Adapting to the international scene, Act n. º 12,846/2013 is the Brazilian first anti-corruption law to charge companies by acts of corruption made by their employees. The Law carries out strict liability on companies operating in Brazil for domestic and foreign bribery and provides no exception for facilitation payments.
The Decree that regulates the act stipulates criteria by which company’s compliance system will be evaluated when sanctions are imposed. Having a compliance program in accordance with these criteria may significantly lessen administrative penalties: especially reducing the fine amount imposed on the company.
According to the decree, it will be considered for the compliance program evaluation, amongst others:
“Top-Level Commitment”: the top management support is essential and a permanent condition for fostering an ethical culture, respect for the law and for the effective implementation of the compliance program. Senior management should convey a clear policy against corruption to employees and show commitment to the policy.
“Risk Assessment”: potential risks should be periodically researched, analyzed and addressed. In addition to the company profile analysis, Compliance Program structuring also depends on a risk assessment that considers the characteristics of markets where the company operates (local culture, level of state regulation, history corruption). This assessment should mainly consider the probability of occurrence fraud and corruption, including related to bids and contracts, and the impact of these detrimental acts to business operations. The rules, policies and procedures to prevent, detect and remedy occurrence of unwanted acts will be developed based on the identified risks.
“Compliance Policies”: compliance policies and procedures must be applicable to all employees and third parties. The compliance function must be independent and have authority. If relevant, there must be specific procedures related to public procurement and interactions with government officials. A clear and effective policy on relationships with public sector is able to mitigate risks related to participation in biddings and administrative contracts; the payment of taxes; to obtain licenses, authorizations and permissions; the situations of supervision or regulation; the hiring of current and former government officials, among others.
“Due Diligence”: third parties (agents, consultants, joint ventures) represent a higher risk because there is a lower degree of control over them than over employees. So, third parties should be regularly assessed, especially before awarding and renewing contracts. Due diligence must be used in corporate and M&A transactions.
“Internal Monitoring, Testing and Review”: appropriate steps should be taken to ensure policies are being continually communicated, reassessed, understood and updated over time. The procedures must be in place to detect and stop irregularities and to remediate damages.
“Transparency”: establish internal controls to ensure the reliability of financial statements. Ensure that books and records must be accurate and complete.
“Reporting and Disciplinary Measures”: establish channels of communication where employees are free to report offences and good faith whistleblowers are protected. Share information on irregularities among employees and third parties. Establish disciplinary measures to penalize non-compliance. Update policies and procedures following investigations. It is important that the complaints channel maintain the anonymity of the informer person not only to the person’s identity protection purposes, and for the punishment eventual unfounded denunciation.
“Training”: a company’s code of conduct should be clear, detailed and communicated to all employees and third parties. Periodical training must take place. It is very important that the company keeps records of the training performed, with all information of what and whom were trained, and in what issues, because it may be necessary for prove company´s efforts on implementation of integrity program.
In the subject, it is important to highlight that in the evaluation of the parameters mentioned it will be considered the size and characteristics of the company, such as the number of employees, employees and collaborators; the market sector in which it operates; the countries where it operates, directly or indirectly; the degree of interaction with the public sector and the importance of authorizations, permits and governmental approvals for its operations.
Lastly, the government agency responsible for issuing guidelines, rules and procedures for the assessment of the compliance program mentioned in Brazilian Decree expressly states that the merely formal integrity program which shows up absolutely ineffective to mitigate the risk of harmful acts of Act n.º 12,846/2013 will not be considered for purposes of applying the fine reduction percentage.