On March 19, 2015, came into force the much-awaited decree that provides regulation to Law No. 12,846/13, known as the Anti-Corruption Law. Decree 8,420/2015 has six chapters that cover the following topics: i) Administrative Liability; ii) Administrative Sanctions and Submission to the Judicial Branch; iii) Leniency Agreement; iv) Compliance Program (referenced as Integrity Program on the decree); v) National List of Suspended and Debarred Companies and National List of Punished Companies; and vi) Final Provisions. We will list below the main provisions of each chapter focusing on the criteria for the evaluation of a compliance program, in accordance with the parameters established by the decree.
I. Main Provisions of the Decree
Below are the main provisions of each chapter of the decree:
Chapter 1- Administrative Liability
A legal entity’s administrative liability will be ascertained through the Sanctioning Administrative Procedure (“PAR”, in its Portuguese abbreviation). The jurisdiction to initiate and judge such proceedings will be of the highest authority of the administrative entity against which the wrongful act was committed, or of the Minister of State for cases involving direct administration entities. Upon acknowledgement of possible occurrence of wrongful act, the responsible authority may initiate a PAR or may open a preliminary investigation conducted on a confidential and non punitive basis and lead by a commission comprised of two or more public employees or public agents, in the event that the federal public administration is involved. Such preliminary investigations must be concluded within sixty days, extendable for another equal period. Upon initiation of the PAR, after a preliminary investigation, the responsible authority will appoint a new commission to evaluate the investigated facts, and the legal entity will be able to present its defense within 30 days. The PAR must be concluded within one hundred and eighty days, from the date of its initiation, however, it may be extended by determination from the authority that initiated the procedure. After the PAR is concluded, the commission must issue a report on the ascertained facts and recommend sanctions to be applied. The report will be sent to the responsible authority for judgment. The administrative decision will be published on the Official Federal Gazette and reconsideration may be filed within ten days. Such request must be analyzed within thirty days. If the existence of possible illicit acts to be investigated in other instances are verified, the commission’s report must be submitted to the Public Prosecutor’s Office, to the Federal Attorney General’s Office or to the equivalent entity of judicial representation, depending on the entity of the public administration that is involved. As mentioned before, the General Comptroller’s Office (‘CGU”, in its Portuguese abbreviation) will have concurrent jurisdiction to initiate PARs concerning the Federal Executive Branch, and to, at any time, take over existing procedures to assess their lawfulness, if one of the following can be verified: i) the responsible authority’s omission; ii) the lack of objective conditions by the original responsible authority that conducted the investigation; iii) the complexity, repercussion, and relevance of the subject; iv) the value of the contracts between the legal entity and the affected public entity; or v) the facts involve more than one entity of the federal public administration. The CGU will have exclusive jurisdiction to initiate and ascertain PAR for acts committed against foreign public administration.
Chapter II – Administrative Sanctions and Submission to the Judicial Branch
Similar to the methodology that has been adopted in other countries, such as in the United States of America, the decree establishes the criteria for the calculation of the fine in case of violation of the Anticorruption Law. 1. Sum of the amounts corresponding to the following percentages of the gross revenue of the legal entity for the fiscal year previous to the initiation of the PAR, excluding taxes: i) one to two and a half percent if the wrongful acts continued over time; ii) one to two and a half percent if individuals belonging to the board of directors or management of the legal entity tolerated or were aware of the wrongful acts; iii) one to four percent in case of interruption of public construction or provision of public service; iv) one percent for the economic condition of the offender based on the presentation of General Solvency – GS and General Liquidity – GL indexes superior to one and of net profit in the fiscal year previous to the wrongful act; v) five percent in the event of reoccurrence, defined as the occurrence of a new infraction, identical or not to the previous offense, established as a wrongful act by article 5 of the Anticorruption Law, less than five years from the publication of the decision of the previous infraction; and vi) in the event of contracts retained or intended with the affected public entity, the following percentages will be considered (assessed as of the date of the wrongful act):
- one percent on contracts of an amount higher than R$ 1,500,000.00 (one million and five hundred Brazilian Reais);
- two percent on contracts of an amount higher than R$ 10,000.000.00 (ten million Brazilian Reais);
- three percent on contracts of an amount higher than R$ 50,000,000.00 (fifty million Brazilian Reais);
- four percent on contracts of an amount higher than R$ 250,000,000.00 (two hundred and fifty million Brazilian Reais); and
- five percent on contracts of an amount higher than R$ 1,000,000,000.00 (one billion Brazilian Reais).
