The true scope of the criminal compliance programs

The bulletin, recently published by the State Prosecutor featuring the guidelines for assessing the criminal liability of companies, details the actual scope that criminal compliance programs are required to have. If one were to interpret these guidelines as new bureaucratic procedures designed to shield a company from potential crimes committed by its managers or employees, the State Prosecutor counters that assertion, while defending the notion that these programs must p... The bulletin, recently published by the State Prosecutor featuring the guidelines for assessing the criminal liability of companies, details the actual scope that criminal compliance programs are required to have. If one were to interpret these guidelines as new bureaucratic procedures designed to shield a company from potential crimes committed by its managers or employees, the State Prosecutor counters that assertion, while defending the notion that these programs must permeate the entire organization and be the cornerstone of the company’s compliance culture. This comprehensive approach has immediate implications for directors and legal representatives, as well as for middle managers tasked with supervision and control functions. Although the Supreme Court is expected to rule soon on the limits of criminal liability for companies, it is worth analyzing the practical application of the State Prosecutor’s guidelines in its approach to criminal compliance programs and some of the factors that must occur in order to ensure a company’s criminal liability. 1. THE FOCUS OF THE CRIMINAL COMPIANCE PROGRAMS Company heads in the eye of the storm According to the State Prosecutor, the directors and senior executives of any company should serve as examples of ethical conduct and a willingness to comply with the rules. Therefore, the commission of a crime by this group “calls into question the seriousness of the program, such that the State Prosecutor will presume the program is ineffective if a senior representative of the company participates in, consents to, or tolerates a crime.” Moreover, it believes that “the best way to prevent this conduct is the proper selection of managers and employees.” Therefore, it is important that “the company’s organization and control models set high ethical standards when recruiting and promoting managers and employees.” Zero tolerance requirement Any violation of compliance programs warrants disciplinary action. This follows the State Prosecutor’s requirement that there be “conviction in response to violations” of the rules of conduct. This “clear message of intolerance for unethical conduct” will be taken into account in any legal proceedings filed against the company. “On the contrary, and by way of example, a director or manager who has been the subject of a criminal proceeding in which a crime has been established and who maintains his/her position blurs the lines of a supposed commitment to ethics” on the part of the company, the State Prosecutor adds. A broader corporate scope The companies will answer for the crimes committed directly or indirectly on their behalf by all of those under their supervision, including “freelancers, sub-contractors, and employees of affiliated companies, provided they are included within the scope of the corporate domain.” This interpretation requires companies to strive to extend a culture of ethics and compliance throughout the corporate environment. Moreover, companies should seriously consider including specific clauses in the contracts that govern these third-party relationships to ensure the parties are privy to the ethics and good governance policies, thereby minimizing the risk that the unwanted actions of a third party result in a liability for the company. The Compliance Officer, subject to indictment The State Prosecutor clarifies doubts about the circle of managers who are indictable in investigations into crimes committed by the company. This not only includes those who “make up part of the corporate bodies with decision-making authority,” but also those tasked with crime prevention, specifically, the Compliance Officer. This interpretation requires that control mechanisms be established concerning the selection and performance of the Compliance Officer, to be assumed by the board of directors. A model that grants autonomy to the Compliance Officer The State Prosecutor insists that the body responsible for the regulatory compliance function operate with full autonomy, it being impossible to effectively exercise its duty otherwise. Therefore, the State Prosecutor recommends that “in order to achieve the highest levels of autonomy, the models must include mechanisms to effectively manage any conflict of interest that may arise from the exercise of the Compliance Officer’s functions, ensuring operational separation between the board of directors and the members of the supervisory body, who are preferably not directors, or not entirely.” Support for the whistleblowing policy Considering the effectiveness of violation-disclosure systems in other countries, the State Prosecutor insists that their successful track record – namely, the fact that they have helped prevent crimes in the past – will be a key factor in absolving the company of possible criminal liability in a subsequent trial. This is because they demonstrate “not only the effectiveness of the model but its consonance with a corporate culture of compliance.” With this interpretation, the State Prosecutor definitively advocates the use of whistleblower channels as the preferred instrument of compliance within an organization. Could it open the door to incentive schemes designed to detect crime? It is our belief that the State Prosecutor itself instructs prosecutors not to take criminal action against a company when the denunciation originates from within the company itself. This shows that the success of a model is not limited to prevention, but also detection, and denunciation of the fact, criminal or otherwise. The use of certification According to the State Prosecutor, certifications attesting to the suitability of a model issued by companies, corporations, or associations that evaluate and certify compliance with obligations will only be considered “an additional element of compliance, that in no way proves the effectiveness of the program.” The implication of the State Prosecutor is that not even the best supervisory architecture can ensure that those subject to it will comply: proper supervision is supervision in action, active supervision. In our opinion, the certifications are useful because they validate the design, but do not guarantee that the program truly delivers while in effect. This requires the (pre-trial) existence of evidence that the model is operational. Easing requirements for small businesses Although the Penal Code requires small businesses to have criminal compliance programs, the State Prosecutor maintains that “they can prove their ethical commitment by reasonably adapting the formal requirements [of these programs] to their size, enabling them to demonstrate a culture of regulatory compliance beyond the literal interpretation of the concept and in line with the lesser requirements for these companies from an accounting, commercial, and fiscal perspective.” 2. OTHER CONSIDERATIONS ABOUT CORPORATE CRIMINAL LIABILITY Quantifiable benefit or not The State Prosecutor understands that the existence of corporate criminal liability is not contingent upon the materialization of a benefit for the company. This benefit is understood in a broad sense, as cost savings or any “strategic, intangible, or reputational benefit.” A limit when crimes are committed by employees Anyone who knowingly violates the rules attempts to conceal their actions. As such, the State Prosecutor insists that a company’s liability for crimes committed by its employees would indicate a serious failure of the supervision, monitoring, and control requirements on the part of those tasked with these functions. In any case, “the subject responsible for the control omission will also answer for the crime, whether committed willfully, negligently, or by omission.” Therefore, the State Prosecutor could charge both the employee and the manager responsible for supervision and control, thus opening a two-fold path of accountability for the company.   Nieves Briz Head of Corporate Governance and Criminal Compliance Programs nbriz@jausaslegal.com