Liability of undertakings

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

Authorities in Brazil see as one of the pillars for an effective compliance programme and a good internal culture in the company the commitment of top leadership to compliance and risk management issues. Although it does not have any legal provisions that would oblige this commitment, an effort by senior leadership is expected in this regard.

For this purpose, it is recommended that the meetings of the board of directors and the executive board start to deliberate on matters relating to the management of the risks of compliance issues, as well as receive periodic reports on the reporting channel. The authorities have also assessed the degree of the senior management’s commitment to the compliance programme, identifying whether the practice and conduct are in line with the ethics and compliance management speeches, as well as the resources allocated to the area of risk management and compliance.

Do undertakings face civil liability for risk and compliance management deficiencies?

Because of the vicarious liability provided for in the Anticorruption Law, companies will still be civilly and administratively responsible for the illegal acts that an employee or a third party has committed against the public administration even after demonstrating an effective and implemented compliance programme. The existence of an effective compliance programme can result in the lowering of a fine.

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

Having risk and compliance deficiencies does not result in the imposition of sanctions, unless the deficiencies within the company result in an infringement of Brazilian legislation. In that scenario, deficiencies may result in higher fines, since having an effective compliance programme may result in a reduction of up to 4 per cent of the company's gross revenue for the year prior to the administrative sanctioning procedure.

In more serious cases of corruption, the company will be subject to implementing or improving its compliance programme and other indirect costs (hiring internal investigations, funding for external monitoring, communication campaigns or corporate restructuring).

Do undertakings face criminal liability for risk and compliance management deficiencies?

As a general rule, only individuals can be held criminally liable under Brazilian law, meaning that, in the vast majority of cases, non-natural persons, such as corporations or other legal entities, cannot be charged with crimes. The only exception to this general rule is the criminal liability imposed on legal entities for environmental crimes.

In relation to individuals, Brazilian criminal law requires a causal relationship between conduct (an action or omission) and the criminal result for criminal liability to be established (strict liability is not applicable to criminal matters). An individual is criminally liable when he or she commits an act that is prohibited under criminal law. An individual can also be held criminally liable if he or she does not act in relation to matters in which he or she has a legal or contractual obligation to prevent the occurrence of the negative result. The lack of action is considered as ‘omission conduct’, which is also a crime.

There is currently a fervent discussion in Brazil about whether a compliance officer is potentially criminally liable if he or she does not comply with his or her obligations to prevent a wrongdoing that is to be committed within a legal entity. In those cases, although active conduct was not committed by the compliance officer, the omission can be considered equivalent to a criminal action. There are no legal precedents yet about the criminal liability of the compliance officer in cases when he or she did not act when he or she was supposed to.

Liability of governing bodies and senior management

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

The Anti-corruption Law expressly states that the administrative and civil liability of legal entities does not exclude the personal liability of officers, managers or any other individual who engaged in the wrongdoing.

As a result, individuals – including members of governing bodies and senior management – can face civil charges based on the Public Improbity Law or by the Federal Accounts Court that can result in the loss of assets, payment of damages, removal from duties, suspension of political rights, prohibition to receive tax benefits and a fine. In the case of damage to the treasury of the government or fraud in bidding processes, administrators may also be subject to financial penalties in the case of direct participation in irregularities or due to the possibility of piercing the corporate veil.

Recently, the Public Prosecutor Office issued Technical Note No. 01/2020, which defined the possibility for individuals to adhere to leniency agreements that have been negotiated by legal entities. The Technical Note aims to standardise the civil and criminal prosecution activities conducted by federal prosecutors and, therefore, improve the efficiency of leniency agreements and plea bargaining in both spheres, creating greater legal security.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

Only legal entities can face administrative consequences under the Anticorruption Law. However, members of governing bodies and senior management who are involved in anticorruption compliance violations are exposed to some specific sanctions, depending on the effects of their actions.

The Antitrust Authority can impose administrative sanctions on individuals that may include fines and the prohibition to develop commercial activities or to be the representative of commercial legal entities for a period of up to five years.

The Council for Financial Activities Control can impose the following penalties on legal entities and their officers if they fail to comply with their anti-money laundering obligations: a warning; a fine; or temporary suspension for up to 10 years of the right to be an officer of a legal entity subject to anti-money laundering obligations or the right to perform certain activities.

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

In Brazil, there is no specific crime for the breach of risk and compliance management obligations. However, this violation may constitute other wrongdoings set forth in the Brazilian Criminal Code and in other special criminal statutes, for instance, corruption, fraud in public bidding, cartel conduct and money laundering.

Regarding corporate crimes, directors, officers, managers, legal representatives and employees cannot be held criminally liable merely for being in the company when the criminal activity took place or because they hold or held a certain management position. Establishing liability for crimes that take place within a corporate entity requires evidence of each person’s role, as well as the exact extent of each person’s wrongdoing.

Law stated date

Correct on

Give the date on which the information above is accurate.

5 March 2021.