2. From to the sum of the amounts above, will be deducted the amounts corresponding to the following percentages of the gross revenue of the legal entity for the fiscal year previous to the initiation of the PAR, excluding taxes:
- one percent in the event the infraction was not completed;
- one and a half percent for evidence of reimbursement by the legal entity of damages it has caused;
- one to one and a half percent for the level of cooperation of the legal entity with the investigation or with the ascertainment of the wrongful act, regardless of the leniency agreement;
- two percent in the event of voluntary self-disclosure by the legal entity before the initiation of the PAR related to the occurrence of the wrongful act; and
- one to four percent for evidence of the existence and enforcement of a compliance program, in accordance with the parameters established within the decree.
The decree sets forth that the minimum limit for the fine will be the highest amount between 0) the benefit earned and (ii) one tenth percent of the gross revenue in the fiscal year previous to the initiation of the PAR, excluding taxes, or R$ 6,000.00 (six thousand Brazilian Reais), on a case by case basis. The maximum limit for the fine will be the lowest amount between (i) twenty percent of the gross revenue in the fiscal year previous to the initiation of the PAR, excluding taxes, or (ii) three times the amount of the benefit earned or intended to be earned. Article 21 of the decree indicates that the methodology to establish the criteria to ascertain the gross revenue and the taxes to be deducted, for the purposes of calculating the fine, will be regulated by the Minister Head of State of CGU. The fine imposed on a legal entity must be paid within thirty days. After this period, the debit will be submitted for registration under the Federal Active Debt or under governmental agencies and public foundations.
Chapter III- Leniency Agreement
A leniency agreement will be executed with the legal entity responsible for committing wrongful acts under the Anticorruption Law, as well as illicit acts under Law No. 8,666/93 (“Public Procurement Law”), with the purpose to exempt or mitigate administrative sanctions. The CGU is responsible for executing leniency agreements concerning the Federal Executive Branch as well as in cases involving wrongful acts committed against foreign public administration. To enter into a leniency agreement, the legal entity must:
- be the first to demonstrate interest to cooperate in the investigation of a specific wrongful act, when such circumstance is relevant;
- have fully suspended its involvement in the wrongful act (as of the date the agreement is signed);
- confess its participation in the administrative infraction;
- fully and permanently cooperate with the investigations and any administrative procedures and attend, at its own expenses and every time required, all of the proceedings until their conclusion; and
- provide information, documentation, and other evidence of the administrative infraction.
A leniency agreement may be proposed at any time up to the issuance of the report prepared in the PAR. The proposal of the leniency agreement may be oral or written and must be treated as confidential by the authorities, unless the legal entity authorizes the disclosure of the information and the CGU agrees to such disclosure. The negotiations of the leniency agreement must be concluded within one hundred and eighty days from its proposal, it being possible to extend this deadline. During this period, the legal entity may revoke the proposal. The decree clarifies that the benefits of the leniency agreement will be extended to the legal entities of the same economic group if the agreement was jointly executed.
