Tag Archives: 231

Happy GDPR-compliant Xmas and a prosperous new year!

Legal news, , , , , , , , , , , , , ,

Winter recess is about to start. While we’ll all be resting, GDPR will not!

While we will all be recharging our batteries to tackle the challenges for the upcoming 2025, GDPR will not go on vacation, and will thus never be out-of-office!

Check out the following tips that the Italian Data Protection Authority has recently issued in order to avoid threats to your privacy rights during the upcoming vacations:

  • Are you receiving plenty of virtual greetings and commercial offers? Be careful about them, even if apparently sent by a friend or parent: they may contain viruses, obscure links or may hide tentative of phishing. Not all presents may be welcome.
  • Have you taken good family pictures that you wish to share on your social network? Don’t forget to ask consent of all depicted individuals. Is your grandpa going to provide his consent as well?
  • Have you filmed your children’s Christmas pageant? Keep it for yourself! You’d need consent from all depicted individuals for publishing (including from their parents in case of minors).
  • Are you wishing to download any specific Christmas-related app on your smartphone? Choose them carefully, check their issuer and the reviews. You may inadvertently be downloading the Grinch’s one!
  • Are you going away for a trip? Don’t share too much information and pictures on your social media about your time off, your house and your vehicles, as it may attract thieves. Only Santa Claus shall be allowed to break in without your consent!
  • Are you connecting with your hotel’s or restaurant’s Wi-Fi? Ask the staff about its security: they may not be protected enough.
  • Have you bought any “smart” presents for your little nephews? Check whether they may collect any personal data from their users. In the affirmative, make sure that they will not harm them in any way possible.

Our own additional tips: rest, enjoy good food, spend time with your loved ones, and get ready for 2025! We wish you happy holidays and a healthy and successful new year.

Gitti and Partners Life Sciences Team

Corporate Liability Under Legislative Decree No. 231/2001: Latest Developments

Legal news, , , , ,

In the context of criminal proceedings for aggravated fraud for obtaining public funds (art. 640 bis of the Criminal Code) and for ideological falsity of the private party in a public deed (art. 483 of the Criminal Code), the Italian Supreme Court (ruling No. 3196/2024 Jan. 26, 2024) had the opportunity to reiterate some useful principles in the context of 231 Models:

the legal representative of the entity, suspected or accused of the predicate offense, cannot appoint the entity’s defense attorney, due to the absolute prohibition of representation posed by Article 39 of Legislative Decree No. 231 of 2001. The incompatible representative cannot perform any defensive act in the interest of the entity and, if performed, must be considered ineffective. However, the entity may join the proceedings by replacing the representative who has become incompatible or by appointing an ad hoc representative.

•The Court must always make an independent determination of the administrative liability of the entity and this means that:

1)It is not necessary to make a final and complete finding of individual criminal liability of the natural person, but a mere incidental finding is sufficient.

2)The configurability of criminal liability of managers for 231 crimes is not sufficient to affirm the liability of the entity. The judge must carry out a judgment of the suitability of the 231 Model adopted, ideally placing it at the time when the offence was committed, in order to verify whether compliance with the 231 Model would have eliminated or reduced the danger of the occurrence of offences of the same kind as the one that occurred.

Corporate Liability Under Legislative Decree No. 231/2001: Latest Developments

Legal news, , , , , , , , ,

Recently, the regulatory framework of administrative liability of entities for criminal offences has been partially amended, by (i) recognizing its central role within the framework of public tenders’ regulations, and (ii) expanding the catalogue of predicate offences (reati presupposto or 231 crimes).

  • 231 Corporate Liability as Ground for Exclusion from Public Tenders

Legislative Decree no. 36/2023, i.e., the new Italian Public Tenders Code (“PTC”), distinguishes between causes of automatic exclusion (Section 94) and causes of non-automatic exclusion from public tenders (Section 95).

In case of:

  • a criminal conviction or disqualification measure for the criminal offences listed under Section 94, paragraphs 1 and 2, of the PTC issued against an economic operator under Legislative Decree No. 231/2001 (Section 94, paragraphs 3, lett. a) and 5), or
  • a disqualification sanction referred to in Section 9, paragraph 2, lett. c) of Legislative Decree no. 231/2001 (or of any other sanction entailing the prohibition to enter into agreements with public entities)

the sanctioned entity will be automatically excluded from the public tender.

