According to the Law on the Liability of Legal Entities on Domestic Bribery, Transnational Bribery and Other Crimes (“Law”), legal entities (domestic or foreign) and other business structures (such as trusts, associations, and foundations) will be criminally liable for their acts of corruption, as are parent companies for actions of their subsidiaries and affiliates. Such liability is without prejudice to the criminal liability of individuals for the commission of said crimes.
The Law imposes criminal sanctions such as
- Fines between 1,000 and up to 10,000 base salaries (approximately between $715,000 and $7,150,000);
- Loss or suspension of state benefits or subsidies for a term of 3 to 10 years;
- iii) Disqualification from participating in public tenders or bids for a period of 3 to 10 years;
- Total or partial cancellation of the operating or functioning permits, concessions, or contracts obtained from the offense; and
- The dissolution of the legal entity.
Among the innovations of the Law is the incentive for companies to implement an Optional Model of Organization, Crime Prevention, Management, and Control (“Model”) that will mitigate penalties up to 40%.
Therefore, on August 26, 2021, the Regulations to the Law were published in the Official Gazette La Gaceta to regulate and provide guidance on the minimum content required for the Model -and thus opt for the benefits of the Law- (“Regulations”). The Model is of optional adoption and can operate either independently or as part of other local or global models and programs.
Some aspects to note about the Model, according to the requirements of the Regulations:
- Risk Assessment: The first stage for the implementation of the Model must be the assessment of risks derived from the geographic and business context of the company. The Regulation includes the parameters and methodology for risk assessment (and subsequent management). The risk assessment tool must contain the deadlines for its updating.
- Due Diligence: The Model must include a due diligence mechanism for business partners with a medium or high level of risk or exposure. The Regulations indicate the minimum items to consider when performing due diligence, including an obligation to maintain updated information on business partners. The review can be done internally or with external resources.
- Communication: The Model and the tools that make up the prevention policy must be made available to all levels of the hierarchical structure, its relational entities, and, as far as possible, to its counterparts.
- Compliance Officer: The entity must designate a person or organization, internal or external, with sufficient means and powers to perform its functions, including supervising the operation and compliance with the Model. The person or organization in charge shall have functional autonomy from senior management.
- Monitoring: The Model’s adoption must be verifiable and of sustained application. An entity must watch and evaluate its operations to detect failures, weaknesses, opportunities for improvement, or any other element that may add to its proper functioning.
- Audit: The entity must conduct an external audit of the financial statements every three years and an internal audit at least once a year as a crime prevention method.
- Reporting mechanisms: The entity must have clear complaint channels, well-established investigation procedures, and whistleblower protection guarantees.
Chapter IV of the Regulations sets forth, in a differentiated manner, the minimum requirements for the SMEs Model – which are more accessible to comply with.
In general terms, the entity must develop the necessary regulatory tools, internal control systems, programs, or management models – always considering its own characteristics, line of business, size, complexity, nature, and particularities of action. Conduct to be regulated includes gifts, hospitality, entertainment, representation expenses, client travel, political contributions, charitable donations, sponsorships, and the risks of committing corruption offenses.
