The anti-corruption agenda has been gaining increasing prominence in both the public and private sectors in Brazil, reflected respectively in the development of public policies and the implementation of internal corporate compliance programs. This trend toward improvement and engagement largely stems from the recognition of the adverse impacts that corrupt practices can have on companies and individuals, as well as from regulatory advancements aimed at curbing harmful conduct against Public Administration and society.
The following sections will address the main Brazilian legislative milestones related to compliance and integrity, along with an overview of relevant public initiatives that contribute to strengthening adherence to ethical standards in business activities, both by domestic companies and foreign organizations operating in the country.
The legislative progress of Compliance in Brazil
The consolidation of practices aimed at corporate integrity, with an emphasis on combating corruption and bribery, is part of a longstanding international movement. In Brazil, this commitment was formalized in 1997 through adherence to the OECD (Organisation for Economic Co-operation and Development) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Currently, the country is in the process of acceding to the organization, which requires the preparation of an initial memorandum demonstrating regulatory alignment with OECD instruments. Subsequently, a technical review of national policies will be conducted, with the possibility of adjustments until full accession is achieved.
In 2022, the OECD released a roadmap outlining the next steps in Brazil’s integration process, representing a significant advancement for both domestic and multinational companies operating in the country. This initiative signals structural reforms in strategic areas of the legal framework, particularly in addressing transnational bribery and illicit business practices.
Within this context, Law No. 12,846/2013 (the Anti-Corruption Law), in force since 2014, stands out for establishing strict liability for legal entities regarding harmful acts committed in their interest or for their benefit, regardless of authorization or awareness by senior management. The statute encompasses conduct perpetrated by partners, employees, representatives, and third parties, and also provides for successor liability in cases of merger, spin-off, incorporation, or other corporate restructuring.
The legislation also introduced mechanisms to encourage the adoption of integrity programs, recognizing them as tools for risk mitigation and as criteria for reducing penalties. Federal Decree No. 11,129/2022, which repealed Decree No. 8,420/2015, increased the percentage of fine reduction for companies that implement effective compliance programs from 4% to 5%, in addition to detailing parameters for assessing the effectiveness of these mechanisms.
The relevance of integrity programs was reinforced by Law No. 14,133/2021 (the New Public Procurement Law), which repealed Law No. 8,666/1993 and made their implementation mandatory for companies awarded large-scale contracts (currently those exceeding BRL 250.9 million). In such cases, organizations have six months from the signing of the contract to structure the program in accordance with the requirements of Decree No. 11,129/2022. Within this scope, the existence of compliance mechanisms has also become a tie-breaking criterion between bids, fostering preventive practices and ensuring greater protection of public resources.
At the state level, most federative units have already regulated the Anti-Corruption Law, with discussions ongoing in states that have yet to do so. The pioneering initiative came from the state of Rio de Janeiro through State Law No. 7,753/2017, followed by the Federal District (State Law No. 6,112/2018, updated by State Law No. 6,308/2019), Rio Grande do Sul (State Law No. 15,228/2018, updated by State Law No. 15,600/2021), Amazonas (State Law No. 4,370/2018), Goiás (State Law No. 20,489/2019), and Pernambuco (State Law No. 16,722/2019, updated by State Law No. 17,133/2020). In a pioneering move, the Federal District, through Decree No. 40,388/2020, established rules for evaluating integrity programs by competent authorities, aligned with the guidelines of the Office of the Comptroller General (CGU). The state of São Paulo also regulated the matter through Decree No. 67,301/2022, later repealed and updated by Decree No. 69,588/2025, consolidating criteria for assessing the existence and effectiveness of compliance programs in the context of holding legal entities accountable for acts against the state public administration.
Recently, by repealing CGU Ordinance No. 19/2022, CGU Ordinance No. 155/2024 introduced a new paradigm under Law No. 12,846/2013, replacing the early judgment of the Administrative Liability Proceeding with the Term of Commitment instrument. This tool has the nature of an administrative negotiation that allows the legal entity to acknowledge strict liability for the harmful act without admitting guilt, under specific conditions such as full damage repair, restitution of undue advantages, and payment of the statutory fine.
The establishment of the Term of Commitment provides significant benefits for organizations that enter into it: (i) a discount on the imposed fine, depending on the procedural stage at which the company expresses interest in the agreement; (ii) exemption from extraordinary publication of the condemnatory decision, reducing the level of negative exposure for the company; and (iii) mitigation of restrictive sanctions on bidding and contracting with the public administration, where applicable. Furthermore, CGU Ordinance No. 155/2024 reinforces the preventive function of sanctioning law by conditioning, in certain cases, the execution of the agreement on the implementation or enhancement of integrity programs, aligning with international best practices and corporate governance guidelines.
Adoption of the Integrity Program for Private Companies
The concept of an integrity program is defined in Federal Decree No. 11,129/2022, which regulates the Anti-Corruption Law, as “a set of internal mechanisms and procedures for integrity, auditing, and encouraging the reporting of irregularities, as well as the effective application of codes of ethics and conduct, policies, and guidelines aimed at detecting and remedying deviations, fraud, irregularities, and unlawful acts committed against national or foreign public administration.”
