Italian Legislative Decree n. 231 of 8 June 2001 introduced the concept of company liability, it states that legal entities may be held criminally or financially liable in relation to certain predicate offences which are committed or attempted by senior managers or subordinates in the interest or for benefit of the company.
Ratio legis and scope of the legislation
The “ratio legis” is that the company or other legal entity is considered directly responsible for certain crimes, which are understood to occur due to a lack of organisation and supervision: it is an act of omission and negligence that allows the crimes to take place as a result of a non-existent or inefficient management control system.
The scope of application of the legislation is to be found in the “predicate offences”, which include business crimes (false or misleading company statements), workplace accidents, unlawful processing of personal data, environmental offences, money laundering (misuse of privileged information).
An organisational model from the perspective of risk assessment
A tool for combating illegality within a company is the effective – and not just formal – adoption of an organisational model, consisting of procedures and rules of conduct which are specific to the company and which can be implemented successfully. To do this, it is necessary to adopt a policy of risk assessment and gap analysis within the risk management model:
- Process analysis: breaking down the business activity into individual processes, checking each process on the basis of its function and the achievement of the desired result, checking whether the process complies with applicable legislation;
- Risk assessment: identification of the points within the process that are at greatest risk, risk assessment and specification of prevention and protection measures
- Control: implementation of a control mechanism. This is done through the Supervisory Board, which is independent, has financial strength and is responsible for verifying full compliance with the procedures set out in the organisational model.
The optional nature of the model: a distinctive feature of Legislative Decree 231
While in other fields – such as workplace safety – the provisions regarding risk limitation are mandatory legal requirements, the management organisational model that counteracts the commission of predicate offences is optional. The relative legislation therefore leaves the application of an organisational model to the discretion of decision-makers within the company.
The “231” Organisational Model: manage the processes, protect the company
While the law states that the adoption of an organisational model is optional, what the company must watch out for is precisely the absence or ineffectiveness of a 231 organisational model, or the absence or inaction of the supervisory board.
This is because not putting an adequate organisational structure into place automatically renders the company liable for the crimes committed, unless the company proves (Article 6 of Legislative Decree 231/2001) that it had adopted effective organisational and control models before the offence took place. This principle is referred to in a key judgment of 2007 – the first following publication of Legislative Decree 231 – in which the Court of Milan acquitted a public limited company of the crime of market manipulation as a direct result of its organisational model.
Adopting an organisational model therefore becomes a cornerstone of how a company manages its processes while, at the same time, protecting itself from unlawful actions committed by its staff.
PLS is able to offer specific consultancy services regarding the administrative liability of legal entities, according to Italian Legislative Decree 231/01, thanks to a team of qualified professionals with experience in matters related to compliance and criminal law, thus ensuring a multidisciplinary approach. Our experts have a wide range of professional backgrounds and together we provide a premium service.
At PLS we study the procedure which is best suited to your needs, we analyse the characteristics of your company and the responsibilities associated with your business activity. As a result, we identify the areas which may be susceptible in terms of the crimes that could be committed and we then draw up an Organisational Model; we ensure that it will be fully comprehensible and we also offer training to those who receive and apply the Model. The effectiveness of the Model is also guaranteed by means of company procedures and operating instructions that are prepared and applied, as well as by drafting implementation protocols.
What’s more, PLS also intervenes – in collaboration with PLS LEGAL – if critical situations arise, providing consultancy and assistance regarding the 231/01 processes, preparing Models to “remedy” the situation if necessary.
Chair and external member of the Supervisory Board
A qualified person capable of implementing appropriate monitoring and control activities regarding the implementation protocols drawn up in compliance with the organisational model, as envisaged in Legislative Decree 231/01. This person has multidisciplinary skills and is able to ensure relevant coverage of the monitoring and control activities that serve to prevent the so-called predicate offences from being committed.
- Verifies coherence of the organisational model with the implementation protocols derived from the Organisation, Management and Control Model (“MOG”)
- Defines and carries out an audit plan
- Interacts with senior management and the board in order to clarify the monitoring and control activities carried out
- Receiving communications, which may be anonymous, relating to alleged breaches of the model, even just potential infringements.
The Organisation, Management and Control Model “MOG” or “231 model”
What is the 231 model? The 231 organisational model, also referred to as the Organisation, Management and Control Model (“MOG”) is the document which describes the organisational procedures that have been established by the company or other legal entity in order to prevent crimes from being committed by senior management or subordinates.
- Definition of the ethical principles: preparation and dissemination of a Code of Ethics
- Process assessment: definition of the business activities, roles and processes within the company
- Risk assessment and gap analysis: identification of points in the company system in which there is a risk of crimes being committed
- Risk management: development of codes of conduct – to be shared with trade unions
- Auditing: activation of an auditing system through the Supervisory Board, including a definition of how the Supervisory Board functions and the relations between this Board and top management
- Improvement: measures to update and improve of the model
Who is responsible for preparing it? Top Management
Legal framework: Legislative Decree 231/01
The adoption of an Organisation, Management and Control Model becomes the main tool to combat illegality within the company. It is therefore clear that implementing the Model correctly is the main way for the company to manage its processes and protect itself in the event that crimes are committed by its staff.