Di Guido Molinari, Avvocato
Carnelutti Law Firm – Rome
21 novembre 2008
The 8th June 2001 legislative Decree no. 231, (“Decree”), introduced the “Administrative liability of legal entities, companies and associations including those without legal status according to art. 11 of the 29th September 2000 Law, no. 300”.
The issue is quite innovative for the Italian legal system because for the first time the liability arises not only on the head of the individual and actual perpetrator of the offence, but for legal entities as well.
Before the enforcement of the Decree, entities could be held liable only under the civil ground and not the criminal one, according to arts. 196 and 197 of the Criminal Code, and chargeable to pay fines in the event of the perpetrator insolvency.
On Art. 6 the Decree, sets forth a sort of liability “exemption” in favour of the entities able to prove “to have adopted and effectively implemented the appropriate organizational, management and control models in order to prevent offences as the one occurred”.
The control system, as set forth by the norm, is optional and not compulsory. However, it is evident that in the event of an adverse sentence under the criminal code the entity could be punished with sanctions as provided for by the Decree, while, on the other hand, shareholders could take action against the company’s directors for negligence in the prior arrangement of the organization, management and control model in order to take advantage of the “exemption” clause.
The Decree’s Art. 6 provides that the representative associations of an entity may draw up a behaviour Code on the grounds of which each organization, management and control Model will be formulated and then transmitted to the Ministry of Justice in order to receive remarks, within 30 days, on the Model’s potential power to prevent the offences’ perpetration.
The Decree’s provisions may be applied to the following (art. 1 Paragraph 2): “legal entities, companies and associations including those without legal status”. The same does not apply to “The State, territorial public entities and entities with constitutional relevance functions” (i.e.: political parties or labour unions).
With reference to the so called “Company offences”, according to the Legislative Decree no. 61 of 2002 (cf. par. 2), the new normative is applicable only to the business enterprise.
The Decree introduced a new, additional liability for bodies into the Italian system, with regard to certain offences committed by directors, representatives or employees in the interest or to the advantage of the body in question.
The offences regulated by the Decree are as follows:
1. offences against the public administration;
2. corporate offences;
3. offences regarding the forgery of money, public credit cards and revenue stamps;
4. terrorism-related crimes or crimes aimed at disrupting democratic order;
5. offences against individuals;
6. offences involving the abuse of privileged information and rigging of the market;
7. culpable homicide or accidental severe injuries arising from infringements of Labour Security;
8. Money Laundering;
9. ICT offences.
Entity’s responsibility arises only for offences committed to its own advantage by “individuals who are representatives, directors or managers of the company or of one of its organizational units that has financial and functional independence, or by individuals who are responsible for managing or controlling the company” (individuals in top positions; article 5, paragraph 1, letter a) of Decree); by individuals who are managed or supervised by an individual in a top position (individuals under the command of others; article 5, paragraph 1, letter b) of Decree).
With reference to the so called “Company offences”, Decree’s art. 25-ter, it’s enough to detect a company interest in committing the offence regardless of the profit.
However, the company in question is not liable for the offence committed by persons employed within the company if it can demonstrate the adoption and implementation, prior to committal of the offence in question, of management, organisation and auditing models suitable for preventing offences similar to the one committed. With regard to the first three categories of offences, the Company has to take steps to comply with the guidelines set down by law in order to benefit from the exemption from administrative liability provided for in the Decree, by implementing:
– an Organisation Model (“Model/s”);
– an Ethical Code of Conduct (“Code of Ethics”);
– a Supervisory Body with independent powers of initiative and control;
– an efficient internal auditing system;
– a specific regulatory system aimed at applying penalties for failure to comply with the measures provided for in the model.
The Decree’s Art. 6, paragraph 2 indicates the two main phases to set up a suitable system such that qualifies for the exemption:
– Risks’ Identification: represent the system’s preparation phase, when the company’s context has to be analyzed (area by area, sector by sector) in order to highlight the likelihood of the offences’ perpetration.
– The actual watch structure Planning: it begins with the existing control instruments analysis and then considers the needs and modalities of their adjustment to the Decree’s provisions.
It is advisable to perform both the operations periodically, especially in case of significant changes inside the company.
Purpose and basic principles of the Model
The purpose of the Model is to construct a structured and organic system of procedures and control activities to be performed also on a preventive basis (ex ante control), with the aim of preventing the various types of crimes envisaged in the Decree.
The Model, among other things, identifies the main “risk activity areas”, in other words operations/activities that by their very nature represent an area in which the envisaged offences may be committed, even if the legislative decree refers to the whole company and all company structures.
In particular, in identifying and mapping the “risky activity areas”, this document sets itself the following objectives:
– bring about, in all persons who operate in Company’s name and behalf in “risky activities areas” awareness of the possibility of being charged, in the event of transgression of the provisions it contains, for an offence subject to penalties in both the penal and administrative sphere applicable not only to them as individuals but also to the Company;
– stress that such forms of unlawful behaviour are condemned by the Company because (even in the event that the Company might apparently be able to benefit from them) they are in any case contrary not only to the provisions of the law but also to the ethical and social principles observed by the Group in the performance of its corporate mission;
– enable the Company, thanks to continuous monitoring action on the “risky activities areas”, to intervene promptly in order to prevent or combat the commission of such offences.
