The Italian Supreme Court has recently published a judgment (no. 23401 of 2022, hereinafter the “Impregilo Case”) that sheds new light on certain elements of liability of Italian companies arising from legislative decree no. 231 of 2001.
Put it simply, legislative decree 231 has established quasi-criminal liability of companies when one of their employees commits a certain crime to its benefit or in its interest. The same law has established that the company is exempt from liability if (i) it has adopted an organizational and management model (“Model”) aimed at preventing such crimes, and (ii) it has appointed an independent compliance committee (“Committee”), which has diligently overseen the actual application of such Model. If a company has not adopted an adequate Model duly enforced by the Committee, then it is regarded as failing to diligently organize itself in order to prevent 231 crimes: having failed at its duty to prevent the crime, it is therefore at fault (so called “colpa in organizzazione”, or organizational fault) and liable. Additional information on 231 legislation can be found here.
In the Impregilo Case, which followed a tortuous path through courts of various instances, the Supreme Court has established very interesting principles:
- The mere fact that a certain 231 crime has occurred is not sufficient to prove that the Model was inadequate: 231 liability of a company is not strict liability, rather is based on fault, i.e., depends on lack of diligence in preventing the crime.
- Adequacy of the Model must be assessed with a focus on the specific crime occurred, and not with regard to the Model as a whole.
- If the Model conforms to codes of conduct drafted by industry associations, a court has the duty to indicate which best practices would have effectively prevented the crime.
This judgement ultimately grants exemption from 231 liability and recognizes that, since the Model was based on best practices, it was adequately preventing the crime, even if the crime was in fact committed due to the choice of the company’s managers to circumvent the Model.
If this trend in case law continues, companies will have a stronger incentive to adopt, enforce and update Models diligently reflecting best practices in crime prevention.
New tax crimes that may trigger corporate liability have been introduced by the Italian budget law, namely by section 39 of law decree no. 124 of 2019 relating to fiscal measures (decreto fiscale).
The new section “25-quinquiesdecies” (sic!) applies to crimes of fraudulent tax statements through invoices or other inexistent transactions, invoicing inexistent transactions, fraudulent avoidance of tax payment and destruction of accounting documents.
As a result, companies that commit such fraudulent tax crimes are not only subject to tax liability, but also to “231” liability and punished with a monetary sanction up to 774,500 Euros. Such “231” liability may be in addition to the personal criminal liability of their directors. Additionally, in many cases the confiscation of money, goods or other benefits resulting from the tax crime also applies.
The new crimes will be in force starting from the publication on the Official Gazette of the law converting the above mentioned law decree, which must be converted by the Italian Parliament before Christmas Day.
Companies must therefore act in order to ensure that their 231 organizational models include sufficient provisions aimed at preventing such crimes, such as controls on the veracity of transactions, on the keeping of accounting documents and on the contractual counterparty indicated by the company’s tax documentation. Of course, we at Gitti and Partners can help!
Are Companies Criminally Liable under Italian Law? Yes!
Legislative Decree no. 231/2001 (the “231 Decree”) has introduced in Italy the principle that companies are responsible for crimes committed by:
- Individuals vested with powers of company’s representation, control, direction, or management;
- Individuals subject to the authority or control by the above-mentioned individuals, including employees, consultants, non subordinate employees and whoever acts on behalf of the company.
- As a result, a company may now be considered liable for crimes committed by individuals in the interest or to the benefit of the company (while crimes committed by individuals in their exclusive interest or in the exclusive interest of third parties do not trigger company’s liability). The company’s liability is separate and distinct from the liability of the individual who committed the crime.
Which Crimes Trigger Liability? Several (not just corruption!).
The 231 Decree lists a number of crimes for which companies may be liable, which include:
- Corporate crimes;
- Crimes against public administrations;
- Crimes against the dignity of individuals;
- Conspiracies and terrorism;
- Crimes arising out of breach of laws protecting the environment and health and safety at work;
- Crimes related to criminal associations;
- Money laundering.
Which Sanctions Apply? Monetary and blacklisting sanctions.
If a company is found liable, the following sanctions may apply:
- monetary sanctions up to a maximum amount of Euro 1,549,370.69 (and precautionary seizure of the price or profit arising from the crime),
- blacklisting sanctions (applicable also as a precautionary measure), with duration between 3 to 24 months, which can consist of, inter alia, the prohibition to conduct the Business’ commercial activity, the prohibition to contract with the public administration, the prohibition to advertise goods or services, seizure, or the publication of the court’s decision (if a blacklisting sanction is applied).
Are There any Grounds of Exemption from Criminal Corporate Liability? Yes!
A company is not liable pursuant to the 231 Decree if it proves that:
- The management has adopted and effectively implemented a so-called ‘Organizational Model’ in order to prevent the commission of the criminal offences listed in the 231 Decree by subjects acting on behalf of the company;
- The company has established an internal body (‘Compliance Committee’) entrusted with the task of supervising the proper functioning and update of the Organizational Model, as well as the actual compliance by all those who must abide by it;
- Crimes were committed by individuals vested with management powers who have fraudulently avoided compliance with the Organizational Model;
- The Compliance Committee has not omitted to perform, or negligently performed its supervision duties.
- This explains why companies operating in Italy typically devote substantial resources in the setting up of an Organizational Model.
How to Set up an Organizational Model? Risk assessment, gap analysis, preventive measures.
In order to prepare an Organizational Model the following process is usually followed:
- Examination of areas of risk: on the basis of the company’s Organizational Model and relevant job descriptions, the risk of commission of each crime set forth in the 231 Decree is assessed.
- Analysis of existing procedures: all existing procedures and ethical principles are reviewed in order to identify procedures that may reduce the risk of commission of the crimes.
- Possible implementation of new measures: should the analysis of existing procedures lead to conclude that some of the risks are not properly reduced, new procedures should be implemented.
The Organizational Model must be Effective. A compliance program on paper will not help!
Once a company has adopted an Organizational Model by means of a resolution of the Board of Directors, the company must ensure that it is effectively implemented, that employees and other individuals acting on behalf of the company are duly trained on the model and that any breach of the Model is sanctioned.
In particular, the appointed Compliance Committee must actively supervise the effective functioning and adequacy of the Model on an ongoing basis and in independent fashion. The Compliance Committee is generally in charge of:
- Monitoring the activity carried out within the company and the areas considered at risk;
- Assessment of the actual implementation of, and compliance with the Organizational Model;
- Cooperation and consultation with the management as regards the application of disciplinary sanctions to employees in the event of breach of the internal procedures provided by the Organizational Model.