Chapter IV- Integrity Program
One of the main chapters of the decree provides the parameters to evaluate the integrity program. The decree defines the integrity program as ‘the group of mechanisms and internal procedures of integrity, audit, and incentive for the report of irregularities, as well as the effective enforcement of the codes of ethics and conduct, policies, and directives with the purpose to detect and remedy deviations, frauds, irregularities, and illicit acts committed against national or foreign public administration.” It must be noted that the paragraph of article 41 explains that integrity programs must be individualized and structured in accordance with the characteristics of each legal entity. This provision is important and solidifies the understanding that there are not “off-the-shelf’ compliance programs. The creation of an adequate compliance program must assess the specific risks of each legal entity, as well as the particularities of its activities. In view of that, legal entities, before implementing or reviewing their compliance programs, must consider an assessment of its internal risks, the so called Risk Assessment, so that their compliance program may be considered effective. The decree provides that a compliance program will be evaluated according to the following parameters:
- commitment of the legal entity’s senior management, including board members, demonstrated by clear and unequivocal support to the program;
- standards of conduct, code of ethics, policies, and integrity procedures that are applied to all employees and administrators, regardless of their position or role;
- standards of conduct, code of ethics and integrity policies that are extended, when necessary, to third parties, such as suppliers, service providers, intermediaries, and other associates;
- periodic training on the integrity program;
- periodic analysis of risks in order to implement necessary adjustments to the integrity program;
- accounting records that precisely and completely reflect the transactions of the legal entity;
- internal controls that assure that reports and financial statements of the legal entity are readily prepared and trustworthy;
- specific procedures to prevent frauds and illicit acts within tender processes, in the execution of administrative contracts or in any interaction with the public sector, even if intermediated by third parties, such as the payment of taxes, subjection to inspections, or obtainment of authorizations, licenses, permits and certificates;
- independence, in structure and authority, of the internal department that is responsible for enforcing the integrity program and monitoring its compliance;
- channels to report irregularities openly and broadly disseminated among employees and third parties, and mechanisms to protect good-faith whistleblowers;
- disciplinary measures enforced against those found to have violated the integrity program;
- procedures that assure the immediate suspension of irregularities or detected infractions and the timely remediation of the damages caused;
- proper due diligence conducted prior to engage, and depending on the circumstances, to monitor third parties, such as suppliers, service providers, intermediaries, and other associates;
- verification, during a merger, acquisition, or other corporate restructuring, of the occurrence of irregularities or illicit acts, or the existence of vulnerabilities in the legal entities involved;
- continuous monitoring of the integrity program to ensure it remains effective at preventing, detecting and otherwise addressing the wrongful acts set forth in article 5 of the Anticorruption Law; and
- transparency surrounding donations to candidates and political parties made by the legal entity.
Some aspects of the decree need to be highlighted. Although the Anticorruption Law does not have a provision dedicated to accounting violations or to flaws in internal controls, as the U.S. Foreign Corrupt Practices Act (“FCPA”, the decree sets forth such aspects as parameters to assess compliance programs. In view of that, in order to have a compliance program that may be considered effective, legal entities subject to the Anticorruption Law must create policies and procedures to assure the accuracy of its accounting records and internal controls. Moreover, in line with principles well established by legal systems of foreign jurisdictions, the decree indicates the importance of establishing clear procedures regarding the following risk areas:
- participation on tenders, directly or through third parties;
- adequate due diligence procedures and training of third parties;
- commitment of the legal entity’s senior management (“tone at the top”);
- implementation of adequate disciplinary measures;
- control of donations for candidates and political parties;
- policies against retaliation;
- adequate due diligence focused on compliance risks surrounding corporate restructuring transactions such as mergers and incorporations; and
- continuous monitoring, among other important areas.
The standards for assessing the compliance program of the companies will be determined in accordance with the unique risk profile of each company, and micro and small enterprises are exempt of some formalities of the parameters set forth in the decree.
Chapter V – List of Suspended and Debarred Companies and List of Punished Companies
The National List of Suspended and Debarred Companies (“CEIS”, in its Portuguese abbreviation) will contain information that refer to administrative sanctions that restrict the possibility of a company to participate in public tenders or to contract with the public administration. The National List of Punished Companies (“CNEP”, in its Portuguese abbreviation) will contain information that refer to sanctions imposed under the Anticorruption Law or the violation of leniency agreements. The exclusion of the data and information available on CEIS o CNEP will occur (i) at the end of the term regarding the sanction’s restrictive or impeditive effect; or (ii) through a request made by the interested legal entity after some requirements are fulfilled, such as publication of the decision that rehabilitates the sanctioned legal entity, full compliance with the leniency agreement, compensation of the damage that was caused, or payment of the fine.