The Model’s key points, in addition to the principles already mentioned, are as follows:
– sensitisation and diffusion activities – extending to all levels of the company – concerning the foreseen behavioural rules and procedures;
– mapping the company’s “risky activities areas”;
– assignment to the Supervisory Body of specific vigilance tasks to ensure the effective and correct operation of the Model;
– verification and documentation of risky operations, with connected recording of the relative procedures currently in existence and verification of the latter’s completeness and manner of formalisation;
– observance of the principle of separation of functions;
– definition of authorisation powers consistent with the responsibilities assigned;
– verification of modes of behaviour in the company, together with that of the operation of the Model with consequent periodical updating (ex post control);
– updating of company functions and procedures following any changes in the current rules and regulations;
– foreseeing an adequate disciplinary system.
It also must:
– provide for specific protocols oriented to plan the formation and implementation of the entity’s decisions made in connection with the preventable offences.
– provide for information’s duties towards the Supervisory Body appointed to control its observance and introduce a suitable disciplinary system.
– identify ways of financial resources management fit to prevent the offences perpetration.
The Code of Ethics outlines conduct guidelines which we must all follow in daily activities, when managing relations both inside and outside the company, which draw on the ethical and social values of correctness, transparency, honesty and integrity.
More specifically, the Code of Ethics establishes guidelines for Directors, all Company’s staff, and anyone who operates permanently or temporarily on behalf of Group companies.
In line with the action framework drawn up by the European Union, each Company is keen to develop and apply all the necessary initiatives to promote Corporate Social Responsibility (CSR). This has led the Company to extend its commitment to social responsibility to its Code of Ethics.
Aware of the fact that a Company’s ethics are important in creating value and ensuring the success of the business, and that principles such as honesty, moral integrity, transparency, reliability and a sense of responsibility represent the foundation stones for all the activities included in its mission, each Company has to draw up guidelines for the conduct of both internal and external relations.
The ethical principles contained in the Code are of great importance, helping to enhance the Company’s reputation in the social and business environments in which it operates, and translating appreciation for the values underpinning the Company’s approach to doing business into a competitive advantage.
The Board of Directors of the Company has also to appoint a Supervisory Body which takes the form of a board comprising external members with documented experience and knowledge, the main requirements for Supervisory Body are:
– Autonomy and independence.
– High professionalism.
– Continuity of action.
Functions and powers of the Supervisory Body (“SB”)
The SB is entrusted, from a general standpoint, with the following tasks:
A. supervising the observance of the provisions contained in the Model on the part of those to whom they are addressed, as specifically identified in the individual Special Parts in relation to the various types of crimes envisaged in the Decree;
B. ascertaining the real effectiveness and actual ability of this Model, in relation to the company’s structure, to prevent the crimes indicated in the Decree;
C. assessing, in collaboration with the company functions concerned, the need to propose any updating of the Model to the competent organs (Board of Directors or CEO), with particular reference to the evolution of and/or changes in the Company’s organisational and/or operative structure and/or pertinent legislation and regulations;
D. supporting the competent company structures called upon by the Managing Director to implement/update the “Risk Areas Map”, which identifies the potentially risky areas of activity in which it is possible that offences foreseen in the Decree could be committed, together with the company processes and structures connected with the main Risky Activities Areas specified in the Model; proposing additions to the said main “risky activities areas” on the basis of the work carried out;
E. supervision of the delegations system, for the purpose of assuring the effectiveness of the Model.
In addition, the following tasks are entrusted to the SB:
· formulating and implementing a programme of checks to verify the effective application of the company’s control procedures in the risky activities areas and their effectiveness, bearing in mind that a primary control responsibility for these activities, including those relative to the risky activities areas, is in any case held by the Company’s operative management and constitutes an integral part of the Company process;
· collecting, processing and keeping the information relative to observance of the Model, and where necessary, updating the list of the information that must be compulsorily sent to the SB or kept at its disposal;
· coordinating with the other company functions, also by means of ad-hoc meetings, to ensure the best possible monitoring of the activities in the areas at risk. To this end, the SB is kept constantly informed of developments in activities in the said risk areas, and has free access to all the relevant Company documentation, in compliance with the current regulations. The SB must in addition be informed by the management of any situations in the Company’s activities that could expose it to the risk of criminal offences;
· conducting the internal investigations for the ascertainment of suspected violations of the rules foreseen in the Model;
· ascertaining that the features foreseen in the individual Special Parts of the Model to prevent the various types of crimes (adoption of standard clauses, following procedures, etc.) are in any case adequate and meet the requirements for compliance with the provisions of the Decree, and if not, proposing an update of the said features;
· coordinating with the High Management and with the persons responsible for the various Company functions, with regard to the aspects pertaining to the implementation of the Model, such as promotion of suitable initiatives to spread knowledge and understanding of the Model, personnel training, disciplinary measures, etc.;
· coordinating with the persons in charge of the individual Company functions to assure the preparation of the internal organisational documentation containing the instructions, explanations or updates necessary for the correct operation of the Model itself.
The Supervisory Body, in few words, has the task to monitor the adequacy of the Model with regard to a Company’s operations and its effectiveness in preventing offences from occurring. The Company’s operations are addressed in a dynamic way since they involve legislative amendments, change of activities, employment of new personnel, transformations etc..
The drafting of compliance programs requires multidisciplinary skills and, often, the internal structures of the corporations lack the necessary competencies. For this reason, it is advisable to have an independent and professional evaluation of the program and of its adoption process.
The new normative framework for the professional role is to underscore the advantages of adopting the so-called organizational Models on the one side and on the other to assist companies in drafting the Models and setting up the SB and later on in adjusting the Models to keep up with their business evolution.