Its adoption is not mandatory, nor does it exempt legal entities from judicial or administrative liability. However, in addition to its preventive function, the effective implementation of the program may result in a reduction of penalties by up to 5%, as provided in Decree No. 11,129/2022. This regulation reinforced the importance of senior management’s commitment, establishing as an evaluation criterion the allocation of adequate resources (human, technological, and financial) to ensure the effectiveness of preventive measures.
Decree No. 11,129/2022 also consolidated the risk-based approach, requiring that the integrity program be structured, implemented, and updated in line with the characteristics and inherent risks of the legal entity’s activities, imposing an obligation of continuous improvement and periodic review to guarantee its effectiveness. This provision highlights that compliance programs cannot be standardized or acquired as generic solutions; they must be preceded by a specific risk assessment for each organization.
Among the innovations introduced by Decree No. 11,129/2022 is the inclusion, as an evaluation parameter, of appropriate due diligence in the hiring and supervision of third parties, with explicit reference to customs brokers, consultants, and commercial representatives, as well as the hiring of politically exposed persons (PEPs) and the execution of donations and sponsorships. These areas are considered sensitive by compliance functions due to their frequent interactions with public agencies and nonprofit entities.
Complementarily, Decree No. 12,304/2024 established regulatory parameters for evaluating integrity programs in the context of federal public procurement. The requirement applies to large-scale contracts, as well as to cases of reinstatement of sanctioned bidders or contractors and to tie-breaking situations provided for in Article 60 of Federal Law No. 14,133/2021.
Normative Ordinance SE/CGU No. 226/2025 regulated Decree No. 12,304/2024, imposing specific obligations for the implementation and evaluation of integrity programs in public contracts exceeding BRL 250.9 million. The regulation requires proof of effective implementation, which will be assessed by CGU based on objective criteria. The defined methodology includes electronic forms, document analysis, and the application of SAMPI — the Integrity Program Evaluation and Monitoring System. Furthermore, full compliance with mandatory elements is required, under penalty of disqualification in bidding processes or inability to reinstate sanctions.
These regulations represent significant instruments for ensuring greater technical rigor, procedural uniformity, and legal certainty in the assessment of corporate compliance, thereby strengthening integrity mechanisms and safeguarding the public interest. It is important to emphasize, however, that a compliance program should not be conceived merely to meet legal requirements, but rather to fulfill its essential purpose: fostering a culture of integrity aligned with the company’s sector of activity, going beyond the mere fulfillment of bidding requirements.
Another highly relevant point in the current geopolitical scenario is the expansion of the scope of the Foreign Corrupt Practices Act (FCPA), which, through the U.S. Department of Justice (DoJ), has shifted from focusing solely on combating bribery to adopting an approach aimed at dismantling transnational criminal organizations that use corruption schemes as a tool to consolidate economic and political power. This shift entails more complex investigations, targeting systemic structures and global connections, and requires companies to implement internal governance and compliance mechanisms capable of mitigating risks across multiple jurisdictions. U.S. authorities now prioritize not only individual accountability but also the disruption of illicit networks that undermine the integrity of international markets.
In this context, Brazil emerges as a critical environment due to the presence of criminal organizations with strong infiltration capacity in strategic sectors such as infrastructure, energy, and logistics, creating vulnerabilities that can be exploited in transnational corruption schemes. This reality increases the exposure of Brazilian companies or those operating in the country to sanctions under the FCPA, making the implementation of robust and effective integrity programs indispensable. A well-structured compliance system — with clear policies, continuous monitoring, and rigorous due diligence — not only mitigates legal and financial risks but also ensures adherence to international standards, preserves corporate reputation, and guarantees competitiveness in an increasingly ethics- and transparency-driven global market.
Overall, the regulatory trend demonstrates a movement toward making the implementation of compliance programs increasingly less optional and more mandatory, particularly in dealings with public authorities, reflecting progress in the pursuit of integrity in procurement and business practices. Furthermore, the adoption of integrity programs contributes to business continuity and competitiveness, generating positive impacts on management and sustainability — even for organizations that maintain commercial relationships with other national or foreign companies, regardless of direct participation in public procurement processes.
Compliance in the Public Administration
To ensure the effectiveness of compliance and integrity practices, particularly in public-private interactions, it is essential that Public Administration play a structuring role by implementing internal controls and procedures that guarantee the conformity of its actions.
In this regard, Law No. 13,303/2016 (State-Owned Enterprises Law) establishes the legal framework for public companies, mixed-capital corporations, and their subsidiaries, covering the federal, state, and municipal levels. This statute introduces guidelines aimed at modernizing the management of state-owned entities, mitigating political-party interference through corporate governance rules, the adoption of integrity programs, and enhanced transparency. Among its requirements, the preparation and disclosure of a code of conduct and integrity stand out, encompassing institutional principles, preventive measures against corruption and fraud, internal and external reporting channels, as well as sanctions applicable in cases of violations of ethical standards (Art. 9, § 1).