Moreover, if a 231 crime is ascertained, or even only contested, then a “serious professional offence” is triggered, which may lead to a non-automatic cause of exclusion from the public tender (Section 98 of the PTC).

  • New 231 Crimes

Following the PTC, Law no. 137/2023 increases the number of 231 crimes by providing for the inclusion of the following criminal offences:

  • Obstruction of tender procedures (in Italian, “Turbata libertà degli incanti”, Section 353 of the Italian criminal code), i.e., hindering or disrupting a public tender or turning away bidders by violence, threats, gifts, promises, collusion or other fraudulent means;
  • Obstruction of the choice of contractor procedure (in Italian, “Turbata libertà del procedimento di scelta del contraente”, Section 353-bis of the Italian criminal code), i.e., disruption of the administrative procedure by way of violence or threats, or by gifts, promises, collusion or other fraudulent means, in order to influence the manner in which the public administration chooses a contractor; and
  • Fraudulent transfer of values (in Italian, “Trasferimento fraudolento di valori”, Section 512-bis of the Italian Criminal code), i.e., fictitious attribution of the ownership or availability of money, goods or other utilities for the purpose of avoid the application of the provisions of the regulation on asset prevention measures or smuggling, or of facilitating the commission of one of the offences referred to in Sections 648, 648-bis and 648-ter.

The novelties described above shows the Italian legislator’s increasing attention to the conduct of entities participating in public tenders, and will result in the need to review and update the 231 model already adopted by entities, in order to (i) provide for procedures to ensure correctness of the company’s conduct with specific regard to participation in public tenders, and (ii) take into account the three new 231 crimes.

Implementation of the “231” Compliance Model in the Pharma Industry: New Guidelines issued by the Italian Association of Pharmaceutical Companies

Legal news, , , , , , , , , , , , , , , ,

On September 5, 2023, the Italian Association of Pharmaceutical Companies (“Farmindustria” – https://www.farmindustria.it/) has issued guidelines to design an organizational model pursuant to the Legislative Decree 231/2001 in the pharmaceutical sector (“Guidelines”).

In particular, the Guidelines, by taking into account the main peculiarities of the pharma industry, seek to identify the typical activities that are most at risk for the commission of criminal offences, and provide detailed guidance about the main policies and preventive actions that should be carried out by companies in order to prevent their commission.

As expected, the highest risks concern relationships with public officials, which may lead to crimes such as corruption or fraud against the State, with significant advantages for pharma companies.

The Guidelines seek to drive the attention of companies involved in the pharma sector on the risks that are latent in the following areas:

  • Relationships with healthcare professionals (“HCP”) and healthcare organizations (“HCO”): compliance programs should regulate activities of the key account managers and their bonuses, sponsorship of congresses, grants and donations to HCOs, gifts to HCPs, as well as other sponsorship or advertisement activities;
  • Relationships with Public Authorities: many interactions with public officials may entail corruptions risks, such as, e.g., obtainment of Market Authorizations, price reimbursement negotiations with the Italian drug regulatory agency (AIFA – https://www.aifa.gov.it/), management of site visits and inspections, participation and execution of public tenders for the supply of drugs to HCOs;
  • Relationships with private entities: relationships with suppliers providing services in the context of clinical studies, pharmacies, patient advocacy organizations, patients and “expert patients”, or management of patient support programs also need to be regulated.

The Guidelines also offer a complete set of policies and other preventive remedies that may be sufficient to prevent the envisaged criminal risks.

The Guidelines are a useful tool for pharma companies and no similar initiatives have been taken by other associations with regard to different industries and sectors. The Guidelines also constitute a benchmark for best practices that will be difficult to ignore.

Do you need help in designing or updating your company’s “231” compliance model? Do not hesitate to reach out!

New Whistleblowing Legislation Adopted in Italy

Legal news, , , ,

Italy has implemented today the EU whistleblowing directive (UE) 2019/1937. The new legislative decree no. 24/2003 has in fact been published on the official journal and is scheduled to enter into force on March 30, 2023.

The final published version of the decree, which had been previously leaked in an unofficial draft, can be found here: https://www.gazzettaufficiale.it/eli/id/2023/03/15/23G00032/sg.

The new legislation is certain to affect private companies and public entities alike when it comes to managing whistleblowing reports and new measures may need to be adopted to comply with the new requirements.

For additional information on this subject, materials from our February webinar can be freely accessed here: https://lawhealthtech.com/2023/02/09/our-whistleblowing-webinar/.

