Tag Archives: criminal corporate liability

Tax Crimes Will Trigger Criminal Liability of Corporate Entities

As a result of the so called “PIF Directive”, starting from July 2019 criminal corporate liability under Italian law 231 may be triggered by tax crimes, too.

(If you are not overly familiar with the principles of Italian 231 legislation on criminal liability of corporate entities, perhaps you may start here.)

Under Italian 231 law, corporations are subject to criminal (rather, quasi-criminal) liability when certain specific crimes are committed in their interest or to their advantage. So far, such crimes have never included tax crimes, although the issue had been widely debated and several court decisions had attempted to combine other types of crimes with tax crimes (the Supreme Court had always disagreed, though).

Now, the PIF Directive, which Member States must implement by July 6, 2019, “establishes minimum rules concerning the definition of criminal offences and sanctions with regard to combatting fraud and other illegal activities affecting the Union’s financial interests, with a view to strengthening protection against criminal offences which affect those financial interests.” Liability of legal entities must be foreseen by national legislation and serious offenses against the common VAT system must be punished.

The Italian legislator will thus need to introduce such serious VAT crimes (i.e., having a value in excess of 10 million euros) in the list of crimes triggering corporate liability. This, in fact, may open the door to other tax crimes as a basis of 231 liability of corporate entities.

New crimes triggering criminal corporate liability introduced.

Starting from November 19, 2017 and following an amendment of the Anti-Mafia Code, additional criminal conducts will trigger corporate criminal liability pursuant to Legislative Decree no. 231 of 2001. (If you are not yet familiar with “231”, i.e., the Italian law setting forth criminal corporate liability, you may refer to our previous blog post for an overview of such legislation).

Section 25-duodecies of Legislative Decree no. 231 of 2001 has been amended by the introduction of three new paragraphs (1-bis, 1-ter and 1-quater) relating to the following crimes in the area of illegal immigration:

• Procured illegal entry into the State; and
• Favoring illegal permanence into the State.

The full list of crimes and sanctions can be found here.

The idea is to punish companies who take advantage of illegal immigration, as well as to provide an incentive to companies to organize their activities in order to prevent such corporate crimes (in fact, companies are exempt from liability if they set up and actively pursue organizational models aimed at preventing corporate crimes). It is, however, unclear if continuously increasing the list of crimes that companies must prevent is an efficient way to do that.

New Environmental Crimes Introduced: Time to Update Your Corporate Compliance Program!

On May 19, 2015 the Italian Senate passed bill no. 1345-B, introducing new environmental crimes. The law will become effective the day after its publication on the Official Gazette, following promulgation by the President of the Republic. The law introduces the following environmental crimes in the form of delitti (i.e. the most serious form of crimes), punishable with imprisonment and fines. It is important to note that such crimes are included among the crimes that give rise to criminal corporate liability pursuant to Legislative Decree 231/2001 (“Decree”).  As a result, companies who have already set up an organizational and control model aimed at exempting it from criminal corporate liability must update it in order to take into account prevention of the newly introduced criminal conducts. The new crimes can be described as follows:

