The recently published Economic Crimes Law presents a challenging scenario for compliance models, with an increase in crimes that hold companies criminally responsible and that harden the liability of the company and its executives.
However, it also offers an opportunity for prevention models to more completely and deeply address the risks faced by companies. How to tackle this in the 12-month grace period given by the law for its entry into force concerning legal entities?
Firstly, given the normative dispersion that makes it impossible for each executive and worker to know all the crimes, it is fundamental that organizations focus their efforts on strengthening corporate culture. This is not just an ethereal idea without practical concreteness: it requires a corporate culture risk assessment as part of the criminal risk assessment and the design of a work plan that includes aspects of internal communication and concrete interventions.
Also, the new criminal risks, to a large extent, were already regulatory risks with significant reputational, legal, and monetary consequences for the company. In that sense, not having them already in a regulatory compliance model was a missed opportunity for the company, something that can be rectified today.
Another important aspect is that controls must stop being associated with a specific crime and serve to prevent multiple crimes. The era of risk matrices with a "sheet" per crime is over, and activities must be identified in which there are risks of multiple crimes and controls that will serve to prevent various infringements.
The law has put special interest in the company looking at itself and truly determining what regulatory infringements it is exposed to. In risk assessment, this perspective will be fundamental and must be accompanied by the understanding that not all areas of the company are exposed to the same risks.
We often heard, "we just certified the crime prevention model, but new crimes just came out, so now I need to update it". Certifications gave a false sense of security and the idea that compliance was an effort of a limited period. Today, with the idea of external consultancy, compliance must be understood as a constant and permanent task that must be prepared for legal, jurisprudential, and regulatory changes, as well as changes in the company and the market.
Companies must look again at the compliance officer and ensure that they have the right personal characteristics, that is, that they have the resources, the technical capabilities, the leadership, and the proper influence over the rest of the company. But, at the same time, it is necessary to understand that the compliance function today will be distributed among different figures within the company.
Being today in front of the artificial intelligence revolution, it seems absurd not to consider technology as a fundamental element of support for the compliance model. However, technological solutions must be thought of in a way that connects with the needs of the company and its current complexity.
You can read the published column in PULSO by clicking on the following link:Click here.
Stay Updated with Legal Insights
Get the latest legal analysis and regulatory updates delivered to your inbox.