The Impregilo Case Clarifies the Basis for Exemption from 231 Liability

Legal news, , , , , , , ,

The Italian Supreme Court has recently published a judgment (no. 23401 of 2022, hereinafter the “Impregilo Case”) that sheds new light on certain elements of liability of Italian companies arising from legislative decree no. 231 of 2001.

Put it simply, legislative decree 231 has established quasi-criminal liability of companies when one of their employees commits a certain crime to its benefit or in its interest. The same law has established that the company is exempt from liability if (i) it has adopted an organizational and management model (“Model”) aimed at preventing such crimes, and (ii) it has appointed an independent compliance committee (“Committee”), which has diligently overseen the actual application of such Model. If a company has not adopted an adequate Model duly enforced by the Committee, then it is regarded as failing to diligently organize itself in order to prevent 231 crimes: having failed at its duty to prevent the crime, it is therefore at fault (so called “colpa in organizzazione”, or organizational fault) and liable. Additional information on 231 legislation can be found here.

In the Impregilo Case, which followed a tortuous path through courts of various instances, the Supreme Court has established very interesting principles:

  • The mere fact that a certain 231 crime has occurred is not sufficient to prove that the Model was inadequate: 231 liability of a company is not strict liability, rather is based on fault, i.e., depends on lack of diligence in preventing the crime.
  • Adequacy of the Model must be assessed with a focus on the specific crime occurred, and not with regard to the Model as a whole.
  • If the Model conforms to codes of conduct drafted by industry associations, a court has the duty to indicate which best practices would have effectively prevented the crime.

This judgement ultimately grants exemption from 231 liability and recognizes that, since the Model was based on best practices, it was adequately preventing the crime, even if the crime was in fact committed due to the choice of the company’s managers to circumvent the Model.

If this trend in case law continues, companies will have a stronger incentive to adopt, enforce and update Models diligently reflecting best practices in crime prevention.

Further Crimes Triggering “231” Liability

Legal news, , , , , ,

Italian corporations are subject to criminal liability arising from legislative decree 231 of 2001: more on the topic can be found here.

“231 crimes” triggering such liability are already a vast and varied list of crimes. They are not limited to corruption crimes, but range from manslaughter due to breach of safety on the workplace provisions to corporate crimes and tax crimes.

Nonetheless, the list of “231 crimes” continues to grow.

Effective on July 30, 2020 new crimes will be added, as law 75 of 2020 will come into force. The new crimes are mostly further nuances of the tax crimes, as well as new crimes (fraud in public suppliesfraud in agriculture and smuggling, misappropriation and abuse of office).

It’s time for companies  to update their organizational models again! (Perhaps enjoy your well deserved summer vacation first: it has been quite a year).

Tax Crimes Will Trigger Criminal Liability of Corporate Entities

Legal news, , , , , ,

As a result of the so called “PIF Directive”, starting from July 2019 criminal corporate liability under Italian law 231 may be triggered by tax crimes, too.

(If you are not overly familiar with the principles of Italian 231 legislation on criminal liability of corporate entities, perhaps you may start here.)

Under Italian 231 law, corporations are subject to criminal (rather, quasi-criminal) liability when certain specific crimes are committed in their interest or to their advantage. So far, such crimes have never included tax crimes, although the issue had been widely debated and several court decisions had attempted to combine other types of crimes with tax crimes (the Supreme Court had always disagreed, though).

Now, the PIF Directive, which Member States must implement by July 6, 2019, “establishes minimum rules concerning the definition of criminal offences and sanctions with regard to combatting fraud and other illegal activities affecting the Union’s financial interests, with a view to strengthening protection against criminal offences which affect those financial interests.” Liability of legal entities must be foreseen by national legislation and serious offenses against the common VAT system must be punished.

The Italian legislator will thus need to introduce such serious VAT crimes (i.e., having a value in excess of 10 million euros) in the list of crimes triggering corporate liability. This, in fact, may open the door to other tax crimes as a basis of 231 liability of corporate entities.

New Whistleblowing Legislation Approved in Italy

Legal news, , , , , , , ,

Whistleblowers will be granted a higher level of protection under new legislation passed earlier this week in Italy.

The new provisions apply to civil servants as well as employees in the private sector. Whistleblowing protection will shield individuals who submit a good faith report concerning unlawful conduct, provided that such report is based on a reasonable belief and factual elements.

The new legislation prohibits any retaliation or other discriminatory measures against good faith whistleblowers, including termination, demotion, transfer or other organizational action.

