The Brazilian government edited Decree #11,129 on this Monday, July 11, 2022, updating the regulation of the Brazilian Anti-Corruption Act (Statute #12,846 of August 1, 2013) and bringing some changes to the content of Decree #8,420 of March 18, 2015, which was responsible for such regulation.
According to Article 42 of Decree #8,420, the following items of a compliance program were evaluated by the authority:
ARTICLE 42 OF DECREE #8,420/2015
I – commitment by the top management of the legal entity, including the councils, evidenced by the visible and unequivocal support to the program;
II – standards of conduct, code of ethics, integrity policies and procedures, applicable to all employees and managers, regardless of position or function;
III – standards of conduct, code of ethics and compliance policies extended to third parties when necessary, such as suppliers, service providers, intermediary agents and associates;
IV – periodic training on the compliance program;
V – periodic risk analysis to make necessary adaptations to the compliance program;
VI – accounting records that fully and accurately reflect the transactions of the legal entity;
VII – internal controls ensuring the prompt preparation and reliability of reports and financial statements of the legal entity;
VIII – specific procedures for preventing fraud and illicit acts within the scope of bidding processes, in the execution of administrative contracts or in any interaction with the public sector, even if intermediated by third parties, such as payment of taxes, subjection to inspections, or obtention of authorizations, licenses, permits, and certificates;
IX – independence, structure, and authority of the internal body responsible for implementing the compliance program and monitoring its enforcement;
X – channels for reporting irregularities, open and widely publicized to employees and third parties, and mechanisms designed to protect bona fide whistleblowers;
XI – disciplinary measures in case of violation of the compliance program;
XII – procedures that ensure the prompt interruption of detected irregularities or infractions and the timely remediation of generated damages;
XIII – appropriate procedures for contracting and, as the case may be, supervision of third parties, such as suppliers, service providers, intermediary agents, and associates;
XIV – verification, during the processes of mergers, acquisitions, and corporate restructuring, of irregularities or illicit acts or the existence of vulnerabilities in the legal entities involved;
XV – continuous monitoring of the compliance program aiming at its improvement in preventing, detecting, and combating the occurrence of harmful acts provided for in Article 5 of Statute #12,846, of 2013; and
XVI – transparency of the legal entity regarding donations to political candidates and parties.
According to the text of Article 57 of the new regulatory decree, there were the following – highlighted here in bold, for easier identification:
ARTICLE 57 OF DECREE #11,129/2022
I – commitment by the top management of the legal entity, including the councils, evidenced by the visible and unequivocal support to the program, as well as the allocation of adequate resources;
II – standards of conduct, code of ethics, compliance policies and procedures, applicable to all employees and managers, regardless of position or function;
III – standards of conduct, code of ethics and compliance policies extended to third parties when necessary, such as suppliers, service providers, intermediary agents and associates;
IV – periodic training and communication actions on the compliance program;
V – adequate risk management, including its analysis and periodic reassessment, to carry out the necessary adaptations to the compliance program and the efficient allocation of resources;
VI – accounting records that fully and accurately reflect the transactions of the legal entity;
VII – internal controls ensuring the prompt preparation and reliability of reports and financial statements of the legal entity;
VIII – specific procedures for preventing fraud and illicit acts within the scope of bidding processes, in the execution of administrative contracts or in any interaction with the public sector, even if intermediated by third parties, such as payment of taxes, subject to inspections or obtention of authorizations, licenses, permits and certificates;
IX – independence, structure and authority of the internal body responsible for implementing the compliance program and monitoring its enforcement;
X – channels for reporting irregularities, open and widely publicized to employees and third parties, and mechanisms for the treatment of complaints and the protection of bona fide whistleblowers;
XI – disciplinary measures in case of violation of the compliance program;
XII – procedures ensuring the prompt interruption of detected irregularities or infractions and the timely remediation of generated damages;
XIII – appropriate risk-based steps to:
a) contracting and, as the case may be, supervising third parties, such as suppliers, service providers, intermediary agents, brokers, consultants, commercial representatives, and associates;
b) hiring and, as the case may be, supervision of politically exposed persons, as well as their family members, close collaborators and legal entities in which they participate; and
c) carrying out and supervision sponsorships and donations;
XIV – verification, during the processes of mergers, acquisitions, and corporate restructuring, of irregularities or illicit acts or the existence of vulnerabilities in the legal entities involved; and
XV – continuous monitoring of the compliance program aiming at its improvement in preventing, detecting, and combating the occurrence of harmful acts provided for in Article 5 of Statute #12,846, of 2013.
The lawmakers rightly excluded item XVI, which dealt with the transparency of legal entities regarding donations to candidates and political parties, since there was a change in the electoral legislation prohibiting donations to political campaigns by the private sector.
Another point that also draws attention is the risk classification for due diligence, the emphasis placed on politically exposed persons, in addition to their families, and also the focus on sponsorships and donations.
Indeed, these were minor but certainly appropriate and welcome changes to improve compliance programs.