Financial Crime World

Brazil’s Risk and Compliance Management: Obligations and Benefits

In a rapidly changing business landscape, companies in Brazil are increasingly focusing on risk and compliance management to ensure their operations run smoothly and efficiently. However, despite the benefits of implementing such measures, there is no general obligation for businesses to do so.

Key Risk and Compliance Management Obligations

According to experts, each company will determine its own level of governance based on best practices and legal standards. This includes implementing internal control mechanisms against irregularities in conduct and ethics statutes, also known as an “integrity programme”. Such programmes help to diminish penalties in the event of compliance or anticorruption infractions.

Liability for Undertakings

If a company fails to implement adequate risk and compliance management measures, it may face administrative or regulatory penalties. However, there is no direct liability for deficiencies in these mechanisms. Instead, companies may be held liable if they infringe Brazilian statutes.

Liability for Members of Governing Bodies and Senior Management

Individuals in charge of governing bodies and senior management may also face liability for breach of risk and compliance management obligations. According to the Brazilian Corporate Criminal Code (BCCA), individuals are liable to the extent of their guilt or intent, regardless of the legal entity’s liability.

Corporate Compliance Defence

In cases where a company has failed to comply with regulatory requirements, it may be able to present a defence based on having a robust compliance programme, voluntary self-disclosure, collaboration with investigations, and refunding damages caused. This defence can help diminish penalties but will not exempt the offender from guilt.

Recent Cases

The recent Operation Car Wash scandal highlighted the importance of a well-structured compliance programme and regular monitoring. The settlement agreements executed in these cases are serving to determine the structure of such mechanisms.

Government Obligations

  • State-owned companies and mixed-economy entities are subject to specific risk and compliance management obligations.
  • Government agencies and the government itself are governed by the Improbity Law and the Fiscal Management Liability Law.

Digital Transformation

The key statutory and regulatory differences between public sector and private sector risk and compliance management obligations lie in the application of the Improbity Law versus the Brazilian Corporate Criminal Code (BCCA). The BCCA provides for a compliance defence, which is not available under the Improbity Law.

As Brazil’s business landscape continues to evolve, companies are advised to prioritize risk and compliance management to minimize potential penalties and ensure their operations remain compliant with regulatory requirements.