  • Polluting.    Anyone who unlawfully damages or jeopardizes in a significant and measurable way waters, air, the surface or the underground, as well as ecosystems, plants or animals, is punishable with imprisonment between 2 and 6 years plus a fine between Euro 10,000.00 and 100,000.00. Sanctions may be higher in case of pollution of protected areas (such as historical sites) or protected plants or animal species. Also, imprisonment can reach as far as 20 years in case of death or injury as a consequence of pollution. As far as companies are concerned, commission of such crime leads to the imposition of monetary sanction between 250 and 600 quotas as per the Decree. Blacklisting sanctions set forth in the Decree may also apply.
  • Environmental disaster. This crime punishes, alternatively, the irreversible alteration of an ecosystem’s equilibrium, the alteration of an ecosystem’s equilibrium the restoring of which is particularly burdensome or can be achieved only by extraordinary measures, or the offense to public safety in light of its effects or the number of people affected. The mentioned conducts are punishable with imprisonment between 5 and 15 years. Also in this case, if protected areas or species are damaged, imprisonment can be increased by one third. The commission of such crime by a company leads to the imposition of monetary sanctions between 400 and 800 quotas, as per the Decree. Also in this case, blacklisting sanctions may apply.
  • Trafficking and disposal of highly radioactive materials.                       Unlawful sale, purchase, receipt, transportation, importation, exportation, supply, detention, transfer and disposal of highly radioactive materials are punished with imprisonment between 2 and 6 years, plus a fine between Euro 10,000.00 and 50,000.00. Sanctions may be increased in case of danger of damage or deterioration of waters, air, the surface or the underground, as well as ecosystems, plants or animals. Also, if any of the conducts jeopardizes the life or safety of individuals, sanctions may be increased by one half. Companies may be punished with monetary sanctions between 250 and 600 quotas in accordance with the Decree.
  • Hindered control. Hindrance of vigilance and control activities on environment, hygiene and safety on the workplace is punished with imprisonment between 6 months and 3 years.

If the above crimes are committed in the form of organized crime, sanctions already set forth against organized crime are increased by one third, and, if companies are involved, they may face sanctions between 300 and 1000 quotas as per the Decree. Sanctions are increased by one third to one half in case any public official or person in charge of a public service carrying out environmental-related offices partakes in the criminal organization. Not only the law provides for new crimes, but it also incentivizes remedial actions. Sanctions are in fact diminished by one half to two thirds in case remedial actions are taken to prevent occurrence of further consequences or to restore the status quo ante. Also, whistle-blowing is incentivized by reducing sanctions by one third to one half. Quite interestingly, the law prevents the statute of limitations from running in case of stay of proceedings ordered to allow remedial actions to be taken. Lastly, failure to take remedial actions, if ordered by a judge or by the law, is punished with imprisonment between one and four years plus a fine between Euro 20,000.00 to 80,000.00.

Which Organizational Model Will Shield An Entity From Corporate Criminal Liability Under Italian Law?

THE ENACTMENT OF LEGISLATIVE DECREE 231.  At the time of its enactment in 2001, Legislative Decree no. 231 had a revolutionary impact on the Italian legal system as it subverted a basic tenet of Italian criminal law according to which corporations bore no criminal liability. The assumption that only individuals could be directly subject to criminal sanctions was erased and a system aimed at punishing corporations for crimes committed by individuals to their advantage or in their interest was created. A specific set of sanctions able to punish the corporation and its shareholders was devised: monetary sanctions and blacklisting sanctions (inclusive of the prohibition to carry on the business activity and the appointment of receivers), which may also be ordered on an interim basis, apply instead of arrest and imprisonment of individuals[1].

THE PRINCIPLE OF LEGALITY.  Along with the horrific prospect of monetary fines up to 1.5 million Euros and disqualification from contracting with the Italian public administration (which is the source of vital revenues for many companies, especially in the life sciences field) came a couple of good news.  First of all, criminal liability of the corporation is subject to the principle of legality, i.e., it arises only if certain specific crimes listed in Legislative Decree no. 231 are committed.  A corporation, therefore, does not have to face the Italian criminal code in its entirety and may focus on a subset of crimes. The list of crimes has however been increased time and again by the Italian legislator and crimes giving rise to corporate liability now span from terrorism to money-laundering (and with each new addition that initial sense of relief gradually fades…).

AN EXEMPTION FROM LIABILITY.  In addition, Legislative Decree no. 231 expressly provides for an exemption from criminal corporate liability when the following circumstances are proven:

  • prior to the commission of the fact, the management body has adopted and effectively implemented organizational and management models adequate to prevent crimes similar to those of the type that occurred;
  • an internal corporate body (organismo di vigilanza) having autonomous powers of initiative and control has been entrusted with the task to oversee the application and compliance with such model, has ensured that the model is updated, and its vigilance has not been omitted or insufficient.

