How to get compliant with the Whistleblowing Law
The new regulation, introduced by Lgs. Decree no. 231/2001 (Law 231), has in fact extended the liability to legal entities, for instance, companies, corporations, associations, and clubs. These can now be solely responsible for crimes committed by their employees, management, or stakeholders.
Law 231 provides a sanctioning system, which, if an organisation is convicted, could lead to severe penalties, both of an economic nature (penalties from €24,700 up to over €1,500,000), and / or of a prohibitive nature. Examples of this second penalty include, disqualification from continuing to exercise the activity, not being permitted a contract with public administration, suspension or revocation of authorisations or licenses, exclusion from financial benefits or contributions, a ban on advertising of goods or services, or a seizure or confiscation of the profit attributed to the crime.
These restrictive sanctions certainly represent the most critical elements of the law, especially for companies whose business is mainly focused on relations with Public Administration.
It is Law 231 that has introduced the “Administrative Responsibility of legal entities” in Italy.
Formally defined as ‘administrative’, it actually relates to all forms of criminal liability, both from a substantial point of view (the prerequisite is in fact the commission of the crime), and procedural aspects (by express reference to the Code of Criminal Procedure for the criminal investigation made by the public prosecutor and for the trial in front of the court).
In accordance with the regulations dictated by Law 231, an organisation may be challenged with autonomous liability of a crime if it relates to any of these three criteria.
Law 231 provides a precise (exhaustive) list of crimes that a company can be liable for. In its initial configuration, the law was focused on the purpose of prevention and repression of the corruption. However, today, a large number of legislative additions have led to a significant extension of the list of alleged crimes.
To offer a picture of the aim of ”Model 231″, it’s worth mentioning the main areas of offences that are relevant under Law 231:
A mere act of crime being committed does not automatically take the company to a criminal trial.
The alleged offence must be committed in the interest or for the benefit of the company. For example, think of a case where corruption has been used to close a contract or to win a tender, or a public officer is prevented from opening an investigation against a company. Or even when safety regulations are ignored to try keep business costs down or speed up the production process. The list is extensive.
The central point is that the crime, to be relevant under Law 231, must be committed in the interest of the organisation or, at minimum, bring it an advantage.
An alleged crime being committed, that is assumed in the interest or benefit of an organisation, is relevant but not sufficient criteria to assert liability under Law 231.
Liability is actually only applicable when the organisation involved has not equipped itself with a Model of Organisation, Governance and Control (MOGC), and has not appointed a special Supervisory Body (Organismo di Vigilanza – ODV).
Even when there is an alleged crime, an organisation is legally exonerated from any criminal liability if it has adopted an MOGC model, and has appointed an ODV to supervise the efficiency and application of the model.
The intention of the legislator is therefore to only sanction the “fault” of the organisations who have not equipped themselves with a virtuous organisational structure, aimed at preventing crimes from being committed. At the same time, the legislative mechanism avoids the risk of blaming a crime automatically on the organisation for a crime committed by its employees or managers.
The adoption of an effective MOGC model therefore fulfills the primary function of exoneration, a “protective shield” for an organisation from the liability of any crime that may be committed.
The Supervisory Body, which is independent and autonomous from the corporate administration, has the task of supervising the effectiveness of the Model and verifying that it is in line with the activities and sensitive processes followed by the organisation. The supervision carried out by the ODV is crucial. In fact, the mere adoption of an MOGC model is not enough to relieve the company of any liability.
The interpretative approach followed by the judiciary system today is increasingly oriented towards giving weight and value to the activities carried out by the ODV. It is no coincidence that the Italian Supreme Court has repeatedly reiterated that a company’s board members respond on their own, when they have failed to properly evaluate the opportunity to adopt an MOGC model to prevent crimes covered by Law 231.
The activity of the ODV has a deep relationship with whistleblowing, i.e. the system for reporting misconduct.
Art. 6 of Law 231 expressly states that the MOGC model must provide adequate reporting channels through which to communicate illegal, irregular activities or violations of the Model.
On this point, the EU has introduced the Directive no. 1937/2019 which aims to harmonise the protection of those who ‘blow the whistle’ across the EU. With the introduction of dedicated reporting channels, regulation of anonymous reports, protection of whistleblowers and the prohibition of retaliation.
Lastly, it cannot be overlooked that the presence of an MOGC model is positive for the reputation of a company and its ‘legality rating’, introduced by the Italian Competition Authority (A.G.C.M). Well known in Italy, the legality rating is an indicator that the A.G.C M. gives to companies who pay particular attention to the ethical management of their business. The recognition is translated externally through ‘legality stars’ (from 1 to 3).
In conclusion, the discipline introduced in Italy by Law 231 requires all organisations to make a serious and prudent assessment of the opportunity to equip themselves with a valid governance and control system. Which, in accordance with Law 231, provides them with a suitable solution to protect the company from the risk of committing crimes.
Article written by Stefano F. Pipitone, member of the Italian bar . Learn more about Stefano Pipitone at www.stefanopipitone.eu
Would you like to learn more about a whistleblowing service and safe internal reporting channels? Read more about the EU Whistleblowing Directive here and at EUR-Lex.
Are you looking for a safe and secure whistleblowing solution? Read more here.
Would you like to discuss a whistleblowing system for your organisation?
Please contact us or book a free demo!
If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
Nice to meet you!
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy