In July 2014 the Italian Ministry of Justice approved a revised version of the guidelines on the adoption and implementation of compliance programs, issued by the Italian Confindustria[1] in March 2014 (hereinafter the “2014 Guidelines” or the “new Guidelines”).

Under Italian Legislative Decree No. 231 of 2001 on corporate liability (hereinafter the “Law 231”), a corporation shall be considered liable for the commission of crimes listed in Law 231 by one of its managers or employees, if prior to the commission of the crime it did not adopt and efficiently implement an adequate compliance program (the so-called Law 231 model) to prevent the execution of those crimes.

The further element required for there to have been a breach of Law 231 is that such potential crime was committed for the benefit for the company potentially deriving from the criminal behaviour, but regardless to its material exploitation.[2]

Corporate compliance programs have been increasing in importance, because Law 231 exempts a company from liability if it can be demonstrated that the compliance model in question was correctly adopted and implemented.

Following the entry into force of Law 231, the knowledge of the matters and of how these affect the company’s operating on a domestic or a transnational level, has undergone major developments. Judges, prosecutors, and legal experts have worked to bring the significant elements of the revised guidelines to wider attention.

Since the principles of Law 231 do not include a fixed applicable program for all companies, but make specific reference to the industries model approved by the Ministry of Justice, the 2014 Guidelines give operators a useful instrument to achieve compliance with the law and therefore the conditions for exemption from liabilities under Law 231.

I. The 2014 Guidelines: The Main New Features

The 2014 Guidelines highlight the importance of a clear and consistent system of delegation of functions[3], examine the responsibility thresholds (distinguishing between whether the crime was committed with fraud or negligence), stress the key role of the disciplinary sanctions, and explain the different levels of liability in the context of groups of companies.

The 2014 Guidelines also describe in detail the new crimes that have been introduced in Law 231 following the previous version of the guidelines (which dated back in March 2008) including computer crimes, transactional organized crimes, environmental crimes and the exploitation of illegal immigrants.

Finally, in accordance with the Italian Courts, which ruled that the program has a self-normative value on the basis of which it is possible to weight the company’s liability,[4] the new guidelines stress that effectiveness, specificity and dynamism are structural characteristics of compliance programs.[5]

The 2014 Guidelines are extremely innovative in introducing a specific section regarding the corporate liability and the compliance programs of groups of companies, which have been totally revised in light of the recent positions assumed by Italian and international Courts and doctrine.

II. Groups of Companies and Compliance Programs

A number of Law 231 cases have regarded groups of companies. Where more than one company of the group are involved, Italian case law considered relevant the parties in whose interest the crime was committed, in order to identify which company (of the group) was liable pursuant to Law 231.[6]

The new Guidelines ratify Italian case law and stress that in connection with corporate liability the main issue is to identify the conditions under which each corporation of the group (including holding companies and subsidiaries) may be considered liable under Law 231, and then give recommendations regarding the characteristic of the compliance programs to be implemented by each company of the group.

The 2014 Guidelines underline that a holding company is not always responsible for the crimes committed by its subsidiary, and it can be considered liable for a crime committed by an individual of its subsidiary, only if the holding company itself has received a direct or indirect benefit.[7]

The conditions under which a holding company may be considered liable under Law 231 are as follows:

  • A crime listed in Law 231 has been committed by a top individual/employee of a subsidiary in the interest or to the advantage of its holding company; and
  • Individuals connected to a holding company took part in the commission of the crime, for example when: (i) the crime is the consequence of the illegal instructions issued by the top individuals of the holding company, or (ii) the top individuals of the holding company and of the subsidiary are the same people (so-called “interlocking directorates”).

The 2014 Guidelines recommend that a group of companies adopt compliance programs balancing the independence of each entity of the group with the opportunity to implement a common ethical style and shared standards of compliance.

In accordance with such framework, each company of the group, being an independent entity and therefore a subject of Law 231’s requirements, should be required to implement a specific organizational model, as well as to appoint its own supervisory body.

On the other hand, a holding company could implement general compliance guidelines applying to the group, but without limiting the power of each subsidiary to implement its tailored organizational model. In addition, such holding company could lay down the structure of the code of ethics, the general principles for the disciplinary system and the protocols to be applied and implemented by each company of the group.

Moreover, the organizational model of the holding company should take into consideration the procedures implemented by its subsidiaries as well as the activities that are carried out on a shared level. On the basis of the specific characteristic of the group, it could be useful to implement certain policies and protocols at the group level (e.g. in the field of cash pooling).

The 2014 Guidelines recommend that the supervisory bodies of the companies of a group develop a system that enables them to share promptly key information (e.g. the activities planned, the actions concretely implemented, any issue which has emerged, etc.), through, for example, periodic reports or meetings.

III. International Groups of Companies

The 2014 Guidelines highlight that international groups present a specific Law 231 risk profile, due to the geographic dispersion of their business, the decentralization of the decisions, the complexity of the operations involved, the possibility that the crimes involve farther-reaching areas, and greater difficulties in pursuing claims.

In particular, the new Guidelines specify that in such international contexts:

  • The code of ethics should include ethical standards that take into consideration the characteristics of the business;
  • The top individuals and the employees who have contacts with foreign countries in conducting their corporate duties should receive effective training that covers the relevant applicable law of foreign countries; and
  • The protocols should take into considerations the specific international profiles of the group.

Transnational groups should implement compliance programs in compliance with all national and international laws applicable to the business of the group.


The 2014 Guidelines represent a key instrument for corporations conducting their business in Italy, because they contain an important set of recommendations which aim to tailor best practice 231 compliance programs to all companies.

Group companies are required to implement both policies of general principles at a group level and specific policies of practical protocols at the level of each company of the group.

International groups have a specific Law 231 risk exposure and are strongly required to include in their compliance programs a reference to the foreign laws that are applicable to their international business.

As illustrated in this article, a compliance program is a strategic tool that a company could adopt to prevent crime as well as to avoid being pursued under Law 231, and the 2014 Guidelines supply corporations with flexible instruments capable of being quickly and efficiently adopted by all companies.