Corruption risk and the COVID-19 pandemic: Ensuring compliance in the era of the “new normal”

The COVID-19 pandemic increases risk for businesses operating in a new and uncertain economic context. While regulators have eased certain requirements such as filing deadlines as a result, law enforcement agencies and regulators  continue to vigilantly hold wrongdoers accountable for transgressions. Businesses will likely face increasing regulatory scrutiny, while bad actors may simultaneously seek to exploit the pandemic. In this context businesses, and those who are responsible for running them, will continue to be held responsible for meeting high compliance standards to protect themselves and markets more broadly. In particular, businesses must guard against liability for the actions of contractors, employees and counterparties, for which they may be responsible at law.

Below are key considerations businesses should keep in mind in maintaining strong compliance controls during and after the pandemic.

Be aware of potential corporate criminal liability

Businesses may be subject to criminal liability, either for fault or negligence. In particular, businesses may be subject to corporate criminal liability where the offence was committed with the involvement of an individual with responsibility over an important aspect of the company’s business, or where the company demonstrates criminal negligence resulting in death or bodily harm. Businesses may also in certain circumstances be held criminally liable for the actions of contractors, employees or counterparties.

  • Businesses may be found criminally responsible for offences under the Criminal Code and other federal legislation such as the Corruption of Foreign Public Officials Act if an offence was committed with the involvement an individual responsible for managing an important aspect of the company’s business. This may include circumstances where management is aware of or turns a blind eye toward offences committed by agents, employees or counterparties. Conversely, officers, directors and other senior management may be held criminally responsible personally if a party to the offence.
  • Businessesmay be found criminally negligent if deemed to show wanton or reckless disregard for the lives of safety of others by showing a “marked and substantial departure” from the standard of care expected of a reasonable person which causes either death or bodily harm. Notably, individuals or corporations may be criminally negligent where they omit to comply with a legal duty. This may include businesses which fail to adhere to their legal obligations pursuant to government orders under emergency legislation, as well as occupational health and safety legislation.[1] There is no requirement for the involvement of management for businesses to be held criminally negligent.

To minimize the risk of triggering criminal liability, prudent organizations should have in place sufficient proactive measures. Such measures have been recognized by the courts as being a mitigating factor in the event of a conviction. As such, it is critical that businesses comply with all legal obligations, including government emergency measures and normal course obligations as outlined below, throughout and after the pandemic, failing which they could face criminal liability and massive downside risk.

Minimize risks of inheriting liability through transactional activity

Criminal or regulatory liability may also be inherited by an acquiring company in the context of M&A transactions where it is the company itself rather than the assets that are being acquired. As such, businesses engaged in M&A activity during and following the pandemic should exercise a high degree of diligence to ensure they do not acquire regulatory risk. In addition to appropriately undertaking due diligence, acquiring businesses should include appropriate representations and warranties in relevant agreements, as well as anti-corruption covenants and provisions regarding ancillary issues such as government approval and outside date/termination rights where appropriate.

Follow evolving developments and maintain compliance with emergency and other COVID-19 measures

Carefully adhere to emergency measures and other legal obligations in connection with the COVID-19 pandemic. Provincial governments have enacted various emergency measures including, among other things:

  • closure of and restrictions on non-essential businesses;
  • prohibiting practices such as price-gouging (e.g., Ontario prohibitions and U.S. enforcement activity); and
  • various health and safety measures including physical distancing.

Businesses or individuals that do not comply with government orders or directives under emergency legislation – or otherwise fail to take adequate precautions to prevent the spread of COVID-19 – may be subject to liability. In particular:

  • Businesses that violate emergency orders issued by provincial governments – including mandatory business closures and physical distancing measures – may be subject to fines or imprisonment of directors and officers under emergency legislation.
  • Employers remain subject to a general duty under federal and provincial labour and employment law to ensure that the health and safety of employees is protected.
  • As discussed above, businesses may be criminally negligent if showing a marked and substantial departure from the requisite standard of care, including with respect to the obligations above.

A list of emergency measures to date can be found here. For employment considerations, please see our COVID-19 Quick-Reference Considerations for Employers.

