Evaluación de Tercero Independiente en Modelos de Prevención | Anguita Osorio

Requisito de la Ley 20.393 para programas de compliance efectivos en Chile

Analysis: Independent Third-Party Assessment in Prevention Models

The requirement for periodic independent assessment under Article 4° N°4 of Law 20.393 constitutes a critical element for the legal effectiveness of Crime Prevention Models. We analyze the implications of this requirement in a context of growing regulatory complexity and expansion of the crime catalog.

Article 4° N°4 - Law N°20.393

"Provision for periodic assessments by independent third parties and improvement or update mechanisms based on such assessments."

Legal implication: Without periodic independent assessment, the Prevention Model cannot be invoked as an exemption from corporate criminal liability, regardless of its design or implementation.

Regulatory Context: Expansion and Normative Convergence

Law 21.595 significantly expanded the crime catalog of Law 20.393. Prevention Models must now address the convergence of multiple regulatory frameworks: cybercrimes (Law 21.595), personal data protection (Law 19.628 and future reform), cybersecurity (Law 21.663), environmental, labor, tax crimes, among others. This complexity reinforces the need for specialized independent assessment.

Constitutive Element of the CPM

Independent assessment is not an optional complement but a structural component of the model, whose absence compromises the viability of corporate defense.

Substantive Effectiveness Standard

The assessment must distinguish between formal ('paper') programs and genuine operational systems, applying internationally recognized practical effectiveness criteria.

Transversal Regulatory Integration

The model must demonstrate capacity to manage criminal risks derived from multiple sectoral regulations: personal data, cybersecurity, environment, antitrust, securities market, among others.

Assessment Standards: International Convergence and Local Practice

Chilean regulatory practice has progressively adopted international assessment criteria

International Reference Frameworks

Multiple recognized frameworks exist for compliance program assessment. The U.S. Department of Justice (DOJ) provides an example of criteria that distinguish between formal compliance and substantive effectiveness. Other frameworks include ISO 37001 (anti-bribery systems), ISO 37301 (compliance management systems), and OECD guidelines. Chilean jurisprudence has progressively adopted these international standards, as evidenced by the Corpesca case where a merely formal model was rejected.

Design adequacy for specific risksConsidering sectoral risk profile and applicable crime matrix
Autonomy and independence of the Prevention OfficerCritical element recognized in national jurisprudence as determinant of effectiveness
Empirical evidence of operationDemonstration of effective operation beyond formal documentation

Strategic Implications of Independent Assessment

Assessment transcends formal compliance to constitute a corporate governance tool

Intersection with Specific Regulatory Frameworks

Independent assessment must consider the growing complexity of the Chilean regulatory environment. The prevention model operates at the intersection of multiple regulatory obligations that require integrated analysis:

Cybersecurity and Computer Crimes

Convergence between Law 21.595 (cybercrimes) and Law 21.663 (cybersecurity framework). Essential Services face dual obligations requiring coordinated assessment.

Personal Data Protection

Integration with Law 19.628 and future reform. Improper data processing can constitute both administrative infractions and crimes underlying criminal liability.

Sectoral Regulations

Coordination with specific frameworks: CMF for financial sector, SEC for energy, CNE, CEN, SMA for environment, DGA for water, SUBTEL for telecommunications, UAF for money laundering, SII, DT, FNE for antitrust, among others.

Independence and Technical Competence Criteria

Evaluator independence is not merely formal. It requires absence of conflicts of interest, demonstrable technical competence, and deep understanding of the applicable regulatory framework. Jurisprudence has emphasized that assessment must be substantive, not ceremonial.

Practical Application in Chile

DOJ methodology is already reflected in Chilean jurisprudence and regulatory practice

Successful Case

Antitrust - Supermarkets

In the supermarket collusion case, TDLC applied a fine reduction to Walmart, recognizing that its compliance program was 'comparatively very superior' and represented 'a very relevant advance'.

Lesson:

A demonstrable investment in a robust and operational program has tangible benefits, being recognized by Chilean authorities.

Ineffective Program

Corruption - Corpesca Case

First legal entity convicted in oral trial in Chile. Despite having a CPM, the court qualified it as ineffective due to 'serious organizational defect'. The Prevention Officer had no autonomy to supervise senior management.