Legislative Decree 8-6-2001, n. 231 [hereinafter Decree] introduced the principle that societas delinquere potest (companies may be held criminally liable).
Formally defined to be administrative, the liability we consider here is criminal, since it is ascertained by a criminal court, employing the guarantees characteristic of criminal proceedings.
The supposed crimes for which the company may be held liable are unlawful gain, fraud against the State or a public entity or with the intention of gaining public services and computer fraud against the State or a public entity, cyber crimes and the illicit processing of data, organised crime, bribes, unlawful inducement to give or promise value and corruption, counterfeiting of currency, public credit cards, revenue stamps and signs of recognition, crimes against industry and trade, corporate crimes, terrorism and overthrowing the democratic order, FGM, crimes against the person, abuse of the market, murder, serious and very grave injury committed as a consequence of violating regulations governing occupational health and safety, receiving stolen goods, laundering and using money, goods or values of illicit origin, self-laundering, crimes relating to the use of instruments of payment other than cash, violation of copyright, inducement not to report or to make false reports to the judicial authorities, environmental crimes, the employment of citizens of third party countries not regularly domiciled in Italy, racism and xenophobia, fraud in sporting events, abusive use of games and betting and betting games provided on prohibited equipment, tax crimes, contraband, transnational crimes, the liability of entities for administrative violations dependent on crime and attempted crimes.
The penalties envisaged by the decree are: fines, interdictions, confiscation and publication of the sentence.
The above penalties, connotated by efficacy, proportionality and dissuasion, are designed to attack the company’s assets, damage its image on the market, and affect the organisation of the company itself, as well as to modify corporate actions and decision-making processes.
THE PRESENT MOG 231
The adoption of MOG 231 has on the one hand implemented a control system governing our business operations, while on the other it has enabled us to set and disseminate ethical principles for improving the standards of conduct of the company.
MOG 231, in this light, has the objective of (re-)configuring a structured, organic system of organisational, management and control procedures, with the aim of preventing the commission of crimes, as well as making the existing control system more effective.
CONTROLS AND PREVENTIVE MEASURES
In order to reduce the risk of criminal conduct to acceptable levels, the company has instituted preventive controls and mechanisms.
The system of controls pursuant to the guidelines laid out by Confindustria consists in the implementation of the code of ethics and the organisational system, both formal and clear, with the aim of assigning responsibilities and rolling out procedures, manuals and information, to govern the company’s activities, to separate tasks between those who manage activities at risk of criminal action, to assign authorities and signatory powers, in line with the organisational and management responsibilities, the dissemination of MOG 231, and training.
The company has provided that all the operations in question be concluded solely using the company’s bank accounts, that, from time to time, the balances and operations of such accounts be audited, and that the management of the company define the medium and long term budget and its forms and sources of financing, and publish the same in specific reports.
GENERAL PRINCIPLES OF PREVENTION
The company has adopted the following principles of prevention: existence of company documents that lay out principles of conduct, procedures governing sensitive operations, and the means for filing the attendant documentation; the segregation of tasks and consequently activities between authorising positions, executive positions and controlling positions; powers to authorise spending and signatory powers, which must be: consistent with assigned organisational and management responsibilities, providing, where requested, for thresholds for the approval of spending; clearly defined and known within the company; tracking: every operation relating to sensitive activities must be adequately documented; the process of deciding, authorising and executing sensitive activities must be verifiable after the fact, including by means of documents; monitoring activities, intended to periodically and promptly, as needed, update powers of attorney, delegations of functions and the control system itself, consistently with the decision-making system and the entire configuration of the organisational structure.
ADOPTION AND UPDATING
This MOG 231 has been adopted by the management of the company, which is responsible for keeping it up to date.
The company has set up a supervisory body, with independent initiative and powers of control, to run regular audits of the implementation of this MOG 231.
In this light, the said body reports to management and the auditing body on the actuation of the present MOG 231, as well as on any related criticalities.
The company has set up several channels to enable management, persons in top positions and subordinate persons to make evidentiary reports about violations pursuant to the Decree, founded on precise consistent facts, as well as about violations of the present MOG 231.
CODE OF ETHICS
The code of ethics drawn up by the company expresses the ethical principles which the company intends to cultivate in the conviction that a company must be evaluated not only for the quality of its products and services, but above all for its capacity to produce value and values.
In this light, the code of ethics on the one hand sets ethical standards to support and govern the company’s conduct and action, and on the other reviews the rights, duties and responsibilities of the company towards its directors, shareholders, employees, collaborators, consultants, public authorities, political organisations, trade unions, clients, vendors, competitors, third parties, the media and the compliance body.
The Decree, as is known, indicates that an essential condition for the actuation of MOG 231 is the construction of a system for penalising violations thereof.
While on the one hand the penalties envisaged therein are to be applied to violations of MOG 231, on the other they must observe the following principles: legality; complementarity; typicality; contestation; promptness; graduality; publicity.
The disciplinary system is based on the Italian Civil Code, Law 20-5-1970, n. 300 (“Worker’s Statute”) and collective bargaining.