On July 12, 2022, the Presidency of the Republic published Brazil’s Decree No. 11,129/2022 with changes in the regulation of the Anti-Corruption Law (Law No. 12,846/2013), which provides for the administrative and civil liability of legal entities for acts against the national or foreign public administration.

The updates of the Brazilian legal framework mainly derive from the United States Department of Justice (DOJ)’s Guidelines on Evaluation of Corporate Compliance Programs from 2020 and lessons learned from practical application of the Brazilian Anti-Corruption Law since 2014.

These developments indicate a maturation of compliance programs in Brazil, as the new regulation grants more autonomy to the compliance department, reinforces the importance of the support of the senior management, the need of ensuring adequate resources to compliance department, and a risk-based approach in the structuring of the compliance program and controls.

Below are the main developments in the compliance programs that companies doing business in Brazil should be mindful of in view of the new Decree:

Senior Management Must Ensure Adequate Resources for Compliance
The importance of leadership in fostering a company’s culture cannot be understated. Thus, the weight given to the performance of senior management in supporting the measures to be implemented by the compliance area is natural and welcomed in the legal update

Decree is the inclusion—within the compliance program’s evaluation parameter related to the commitment of senior management—of the following requirement: allocation of adequate resources.

As “adequate resources” is a broad concept, until a new manual by CGU is issued, we can consider, based on the current CGU manual, that the budget allocated to the compliance area will be one of the elements. Taking into account the recent DOJ guidelines for evaluating these programs, top management must also guarantee seniority to the person in charge of the compliance department, as well as sufficient resources, control and autonomy systems.

The company’s senior management shall also be responsible for supporting internal and external communication measures that reinforce the culture of compliance and the companies engagement with compliance. This can be done through activities such as participation in external events with speakers, dissemination of related topics on social networks, and others.

Higher Fines in Case of Awareness of Senior Management
Senior management is not treated as only responsible for supporting the allocation of resources and funds for the compliance department. It is also responsible for providing effective and continuous support to the department’s activities, incorporating it into the company’s day-to-day activities and into the decisions taken, because. According to the new decree, the knowledge and tolerance of top management regarding illegal acts will cause an increase on the value of fines as opposed to the previous decree.

Risk-Based Allocation of Resources and Efforts
A crucial point for the compliance program is the risk assessment. In the new regulation, it is now treated as risk management, reinforcing its organic and continuous periodicity.

The structuring of the program and the allocation of resources destined by the top management must be based on a corresponding mapping of risk. Thus, it is up to the person responsible for the compliance function, with the support of the company’s management, to define the controls and activity levels with greater risk allocation.

In turn, the role of top management should be to monitor and ensure that compliance is efficiently applying resources. Therefore, it is important that there is a close relationship between compliance and the other departments of the company.

Greater Care Before Hiring Third Parties
The prior assessment of third parties hired by the company was already established in the previous regulation and was a growing trend in Brazil. In the new regulation, there is a determination that the assessment must be risk-based, meaning it gives the companies flexibility to define the level of risk for certain transactions with third parties, and to determine variable levels of due diligence. Therefore, as a first step, categorizing third parties by risk level is recommended to serve as a basis for defining different levels of due diligence.

Also, in relation to third parties, the new decree innovates by requiring that due diligence must be performed prior to the establishment of relationships in three areas that expose companies to corruption risk: dealings with politically exposed persons; sponsorships; and donations.

Mechanisms for Handling Complaints
The whistleblower channel, another essential pillar of compliance programs, has its importance reinforced, as the new regulation requires that companies maintain a procedure for handling complaints. This means that the compliance areas must have a team capable of conducting investigations, in addition to creating policies with rules of conduct of these activities (e.g., allocating complaints based on risk and nature of the allegations, establishing rules and committees for investigation and taking of decisions, as well as possible disciplinary measures and rules for monitoring remediation).

Due care in handling complaints is extremely important, as they are the main sources of information about the risks to which the company is exposed. This procedure also builds more confidence among employees and third parties in the effectiveness and independence of the compliance program.

Improvements Created by the New Decree and the Intersection with ESG
The new decree also enhances the intersection between Environmental, Social and Governance (ESG) with the compliance area. The area’s vocation to fulfill the objectives and requirements of the regulation accredits it as a relevant actor for the expansion of such activities and thus incorporate ESG related topics, such as third-party monitoring, but broader risks such as environmental and social violations.

For all these reasons, the new regulation is very welcome. In addition to the new decree providing for several points of improvement for compliance programs, it also ends up ensuring tools that make it easier for companies to follow the journey, without turning back, of applying ESG principles, especially with the support of top management in defining objectives and securing resources for its implementation.

About the Authors

Heloisa Uelze and Felipe Ferenzini are partners at Trench Rossi Watanabe.

Trench Rossi Watanabe and Baker McKenzie have executed a strategic cooperation agreement for consulting on foreign law.