideration by the Joint Parliamentary Committee.