Law 20.393 establishes the criminal liability of legal entities ("Law 20.393" or the "Law") and was introduced more than ten years ago. Its importance has been growing as crimes have been added to its catalogue of punishable behaviour, and it has also made companies more aware of the importance of implementing effective compliance programs.
In October of this year, the Specialised Anti-Corruption Unit of the National Prosecutor's Office released a Report on Investigations into Irregular Political Financing which refers to four paradigmatic cases: "Penta", "SQM", "Corpesca" and "Asipes". They have at least three aspects in common as they involve political figures, some of whom are still in office; the companies have been charged with the crime of bribery; and they are accused of lacking effective control measures. In fact, only two of these companies had a Crime Prevention Model ("CPM"). The others had nothing and implemented a CPM after they were accused of crimes.
This report concludes that theoretically the absence of a CPM, or the ineffectiveness of suitable checks within companies, prevents the implementation of an adequate regulatory compliance system. This allows their executives to commit crimes as serious as those we are discussing, which directly affects public management and integrity, but equally important, it affects their criminal liability and damages the public reputation of the officials involved, the companies and their executives.
Bribery is a crime that has been included within Law 20.393 since its inception, so most companies have established a CPM and some associated guidelines, which aim to comply with the Law. Thus, a natural reflection is that a CPM alone will never be a magical and immediate solution that prevents corruption. People within an organization must implement control systems and fundamentally integrate them into their performance. Otherwise, not even a perfectly designed CPM will prevent employees, shareholders or directors from committing crimes.
Article 4 of Law 20.393 describes the legal obligation to comply with the duties of direction and supervision. However, compliance is not simply preparing a written document that has all the features described in the Law. Such a document alone is absolutely ineffective if it is not applied, not appropriately communicated and not regularly reinforced to achieve strict compliance.
Experience has shown that it is not enough to prepare a document called a "Crime Prevention Model" if it has not been effectively implemented, if there are no suitable mechanisms to ensure that its contents are known and understood, and especially if the CPM is not adopted by every company employee.
Reference should be made to the very recent landmark verdict of the Third Oral Criminal Court in Santiago, which convicted a company for the first time as an intervening party in the crime of bribery. We refer to Corpesca S.A., which was convicted despite implementing a CPM and appointing a Crime Prevention Officer ("CPO"). The basis for the Court's conviction was that Corpesca lacked effective control measures to prevent its CEO from committing the crime of bribery, and its CPM did not grant the CPO sufficient authority and independence to monitor senior management at the company. The Court found that Corpesca had a serious weakness in its organisation based on these two shortfalls, as the mechanisms to prevent this behaviour were ineffective.
Therefore, it can be safely said after this historic ruling that implemented an adequate regulatory compliance model implies not only correctly preparing its content and complying with legal requirements, but, more importantly, correctly relating its contents to company employee’s daily functions and ensuring that compliance can be correctly imposed and monitored over time.
A final comment on the future of compliance after this ruling is that although it might be thought that compliance exclusively applies to private business, the truth is that it also apples to good public governance, such as in politics, since these two areas tend to connect or influence each other. These relationships can be developed in perfectly lawful ways, for example, if they are carried out in accordance with the Lobby Law, which requires a high standard of probity and irreproachable conduct by those involved. Management probity consists of impeccable official conduct and honest and loyal job performance, with general interests prevailing over private interests, according to Law 19.653.
Although this standard was designed for the public arena, it is completely up to date and necessary for the private arena. The role of compliance is key to ensuring that individuals who represent or partially own private companies behave in accordance with a probity ideal that is typical of public officials, particularly when they all inter-relate. They strive not only to benefit their own or their business’s interests, but also the general interests represented by established social and legal standards, which undoubtedly lead to desirable honest behaviour. This pattern is becoming increasingly necessary, since companies are not only entities relegated to the private arena, but are perceived as another citizen, as their decisions, particularly by large companies, can be equally or even more important than decisions taken by an individual who does not represent third party interests.
The lesson learnt from the cases described in the report, particularly the Corpesca conviction, is the requirement to self-impose effective checks that prevent corruption, since the consequences of failing to adequately do so not only affect private companies as a result of criminal or social convictions, but also harm their local community and society, and even damage the credibility of the democratic system.
This requires that regulatory compliance is understood to be an obligation that forms part of the fundamental duties of every employee, which requires a substantial exercise to establish specific control systems tailored to their processes. Thus, a CPM together with its regulatory policies and guidelines must implement and keep updated its institutional pillars covering compliance, its procedural pillars covering risk matrices, protocols, and whistle-blowing channels, and most importantly its human pillars, known as the tone from the top, meaning a tangible commitment from senior management. Only when a risk prevention system has been correctly implemented can the company publicly declare that its business processes are safe, lawful, and ethical, and that it has a true CPM.
Thus, the response to the question in the title of this article is yes. An effective compliance system within a company can minimize the risk that misconduct, such as bribery, occurs among its employees. It can build a healthier working environment with all the associated social, reputational, and financial benefits. The consequences of failing to achieve this are plain to see.