Under the Companies Law, directors are prohibited from disclosing confidential information and trade secrets to which they have access in their capacity as a director. Further, the law states that the scope and duration of a director's confidentiality obligations must be agreed by the director and their company in the applicable mandate agreement.
Shareholder access to confidential information
In practice, the transfer of information to the controlling shareholder by directors appointed by the controlling shareholder is a sensitive issue.
The Companies Law expressly sets out the information to which shareholders have access and provides for the principle of equal and fair treatment of all shareholders. Thus, only limited information is available to shareholders (eg, information pertaining to the shareholder structure, financial statements, directors' reports and information relating to the agenda of the shareholders' meeting). However, each company may expand in its articles of association the amount of information to be made available to its shareholders.
The Companies Law states that even where shareholders hold together or individually at least 10% of a company's share capital, they have the right to request the appointment of one or more experts to analyse certain activities of the company and receive any reports issued by such experts. However, they do not have the right to receive copies of the concluded agreements.
Limits of disclosing confidential information
Although controlling and significant shareholders have no special information rights under the Companies Law, there are specific circumstances in which certain shareholders may have access to a wider range of information.
For instance, in case of listed companies, if a shareholder is willing to launch a secondary public offering, the company must disclose to the offeror all of the information necessary to prepare an offering prospectus. Given that such disclosure is mandatory under the law, it does not raise concerns with respect to a breach of a director's confidentiality obligations.
While the example above is rather straightforward, there are cases in which the legal provisions leave room for adverse interpretation. For example, in case of a group structure where the parent company is regulated (eg, credit institutions or investment firms), certain regulatory requirements must be complied with at the group level (eg, corporate governance, prudential, risk management and consolidated financial statement requirements) and not just at the group-entity level. Consequently, at the group level, various legal requirements must be complied with which would result in an intra-group transfer of information. However, Romanian law includes no clear legal provision allowing such an intra-group information transfer to be implemented.
Under Romanian law, the scope and duration of a director's confidentiality obligations must be agreed in the mandate agreement to be concluded between the director and their company.
In order to mitigate the risks deriving from adverse interpretations of the law, mandate agreements should set out the specific circumstances in which directors can disclose confidential information to their company's parent undertaking or subsidiaries.