Chapter VI – Final Provisions
The chapter of final provisions addresses three areas relevant to enforcement of the new law:
- Public administration’s entities, exercising their regulatory power, will set the effects of the Anticorruption Law, related to the regulated activities, including regarding leniency agreements;
- The initiation of the PAR will not interfere with the continuation of administrative proceedings to ascertain eventual damages to the federal public administration; and
- The Minister Head of State of the CGU will dispatch orientations and complementary procedures for the enforcement of the decree as, for instance, the formula for the calculation that defines the gross revenue and tax related discount applicable to the calculation of the fine, as indicated above.
II – How to Prepare?
When the Anticorruption Law was approved, we emphasized in a Legal Alert the main attention areas and some important measures to be observed by companies in preparation for the new law (Click to access the Alert and to access the translation of the Anticorruption Law). Below are some additional considerations in light of the new regulating decree:
1. Risk Assessment
Compliance programs must be created considering the unique operations and associated risks of each company, which varies according to the size of the company, the value and nature of its commercial transactions, the location of its operations and activities (including its overseas operations), the extent to which it uses third parties that act on its behalf, and the perception of risk. Therefore, the mere creation of a compliance program is not enough. It is necessary that such program be customized so that all risk areas are mitigated. Risk assessments must be a regular and systematic exercise to serve as basis for implementation of the company’s compliance program, or for periodic reviews of its policies and controls. On this occasion, all aspects of the company will be taken into consideration. The identification of the risk factors to which the company is exposed is essential to define the best ways to prevent and detect the occurrence of violations. Factors such as: i) the structure and means of negotiations and sales; ii) financial controls; iii) the engagement of third parties; and iv) problems that have occurred in the past, are some of the aspects that will determine the company’s risk and those areas that need greater attention.
2. Review and Update of Existent Compliance Program
The evaluation parameters of the compliance program set forth in the decree are in line with several international references about compliance programs that certainly were used as the basis of the decree. It must be noted, however, that the Anticorruption Law does not only deals with corruption. Thus, some of the parameters to evaluate compliance programs go beyond the ones already used by companies that are subject to other legislations, such as the FCPA and the U.K. Bribery Act (“UKBA”). Since many of the wrongful acts set forth in the Anticorruption Law are related to public tenders and public contracts (not necessarily related to corruption), it is important that companies have specific policies and trainings in place to prevent frauds and illicit acts within public tender processes, execution of administrative contracts or any interaction with the public sector. Moreover, even companies that already have a robust compliance program in place must review and update its program when necessary. The decree sets forth some specific parameters that may not be part of the company’s current compliance programs, including those subject to FCPA and UKBA. In this sense, it is critical to highlight the importance of implementing and extending the company’s integrity policies to third parties, since the decree clearly indicates that the compliance program will also be evaluated regarding its existence and enforcement in relation to third parties. Moreover, the decree sets forth that the company’s reporting channels must be open and disseminated to third parties, and not only to employees.
3. Internal Controls’ Mechanisms
Companies must create practical mechanisms to assure the enforcement of their policies and that they have adequate procedures in place to identify risks in their operations. The FCPA, clearly indicates the responsibility of certain companies to keep precise books and records as well as to have internal controls’ and other mechanisms that allow to promptly identify actions that deviate from the law, its policies, or the best practices for accounting procedures. The existence of internal controls and accurate and complete accounting records will be a parameter for the evaluation of compliance programs, according to the decree. In view of that, it is important that companies create specific policies and implement specific trainings, that focus in compliance risks for employees from areas that are more involved with the implementation and assessment of such controls, such as the Legal, Finance and Controller’s Departments.
4. Monitoring and Periodic Reviews of the Compliance Program
Companies must establish policies to monitor its procedures and controls in order to assure that their employees are acting in compliance with the policies and procedures implemented, and communicate them to employees through periodic training. Analyzing the implementation and evolution of the compliance program on a systematic basis is a critical element for a robust compliance program. An effective monitoring system includes items such as: i) financial audits; ii) periodic reviews of the practices for engagement of third parties; iii) reviews of internal procedures such as the approval and offer of donations, gifts, and entertainment; iv) and reviews and updates to the Code of Conduct and other company’s policies. One way to monitor policies is to keep regular contact with your employees. An important aspect of an effective compliance program is the existence and dissemination of channels of communication that allow employees to report, on an anonymous basis, their concerns