The key to shielding a company from criminal corporate liability is apparently easy as there are only two main ingredients required for this recipe: an “organizational model”, and an effective vigilance body.  Once both are proven by the defendant, then the burden of proof shifts to the prosecutor. As often highlighted by case law, criminal corporate liability is not strict liability (responsabilità oggettiva), but applies only as a consequence of “organizational negligence” (colpa di organizzazione)[2].  But what is exactly an organizational model and which are its essential features in order for it to be an effective ground of exemption from liability?

WHAT IS AN ORGANIZATIONAL MODEL?  In the course of the last decade or so, many corporations have tried to understand what an organizational model is, and how to set up one.  The industry associations CONFINDUSTRIA[3], representing industrial companies, and ASSOBIOMEDICA, in the name of medical device manufacturers, have gone as far as drafting guidelines in order to shed light on this exemption from liability.  In particular, ASSOBIOMEDICA has just released interesting Guidelines on this subject in November 2013[4].

Such guidance is very welcome as, in fact, Legislative Decree 231 deals with the issue only in a few sentences and the interpreters have been left with the difficult task of… making sense of them[5].  A useful hint comes from the legislator’s requirement that a model meets the following conditions (which also serves as step-by-step method on setting up a model):

a) identifies the activities which may give rise to the commission of crimes;

b) provides for specific protocols aimed at programming training and executing the decisions of the corporation in relation to the crimes that must be prevented;

c) identifies ways to manage financial resources adequate to prevent the commission of crimes;

d) foresees obligations to inform the vigilance body required to oversee the functioning and compliance of models;

e) introduces an adequate disciplinary system aimed at sanctioning any lack of compliance of measures set forth in the model”. (Section 6, paragraph 2)

The first step explains what I like to describe as the “soul searching” activity that the corporation must carry out in order to answer the following question: which business activities can lead to the commission of crimes? This also illustrates why a “cut & paste” organizational model will never work, since the law deems that the corporation has adequately prevented the commission of the 231 crimes only after understanding where and how likely they are committed. An organizational model must, at any given time, be extremely customized to its business, market, organizational structure and to the actual activities of the corporation[6].

Once risks are in focus, measures can be set up in order to prevent corporate crimes. The company is free to determine which measures to adopt, but preventive measures need to be sufficiently effective so that an individual must have fraudulently eluded them in order to commit the crime.

Only the corporation itself can determine which measures are appropriate and effective: measures, in fact, can range from a code of conduct to organizational measures, from policies, procedures and protocols mapping and regulating business activities to controls and monitoring systems adequate to verify if the prescriptions by the corporation are actually followed by employees. Specific attention is given to financial resources, which Legislative Decree no. 231/2001 believes should be managed with sufficient protocols, separation of functions and controls as to prevent any crimes from being committed with corporate funds. Last but not least, an organizational model needs some “teeth”: if employees do not abide by the rules, they need to be adequately sanctioned.

So, back to our original question: what is an organizational model? It is a system of structural and prescriptive measures that organizes a business in the most effective way to prevent the commission 231 crimes. In other words, the organizational model is not just a document, but reflects and memorializes the efforts undertaken by a company in order to prevent the commission of crimes foreseen by Legislative Decree 231/2001.

THE ORGANIZATIONAL MODEL’S WATCHDOGThe system is only regarded as effective if it is supervised by a specific body of the corporation (organismo di vigilanza, or ODV) having “autonomous powers of initiative and control(Section 6 Paragraph 1). Much debate has been sparked by these few words of Legislative Decree 231/2001[7].  If such words need to be interpreted as requiring autonomy, independence, continuity of action and competence, then the corporation is faced with a difficult task: finding one or more people who will be independent yet knowledgeable about the corporation’s activities, free and autonomous to make decisions yet informed about what is going on within the company. The near impossible balance is often achieved by appointing a mix of internal and external individuals who can bring professional skills, but also perspective, to the job. ASSOBIOMEDICA’s guidelines point out that the above requirements must be referred to the body in its entirety, and not to the single members of the organismo di vigilanza[8], and add that the body’s activity must be full-time, a feature rarely found in practice. The model must also set forth adequate information flows that sufficiently inform the ODV on activities within the areas at risk.

