Legislative Decree no. 93 of August 14, 2013 - "the Decree" - (“Urgent provisions on safety, measures against general violence, on civil protection and relating to provincial councils in compulsory administration” mainly dedicated to oppose the so-called “feminicide”) has recently introduced significant changes with regard to companies' liability pursuant to Legislative Decree no. 231/2001 ("D.Lgs. no. 231/2001").
Specifically, sec. 9 of this Decree, in amending sec. 24-bis, paragraph 1, of D.Lgs. no. 231/2001, has introduced a new range of criminal offences which may result in the liabilities of entities and institutions for those crimes committed, in their interests or for their sole benefit, by the executives or employees of the same.
The new relevant crimes are:
- unlawful use and counterfeit of credit cards pursuant to sec. 55, paragraph 9, of Legislative Decree no. 231/2007, punishing “whoever, with a view to profit for himself or for others, makes an unlawful use, in lieu of the ultimate and official cardholder, of credit cards or payment cards or of any similar instrument authorizing cash withdrawals or purchase of goods or services” as well as “whoever, with a view to profit for himself or for others, uses forged and falsified credit cards or payment cards or any similar instrument authorizing cash withdrawals or purchase of goods or services, or else possesses, transfers or disposes of said cards or documents of unlawful origin or in any case counterfeited or forged, and any payment order made therewith”;
- crimes affecting privacy as provided for under sections 167 and subsequent of Legislative Decree no. 196/2003 (“Code on Personal Data Protection”) which include the unlawful processing of data, the making of false statements to the Italian Data Protection Authority ("Garante") and non-compliance with the orders issued by this latter.
Furthermore, with regard to the crime of computer fraud, a new crime has been introduced - within the scope of relevant criminal offences pursuant to D.Lgs. no. 231/2001 - the aggravating circumstance referred to under sec. 640-ter, paragraph 3, of the criminal code, in the event the crime is committed by digital identity theft to the detriment of one or more subjects.
Should one of the abovementioned crimes be committed, a pecuniary penalty (up to EUR 774,500) may be imposed on the liable entity, along with potential disqualifying sanctions such, as a way of example, the suspension or revocation of those authorizations serving as a means to the commission of the crime or the prohibition for the entity to promote its own goods or services.
The mentioned introductions have come into force on August 17, 2013 and Legislative Decree no. 93/2013 is at present being examined by Parliament for it to be carried over into law.
In the light of the above, companies intending to adopt a Model of Organization, Management and Control pursuant to D.Lgs. no. 231/2001 shall obviously have to consider the crimes referred to above in order to implement a proper control system - related to the activity carried out by same company - suitable to relieve the latter from the liabilities provided for under D.Lgs. no. 231/2001.
Additionally, those companies which have already adopted a Model of Organization, Management and Control shall have to ensure that the same is duly updated, and that the appropriate protocols be implemented in order to prevent the commission of the mentioned crimes.