Legal and regulatory frameworkLegal role
What legal role does corporate risk and compliance management play in your jurisdiction?
Certain sets of regulations set forth standards for risk and compliance management. The most relevant are mentioned below.
With regard to corruption risk management, the recent Law No. 27,401, in force since 1 March 2018, criminalises corporate bribery and corruption, and regulates integrity programmes. Such integrity programmes must meet certain requirements imposed by the law such as being appropriate to the specific risks related to the activities, size and economic capacity of the company, and complying with further regulations of this law to be enacted by the relevant authorities. Implementing said integrity programmes based on risk management is mandatory for certain companies contracting with the federal government when, according to applicable regulations, such contracts must be approved by a public official ranked as a minister or above, and when the contract falls under those regulated by:
- article 4 of Decree 1023/01 (eg, procurement, sale and purchase, consulting, services, leases, leasing, swaps, concession for using goods in the public and private domain of the federal government, public works, concessions of public services and licences and all those contracts not specifically excluded from this regime);
- Law No. 13,064;
- Law No. 17,520;
- Law No. 27,328; and
- concession or licensing contracts for public services.
Implementing integrity programmes is voluntary for companies not entering any of the previously mentioned dealings.
With regard to anti-money laundering and anti-terrorist financing, Law No. 25,246 establishes, for certain subjects mentioned in section 20 (Subjects under the Law), the obligation to implement a compliance programme focused on risk management. These provisions are mandatory for the Subjects under the Law so not following them will be considered a breach of the law. In addition, the Financial Information Unit, which is the relevant regulatory agency, issued Resolution 30-E/2017 that specifically adopts the Financial Action Task Force (GAFI) standards for the risk-based approach for financial entities and foreign exchange agencies, and Resolution 21/2018 that specifically adopts GAFI standards for those individuals and entities subject to the capital market’s regime as detailed in section 2r of Resolution 21/2018.
As an example of industry regulations, Resolution 38,477 of the National Superintendence of Insurance, which was issued in 2014, establishes that insurance and reinsurance entities subject to the supervision of the National Superintendence of Insurance must approve Rules on Policies, Procedures and Internal Controls to Combat Fraud, which must be based on a risk analysis.
Other examples of industry regulation specifically cover financial entities. Regulation ‘A’ 5,398 (enacted by the Argentine Central Bank in 2013) and its amendments, establish the obligation for those entities to have an integral process for risk management including the board of directors and high management surveillance for the identifying, assessing, follow-up, control and mitigation of any significant risk.
Regarding companies listed for public offering’s regulations, the Argentine Securities Commission, which is the relevant regulatory agency, has enacted General Resolution 606/2012, which establishes guidelines and recommendations of good practices in corporate governance. Although these are only recommendations to listed companies, the companies have to give explanations when they have not followed them.
Despite these particular regulations, companies can implement risk management under other regulations as well as antitrust regulation or international standards such as ISO 37001 to prevent bribery.
Moreover, certain industry associations (eg, the Chamber of Argentine Pharma Companies) have agreed to enact ethics codes that are mandatory for all their members.
In general terms, multinational companies that operate in Argentina usually have corporate risk and compliance management procedures in place; however, local companies usually do not have these measures implemented, with the exception of a few that are listed companies, operate in regulated industries or have business relationships with multinationals that require these measures to be adopted.Laws and regulations
Which laws and regulations specifically address corporate risk and compliance management?
Corporate risk and compliance management is specifically addressed by certain local regulations. The most relevant are:
- Law No. 27,401, which establishes corporate liability for bribery and corruption crimes;
- Law No. 25,246, which sets forth the obligation for the Subjects under the Law to implement a compliance programme focused on risk management;
- Resolution 38,477 of the National Superintendence of Insurance, which establishes the approval of mandatory Rules on Policies, Procedures and Internal Controls to Combat Fraud for insurance and reinsurance entities subject to the supervision of the abovementioned entity;
- Resolution 30-E/2017 of the Financial Information Unit, which specifically adopts the GAFI standards for the risk-based approach for financial entities and foreign exchange agencies;
- Resolution 21/2018 of the Financial Information Unit for those individuals and entities subject to the capital market’s regime as detailed in section 2r of such Resolution;
- Regulation ‘A’ 5,398 of the Argentine Central Bank that sets forth the obligation of the financial entities to have an integral process of risk management; and
- General Resolution 606/2012 of the Argentine Securities Commission that approved the Corporate Governance Code for companies listed for public offering.
Give details of the main standards and guidelines regarding risk and compliance management processes.
