Corporate compliance practice — Anguita Osorio.
Prevention models under Law 20.393, internal investigations, certification and regulatory compliance.
Corporate Compliance
Corporate compliance is the set of policies, procedures and controls an organization implements to prevent, detect and respond to breaches of law, sector regulation and internal ethical standards. In Chile, its regulatory core is Law 20.393 on corporate criminal liability, expanded by Law 21.595 on economic crimes. Anguita Osorio designs, implements and certifies compliance programmes anchored on the prevention model required by these statutes.
Scope and addressees
Which entities need a prevention model and what the model must cover.
Law 20.393 applies to private and state-owned corporations, foundations, associations and other legal entities operating in Chile. The 2023 reform under Law 21.595 expanded the catalogue of predicate offenses to include economic, environmental, tax and market crimes — meaning a much wider set of companies now requires a substantive crime-prevention model, not merely a documentary one.
Prevention model
Governance, controls and oversight that exempt or mitigate corporate criminal liability under Law 20.393, expanded by Law 21.595.
Predicate offenses
Bribery, money laundering, terrorism financing, receipt of stolen goods, environmental, tax, market and labor offenses now in scope after Law 21.595.
Internal investigations
Confidential intake, planning, evidence collection and reporting that preserves the chain of custody and supports prosecution or disciplinary action.
Regulatory compliance
Specific obligations under CMF, ANCI, SII, Labor Directorate and sector-specific regulators, integrated into a single governance framework.
Services
End-to-end compliance programme — diagnosis to certification.
Compliance diagnosis
Gap analysis against Law 20.393 and Law 21.595 requirements, risk-matrix construction and a prioritised remediation roadmap.
Prevention model design
Drafting of policies, procedures, reporting channels and training plans; appointment and empowerment of the prevention officer; board-level approval.
Internal audits
Independent review of the prevention model in operation: design effectiveness, residual risks, control gaps and management response.
Internal investigations
Independent conduct under privilege, with safeguards for the rights of the person under investigation and outputs usable before the Public Prosecutor.
Certification support
Preparation, evidence packaging and accompaniment during certification by a CMF-authorised entity. Validity up to two years.
Compliance map
A dynamic visualization of the obligations applicable to the company across all sector regulators, kept current with regulatory change.
Methodology
Five phases applied to every compliance engagement.
- Diagnosis
Map the regulatory perimeter, identify exposure to the predicate-offense catalogue and benchmark the existing prevention model against Law 20.393 and Law 21.595.
- Design
Policies, procedures, controls, reporting channels and training plan; appointment of the prevention officer with autonomy and resources; board-level approval.
- Implementation
Roll-out across business units, integration with existing controls (internal audit, risk, legal), training and documentation of the operating model.
- Certification
Optional but advisable: certification by a CMF-authorised entity, with up to two years of validity and evidentiary value before the Public Prosecutor and the courts.
- Monitoring and continuous improvement
Periodic review, incident response, regulatory-change watch and board-level reporting. The prevention model must evolve with the predicate-offense catalogue and the company's risk profile.
Frequently asked questions
What is corporate compliance?
Corporate compliance is the set of policies, procedures and controls an organization implements to prevent, detect and respond to breaches of law, sector regulation and internal ethical standards. In Chile, its regulatory core is Law 20.393 on corporate criminal liability, expanded by Law 21.595 on economic crimes, which widened the catalogue of predicate offenses and changed the logic of attribution.
What is a crime-prevention model?
A crime-prevention model (MPD) is the governance, control and oversight system Law 20.393 requires legal entities to maintain in order to be exempt from or mitigate criminal liability. Its minimum elements are: a prevention officer with autonomy and independence; a risk matrix per offense; documented policies and procedures; confidential reporting channels; regular training; and a periodic review mechanism backed by the board.
What is the difference between Law 20.393 and Law 21.595?
Law 20.393 (2009) established corporate criminal liability and the prevention model as an exempting defense. Law 21.595 (2023) reformed it: it broadened the predicate-offense catalogue beyond the original money-laundering, terrorism-financing and bribery scope; it incorporated economic, environmental, tax and market offenses; and it modified penalties and attribution rules. In practice, the universe of companies that need a substantive prevention model expanded significantly, and pre-existing models must be reviewed to cover the new predicate offenses.
Who should certify their prevention model?
Certification of the prevention model is not mandatory, but highly advisable. It is issued by entities authorized by the Financial Market Commission (CMF), with validity of up to two years. Certification provides evidentiary value before the Public Prosecutor and the courts in case of indictment, and operates as documented evidence of due diligence by the board and senior management.
How are internal investigations conducted?
An internal investigation has four phases: intake and triage of the report; planning with safeguards for confidentiality and due process; evidence collection (interviews, document review, digital forensics when applicable); and a final report with findings, recommendations and, where appropriate, disciplinary action or referral to the authority. Independent conduct, chain of custody and respect for the rights of the person under investigation are critical for the findings to be usable before the Public Prosecutor or a court.
What is the difference between compliance and regulatory compliance?
Regulatory compliance focuses on respecting specific obligations imposed by sector regulation (CMF, ANCI, SII, Labor Directorate, etc.). Corporate compliance is broader: it covers the crime-prevention model, business ethics, internal governance, conflict-of-interest management, anti-money-laundering and incident response. In practice, a mature compliance programme integrates both layers under a single corporate-governance framework.
Related services
Explore complementary practice areas and regulatory analysis from our team.
Law 20.393 — Corporate Criminal Liability
Foundational RPPJ law: scope, predicate offenses, prevention models and sanctions.
Law 21.595 — Economic Crimes
Predicate offense catalog, sanctions and obligations under the new economic crimes law.
Law 21.643 — Karin Law
Workplace harassment: employer obligations, investigation deadlines and sanctions.
Labor Compliance
Karin Law programs, 40-hour reform, Labor Directorate inspection readiness.
Tax Compliance
SII audit readiness, Article 64 valuations, anti-avoidance rule, coordination with corporate compliance.
Compliance Diagnosis
Gap analysis and roadmap for your prevention model.
Compliance Certification
Preparation and accompaniment through CMF-authorised certification.
Corporate Advisory
Corporate governance, contracts and strategic business advisory.
Transforme sus Desafíos Legales en Ventajas Competitivas
Descubra cómo nuestro enfoque innovador puede impulsar su negocio