SO WHICH ORGANIZATIONAL MODEL DOES PROVIDE AN EXEMPTION FROM CRIMINAL CORPORATE LIABILITY? On the basis of the opinion of scholars, guidelines and case law on this issue, the answer is fairly simple: an effective one. What does this mean? Unapplied codes of conduct, policies and protocols are not going to help. A beautifully crafted model without a documented history of controls, monitoring and suggested sanctions by the ODV will not get very far. A passive ODV will show that the company is aiming at a pretense of compliance, rather than targeting actual compliance.

Interesting tips can be drawn from the assessment carried out by court appointed experts on the organizational models of pharmaceutical companies accused of criminal liability in connection with a fraud investigated by the office of prosecution in Bari, which ended with plea bargain. The experts concluded that the models were insufficiently preventing the concerned crimes. Although the protocols were “appreciably implemented”, the ODV was deemed to be too marginal within the life of the corporation, audits on the use of financial resources did not occur, while very high incentives to sales staff were granted[9].

In conclusion, the organizational model must become a living system, known to employees, strictly applied after adequate audits, and giving rise to sanctions in case of lack of compliance. A court must be able to see that the organizational model has truly become the DNA of a company, who has tried its very best to prevent that its business activities can lead to criminal conducts.

[1] The exercise of understanding how sanctions originally envisaged for natural persons apply to corporations is still ongoing. For example, a recent court decision (Supreme Court no. 44824 of September 26, 2012) has stated that bankruptcy of the corporation is not equal to death of the offender and thus does not extinguish the crime, thus contradicting prior judgments of lower courts (e.g., Court of Milan October 20, 2011).

[2] The concept of “colpa di organizzazione”, which appeared in case law as early as in the decision of the Court of Palermo of July 1, 2005, was well clarified by the Supreme Court in its decision no. 27735 of July 16, 2010. A useful discussion of the same principle can also be found in the decision by the Court of Milan of March 8, 2012, which argues that negligence in organization is constituted by planning negligence, management negligence and vigilance negligence.

[3] The latest guidelines by CONFINDUSTRIA have been updated on March 31, 2008.

[4] http://www.assobiomedica.it/static/upload/lin/linee-guida-231-01-parte-generale-rev.-2009.pdf

[5] The Court of Milan (Ufficio Indagini Preliminari, November 3, 2010) has however excluded that the indeterminateness of Legislative Decree no. 231/2001 can give rise to a breach of the Constitution.

[6] Additionally, certain scholars argue that the legislator could not possibly suggest any preventive measures due to the constitutional principle of freedom of economic enterprise.

[7] The latest amendments to Legislative Decree no. 231 of 2001 allowing the board of statutory auditors (collegio sindacale), the supervisory committee (consiglio di sorverglianza) and the committee for management control (comitato per il controllo della gestione) to serve as organismo di vigilanza have given rise to further critiques as many scholars disagree on the ability of such bodies to have sufficient independence and adequate professional competence. See, e.g., the white paper of March 27, 2012 by Associazione dei Componenti degli Organismi di Vigilanza ex D.Lgs. 231/2001.

[8] Note that others disagree on this point (e.g.,  Carlo Piergallini “Paradigmatica dell’autocontrollo penale (dalla funzione alla struttura del “modello organizzativo” ex d.lg. n. 231/2001”, on Cassazione Penale, fasc. 1, 2013, pag. 0376B.)

[9] See the thorough analysis of Matteo Vizzardi “Prevenzione del rischio-reato e standard di adeguatezza delle cautele: i modelli di organizzazione e di gestione di società farmaceutiche al banco di prova di un’indagine peritale” published in Cassazione Penale, March 2010, no. 3.