In the private sector, the new legislation has a significant impact on organizational models adopted to prevent corporate criminal liability pursuant to Legislative Decree 231 of 2001. In fact, all organizational models will need to set up appropriate channels for the confidential reporting of criminal conduct and violations of the organizational models themselves.  Measures aimed at protecting the identity of the whistleblowers and the confidentiality of the reports, as well as disciplinary sanctions against retaliatory or discriminatory measures against whistleblowers, will also need to be included in such organizational models.

The new legislation is expected to enter into force shortly, upon publication in the official gazette.

Italian Corporate Criminal Liability 101: Basic Facts You Should Know

Uncategorized, , , , , , ,

Are Companies Criminally Liable under Italian Law? Yes!

Legislative Decree no. 231/2001 (the “231 Decree”) has introduced in Italy the principle that companies are responsible for crimes committed by:

  • Individuals vested with powers of company’s representation, control, direction, or management;
  • Individuals subject to the authority or control by the above-mentioned individuals, including employees, consultants, non subordinate employees and whoever acts on behalf of the company.
  • As a result, a company may now be considered liable for crimes committed by individuals in the interest or to the benefit of the company (while crimes committed by individuals in their exclusive interest or in the exclusive interest of third parties do not trigger company’s liability). The company’s liability is separate and distinct from the liability of the individual who committed the crime.

Which Crimes Trigger Liability? Several (not just corruption!).

The 231 Decree lists a number of crimes for which companies may be liable, which include:

  • Corporate crimes;
  • Crimes against public administrations;
  • Crimes against the dignity of individuals;
  • Conspiracies and terrorism;
  • Crimes arising out of breach of laws protecting the environment and health and safety at work;
  • Crimes related to criminal associations;
  • Money laundering.

Which Sanctions Apply? Monetary and blacklisting sanctions.

If a company is found liable, the following sanctions may apply:

  • monetary sanctions up to a maximum amount of Euro 1,549,370.69 (and precautionary seizure of the price or profit arising from the crime),
  • blacklisting sanctions (applicable also as a precautionary measure), with duration between 3 to 24 months, which can consist of, inter alia, the prohibition to conduct the Business’ commercial activity, the prohibition to contract with the public administration, the prohibition to advertise goods or services, seizure, or the publication of the court’s decision (if a blacklisting sanction is applied).

Are There any Grounds of Exemption from Criminal Corporate Liability?  Yes!

A company is not liable pursuant to the 231 Decree if it proves that:

  1. The management has adopted and effectively implemented a so-called Organizational Model’ in order to prevent the commission of the criminal offences listed in the 231 Decree by subjects acting on behalf of the company;
  2. The company has established an internal body (‘Compliance Committee’) entrusted with the task of supervising the proper functioning and update of the Organizational Model, as well as the actual compliance by all those who must abide by it;
  3. Crimes were committed by individuals vested with management powers who have fraudulently avoided compliance with the Organizational Model;
  4. The Compliance Committee has not omitted to perform, or negligently performed its supervision duties.
  5. This explains why companies operating in Italy typically devote substantial resources in the setting up of an Organizational Model.

How to Set up an Organizational Model?  Risk assessment, gap analysis, preventive measures.

In order to prepare an Organizational Model the following process is usually followed:

  1. Examination of areas of risk: on the basis of the company’s Organizational Model and relevant job descriptions, the risk of commission of each crime set forth in the 231 Decree is assessed.
  2. Analysis of existing procedures: all existing procedures and ethical principles are reviewed in order to identify procedures that may reduce the risk of commission of the crimes.
  3. Possible implementation of new measures: should the analysis of existing procedures lead to conclude that some of the risks are not properly reduced, new procedures should be implemented.

The Organizational Model must be Effective A compliance program on paper will not help!

Once a company has adopted an Organizational Model by means of a resolution of the Board of Directors, the company must ensure that it is effectively implemented, that employees and other individuals acting on behalf of the company are duly trained on the model and that any breach of the Model is sanctioned.

In particular, the appointed Compliance Committee must actively supervise the effective functioning and adequacy of the Model on an ongoing basis and in independent fashion. The Compliance Committee is generally in charge of:

  • Monitoring the activity carried out within the company and the areas considered at risk;
  • Assessment of the actual implementation of, and compliance with the Organizational Model;
  • Cooperation and consultation with the management as regards the application of disciplinary sanctions to employees in the event of breach of the internal procedures provided by the Organizational Model.