Manage supply chains and fraud risks

Businesses across the world are facing material supply chain challenges. As demand proliferates rapidly for essential goods – including food, medical equipment, medications, and personal protective equipment – businesses will be under increasing pressure to maintain or expand supply chains. Particularly vulnerable are businesses acquiring personal protective equipment (“PPE). Examples of fraud with respect to these items have already occurred. Businesses should take appropriate measures to ensure they are not victims of such schemes or otherwise doing business with bad actors.

Supply chain interruptions increase risk that businesses may be victims of fraud, and demand additional regulatory compliance. As such, best practices should be carefully adhered to, and in some cases built upon, to ensure the risk of fraud is mitigated. Such best practices include thorough “know-your-customer” measures (even if not formally required), due diligence with respect to contractors and suppliers more broadly, and including anti-corruption and other compliance representations and warranties in relevant agreements.

Appropriate diligence and compliance should encompass relevant sanctions obligations –with respect to both listed jurisdictions and individuals. There has been minimal Canadian government guidance about sanctions or other export controls to date: while some countries are imposing additional export controls, others are facilitating additional exports to meet humanitarian needs.[2] In either case, regulators have not lifted sanctions requirements and businesses remain subject to their sanctions obligations. In addition to general fraud audits, businesses – particularly those who are working with new third party partners (e.g., through new supply chains or other procurement partnerships) – should maintain best practices to ensure they remain compliant with sanctions obligations and other requirements under Canadian law.[3]

Exercise caution in dealings with government

Businesses adjusting to operating in the context of the pandemic may find themselves engaged in government interactions outside their normal course. Businesses should be cognizant of the following in all dealings with government:

  • Competition legislation: Businesses may face increased risks under the Competition Act, particularly when transacting with the government or remobilized by government for COVID-specific purposes in accordance with emergency measures. In addition to existing best practices, businesses should ensure that all measures and strategic reasons guiding decision-making are well documented. For more information please see our Competition Group’s post on Competition Compliance during the COVID-19 crisis: Price-gouging, deceptive marketing, and collusion.
  • Lobbying legislation: The evolving economic situation may lead to businesses taking additional lobbying measures, including with respect to financial assistance or closings of businesses. Businesses must comply with all applicable lobbying legislation while undertaking any such activities.
  • Anti-corruption legislation: Canadian businesses remain subject to anti-corruption obligations, both domestically and extraterritorially. Failure to comply with these obligations may result in criminal liability, including fines, criminal penalties and other potential sanctions such as debarment from public procurement.

Dealings with governments should be well-documented and compliant with regulatory standards. Be particularly careful when dealing with intermediaries (e.g., where a third party offers assistance).

Maintain normal procedures and set a “tone at the top”

Above all, businesses should continue to rigorously follow their normal compliance procedures throughout the pandemic. In particular they should:

  • ensure audit and other oversight mechanisms are appropriately maintained throughout the pandemic;
  • continue to address compliance issues brought to the company’s attention, including investigation of whistleblower reports and other issues;
  • consider company targets, benchmarks and incentives in the context of the pandemic and resulting economic downturn and ensure company representatives are incentivized to rigorously follow compliance procedures and not to depart from them in an attempt to meet unrealistic performance targets; and
  • ensure messaging consistently emphasizes the importance of compliance and the need for vigilance.

For further information on navigating legal implications and business impacts of COVID-19, please see our page here.


[1] In addition, it is an offence under the Criminal Code for anyone who directs how another person does work to fail to take reasonable steps to prevent bodily harm to that person or others.

[2] For example, the US Federal Emergency Management Agency (FEMA) has issued a Temporary Final Rule and subsequent notice ordering the agency to review exports of PPE and other “covered materials” needed to respond to the pandemic. In contrast, Canada has announced additional funding for international COVID relief, and has previously sent PPE to China. In return, China has repaid the shipment.    

[3] Businesses engaged in financing transactions or other businesses which may fall within the scope of terrorist financing or anti-money laundering legislation should similarly be cognizant of potential risks. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has emphasized that all businesses subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated regulations are expected to meet all obligations thereunder, including in relation to reporting, and both reporting and non-reporting entities are also subject to the anti-money laundering provisions of the Criminal Code. For more information about anti-money laundering and terrorist financing obligations please see our Anti-money laundering and terrorist financing "Things to know" page.