Law No. 27,401 establishes that the integrity programme must be appropriate to the specific risks related to the activities, size and economic capacity of the legal entity, in accordance with further regulations of this law to be enacted by the relevant authorities.
Regulation ‘A’ 5,398 of the Argentine Central Bank provides that each financial entity must issue its own risk management strategies and policies according to the guidelines provided therein regarding:
- credit risks;
- liquidity risks;
- market risks;
- interest rate risks;
- operational risks;
- securitisation risks;
- concentration risks;
- reputational risks; and
- strategic risks.
Regulation ‘A’ 6,131/2016 of the Argentine Central Bank establishes Guidelines for the Settlement of Foreign Exchange Transactions in order to regulate the risk management of financial institutions by the exposure resulting from foreign exchange transactions, from their negotiation to their final settlement.
Anti-money laundering and anti-financing terrorism standards and guidelines are provided in Law No. 25,246, as amended and, in its implementing, regulations issued by the Financial Information Unit. For example, Resolution 30-E/2017 as well as Resolution 21/2018, both issued by the Financial Information Unit, establish a minimum standard regarding risk and compliance management process, providing that it must be appropriate to the nature and business capacity (considering all business units) of the entities subject to those regulations and also take into account specific risk factors like clients, products and services, distribution channels and geographic zones. All those standards can be fully supplemented with internal standards developed by the particular entity subject to the regulations, based on its activities.
General Resolution 606/2012 of the Argentine Securities Commission only establishes general recommendations for companies that make public offer of securities, but does not provide more detailed standards and guidelines.Obligations
Are undertakings domiciled or operating in your jurisdiction subject to risk and compliance governance obligations?
As mentioned in previous questions, some undertakings domiciled or operating in Argentina are subject to risk and compliance governance obligations.
Financial entities are subject to risk governance obligations pursuant to Regulation ‘A’ 5398 of the Argentine Central Bank. For example, the regulation establishes that the governance structure implemented must appoint a particular individual or unit that needs to be in accordance with the economic capacity, dimension and nature of the financial entity and may adopt the structure of a committee in which members of the governing body must participate.
Listed corporations are subject to compliance obligations as, although the Corporate Governance Code approved by Resolution 606/2012 of the Argentine Securities Commission is not mandatory, accounting auditors must report on the annual balance sheets of listed companies whether they adhere to the Corporate Governance Code or not.
Law No. 27,401 does not provide governance obligations on anti-corruption risks although it provides guidelines for the related compliance programmes, including clear and affirmative support to the programme by the entity’s top management.
Resolution 38,477 specifically addresses the obligation to appoint a regular compliance officer, who must be at least a senior executive.
Law No. 25,246 sets forth the obligation for entities subject to the law to appoint a compliance officer, who must be a member of the governing body. Also, the personal information of the officer must be reported to the Financial Information Unit. This regulatory entity provides in Resolution 121/2011 that the compliance officer will have full independence and autonomy in doing their duties, ensuring unlimited access to all of the information that requires compliance with them.
What are the key risk and compliance management obligations of undertakings?
Financial entities, pursuant to Regulation ‘A’ 5,398, must implement risk management manuals, policies, procedures and strategies duly documented and designed in accordance with the economic size of the relevant financial entity and the nature and complexity of their operations, and provide for business strategies and internal limits applicable to the different kind of risks that the entity faces pursuant to its role in the financial market and its capital stock, assets and financial results and total risks.
According to the Corporate Governance Code approved by Resolution 606/2012 of the Argentine Securities Commission, listed companies must:
- disclose their links with their corporate group and related companies;
- provide the basis for sound management and supervision;
- support an effective policy for identification, assessment, management and disclosure of their business risks;
- preserve the integrity of financial information with independent audits;
- respect the rights of their shareholders;
- maintain direct and responsible links with the community;
- provide for fair and accountable remunerations;
- promote corporate ethics; and
- go in depth to the scope of the ethics code.
Pursuant to Law No. 27,401, undertakings that implement an integrity programme shall conduct appropriate risk analysis as the basis for drafting and updating the integrity programme. The integrity programme must have, as a minimum standard, the following elements:
- a code of ethics or conduct, or the existence of integrity policies and procedures applicable to directors, managers and employees;
- specific rules and procedures to prevent illegal acts within the scope of tenders, public bids, governmental control enforcement or any other engagement with the public sector; and
- periodic training sessions regarding the integrity programme to directors, managers and employees.
According to the anti-money laundering and anti-financing terrorism law, those subject to ‘know your customer’ and reporting obligations must also approve anti-money laundering and anti-financing terrorism codes that state different measures to adopt and the corresponding assignment of responsibilities to the compliance officer in charge of these issues.