Corporate compliance practice — Anguita Osorio.
Prevention models under Law 20.393, internal investigations, independent third-party evaluation and regulatory compliance.
Corporate Compliance
Corporate compliance is the set of policies, procedures and controls an organization implements to prevent, detect and respond to breaches of law, sector regulation and internal ethical standards. In Chile, its regulatory core is Law 20.393 on corporate criminal liability, expanded by Law 21.595 on economic crimes. Anguita Osorio designs, implements and independently evaluates compliance programmes anchored on the prevention model required by these statutes.
Scope and addressees
Which entities need a prevention model and what the model must cover.
Law 20.393 applies to private and state-owned corporations, foundations, associations and other legal entities operating in Chile. The 2023 reform under Law 21.595 expanded the catalogue of predicate offenses to include economic, environmental, tax and market crimes — meaning a much wider set of companies now requires a substantive crime-prevention model, not merely a documentary one.
Prevention model
Governance, controls and oversight that exempt or mitigate corporate criminal liability under Law 20.393, expanded by Law 21.595.
Predicate offenses
Bribery, money laundering, terrorism financing, receipt of stolen goods, environmental, tax, market and labor offenses now in scope after Law 21.595.
Internal investigations
Confidential intake, planning, evidence collection and reporting that preserves the chain of custody and supports prosecution or disciplinary action.
Regulatory compliance
Specific obligations under CMF, ANCI, SII, Labor Directorate and sector-specific regulators, integrated into a single governance framework.
Services
End-to-end compliance programme: diagnosis to independent evaluation.
Compliance diagnosis
Gap analysis against Law 20.393 and Law 21.595 requirements, risk-matrix construction and a prioritised remediation roadmap.
Prevention model design
Drafting of policies, procedures, reporting channels and training plans; appointment and empowerment of the prevention officer; board-level approval.
Internal audits
Independent review of the prevention model in operation: design effectiveness, residual risks, control gaps and management response.
Internal investigations
Independent conduct under privilege, with safeguards for the rights of the person under investigation and outputs usable before the Public Prosecutor.
Independent third-party evaluation
Objective review of the prevention model's adequacy and effective operation by an external evaluator, under Article 4 of Law 20.393. Not a certification: evidence of due diligence for the board, management and the authority.
Methodology
Five phases applied to every compliance engagement.
- Diagnosis
Map the regulatory perimeter, identify exposure to the predicate-offense catalogue and benchmark the existing prevention model against Law 20.393 and Law 21.595.
- Design
Policies, procedures, controls, reporting channels and training plan; appointment of the prevention officer with autonomy and resources; board-level approval.
- Implementation
Roll-out across business units, integration with existing controls (internal audit, risk, legal), training and documentation of the operating model.
- Independent evaluation
Law 20.393 does not contemplate certification. It contemplates periodic evaluation of the model by an independent third party (Article 4), which supports the due diligence of the board and management.
- Monitoring and continuous improvement
Periodic review, incident response, regulatory-change watch and board-level reporting. The prevention model must evolve with the predicate-offense catalogue and the company's risk profile.
Frequently asked questions
What is corporate compliance?
Corporate compliance is the set of policies, procedures and controls an organization implements to prevent, detect and respond to breaches of law, sector regulation and internal ethical standards. In Chile, its regulatory core is Law 20.393 on corporate criminal liability, expanded by Law 21.595 on economic crimes, which widened the catalogue of predicate offenses and changed the logic of attribution.
What is a crime-prevention model?
A crime-prevention model (MPD) is the governance, control and oversight system Law 20.393 requires legal entities to maintain in order to be exempt from or mitigate criminal liability. Its minimum elements are: a prevention officer with autonomy and independence; a risk matrix per offense; documented policies and procedures; confidential reporting channels; regular training; and a periodic review mechanism backed by the board.
What is the difference between Law 20.393 and Law 21.595?
Law 20.393 (2009) established corporate criminal liability and the prevention model as an exempting defense. Law 21.595 (2023) reformed it: it broadened the predicate-offense catalogue beyond the original money-laundering, terrorism-financing and bribery scope; it incorporated economic, environmental, tax and market offenses; and it modified penalties and attribution rules. In practice, the universe of companies that need a substantive prevention model expanded significantly, and pre-existing models must be reviewed to cover the new predicate offenses.
Does Law 20.393 require certifying the prevention model?
No. The Law 21.595 reform eliminated the certification regime for prevention models. What the law now contemplates is periodic evaluation of the model by an independent third party, under Article 4 of Law 20.393. This external evaluation is not a certification with a validity period or a seal: it is an objective review of the model's adequacy and effective operation, supporting the due diligence of the board and management.
How are internal investigations conducted?
An internal investigation has four phases: intake and triage of the report; planning with safeguards for confidentiality and due process; evidence collection (interviews, document review, digital forensics when applicable); and a final report with findings, recommendations and, where appropriate, disciplinary action or referral to the authority. Independent conduct, chain of custody and respect for the rights of the person under investigation are critical for the findings to be usable before the Public Prosecutor or a court.
What is the difference between compliance and regulatory compliance?
Regulatory compliance focuses on respecting specific obligations imposed by sector regulation (CMF, ANCI, SII, Labor Directorate, etc.). Corporate compliance is broader: it covers the crime-prevention model, business ethics, internal governance, conflict-of-interest management, anti-money-laundering and incident response. In practice, a mature compliance programme integrates both layers under a single corporate-governance framework.
Related services
Explore complementary practice areas and regulatory analysis from our team.
Law 20.393 — Corporate Criminal Liability
Foundational RPPJ law: scope, predicate offenses, prevention models and sanctions.
Law 21.595 — Economic Crimes
Predicate offense catalog, sanctions and obligations under the new economic crimes law.
Economic Crimes Fines (Law 21.595)
The day-fine system: exposure up to 2,000,000 UTM for legal entities.
Law 21.643 — Karin Law
Workplace harassment: employer obligations, investigation deadlines and sanctions.
Labor Compliance
Karin Law programs, 40-hour reform, Labor Directorate inspection readiness.
Tax Compliance
SII audit readiness, Article 64 valuations, anti-avoidance rule, coordination with corporate compliance.
Compliance Diagnosis
Gap analysis and roadmap for your prevention model.
Independent Third-Party Evaluation
External review of the prevention model under Article 4 of Law 20.393.
Corporate Advisory
Corporate governance, contracts and strategic business advisory.
Transforme sus Desafíos Legales en Ventajas Competitivas
Descubra cómo nuestro enfoque innovador puede impulsar su negocio