At the federal level, Decree No. 9,203/2017, complemented by Decree No. 9,901/2019, sets forth provisions on governance within the federal public administration, including direct, autarchic, and foundational entities. It establishes principles such as responsiveness, integrity, reliability, regulatory improvement, accountability, and transparency. Agencies and entities must therefore implement mechanisms and structures that ensure clarity regarding ethical identity and institutional compliance.
In a convergent approach, Law No. 13,848/2019 (Regulatory Agencies Law) requires regulatory agencies to adopt integrity programs focused on management, organizational structure, decision-making processes, and social control, with the aim of ensuring decision-making autonomy, transparency, and preventing undue private-sector interference in regulated industries.
Law No. 13,608/2018 introduced the legal concept of the whistleblower, recognizing its relevance in preventing and repressing unlawful acts. The statute provides for the creation of a telephone service for receiving reports, ensuring anonymity and establishing reward mechanisms for information that contributes to clarifying illicit acts committed by public or private legal entities. Subsequently, Law No. 13,964/2019 (Anti-Crime Package) amended provisions of Law No. 13,608/2018, expanding whistleblower protections, such as safeguards against retaliation (arbitrary dismissal, unjustified changes in duties, imposition of sanctions), which constitute serious disciplinary offenses subjecting the perpetrator to dismissal for cause and double compensation for material and moral damages. Innovatively, the Anti-Crime Package also granted whistleblowers up to 5% of the amount recovered by the State if their information leads to the recovery of assets derived from crimes against Public Administration.
Decree No. 10,153/2019 regulated procedures for protecting the identity of whistleblowers reporting unlawful acts and irregularities against the federal public administration, applicable to direct, autarchic, and foundational entities, as well as companies providing public services.
Decree No. 10,889/2021, by regulating Law No. 12,813/2013 (Conflict of Interest Law), established the Federal Executive Branch’s Electronic Agenda System (e-Agendas), developed by CGU. The e-Agendas platform represents a significant milestone in promoting transparency, as it centralizes public commitments of authorities, including hearings, meetings, political-electoral events, official trips, and hospitality expenses funded by private agents. Additionally, it records public events and hearings held by agencies and entities of the Federal Executive Branch, ensuring public access to information and strengthening administrative accountability.
Normative Ordinance No. 186/2025, issued by the Office of the Attorney General (AGU), updated criteria for entering into Civil Non-Prosecution Agreements (ANPC) in cases of administrative misconduct, in accordance with Law No. 14,230/2021 and Supreme Court decisions. Among its innovations are: mandatory full restitution of damages, compulsory judicial approval, optional integrity and compliance clauses, and guarantees of document confidentiality, providing greater legal certainty and expediting consensual conflict resolution.
The National Council of the Public Prosecutor’s Office (CNMP), through Resolution No. 305/2025, established guidelines for promoting administrative probity, encouraging the implementation and evaluation of integrity programs within Public Administration as tools for preventing conflicts of interest and combating corruption, fraud, and misconduct.
Finally, a recent initiative by the Ministry of Social Security introduced its Integrity Plan based on ISO 31000 and COSO methodologies, aimed at managing ethical and administrative risks within the social security system. The plan includes actions focused on transparency, risk mitigation, and accountability, strengthening governance and preventing unlawful acts, thereby consolidating a model aligned with international best practices.
Regulatory Standards and Public Policies and Guidelines
Brazilian regulatory activity has incorporated into its normative framework guidelines that reinforce the importance of adopting compliance mechanisms in the development of business operations. The prevention of money laundering or concealment of assets, rights, and values is governed by Law No. 9,613 of March 3, 1998, subsequently amended by Law No. 12,683 of July 9, 2012. Following this amendment, the authority to regulate and oversee mandatory mechanisms ceased to be exclusive to the Financial Activities Control Council (COAF) and became shared with sectoral regulatory bodies, such as the Central Bank of Brazil in the case of financial institutions. Thus, the development of effective policies for preventing money laundering and terrorist financing must comply with the specific rules of the sector’s regulatory authority, based on a risk analysis tailored to the industry.
Through Resolution No. 36/2021, COAF established guidelines for structuring companies’ internal policies, including procedural rules and internal risk assessment mechanisms, aimed at implementing internal controls to prevent money laundering, terrorist financing, and the proliferation of weapons of mass destruction, in line with the provisions of Brazil’s Anti-Corruption Law.
Within the scope of the Central Bank of Brazil, Resolution No. 4,595/2017, updated by Resolution No. 5,177/2024, imposes on financial institutions the obligation to implement compliance programs designed to mitigate sector-specific risks. Complementarily, Circular No. 3,978/2020 regulates policies, procedures, and internal controls intended to prevent the use of the financial system for money laundering, establishing parameters for risk assessments that underpin governance and compliance policies.
The Brazilian Development Bank (BNDES), through Resolution No. 3,439/2018, also incorporated integrity-related requirements, mandating that its financial agents demonstrate, whenever requested, the adoption of compliance programs, policies, and procedures aimed at preventing and combating corruption, fraud, and other irregularities provided for in legislation, particularly Brazil’s Anti-Corruption Law and related regulations. Additionally, proof of mechanisms for compliance with anti-money laundering and counter-terrorism financing rules is required, as stipulated in Law No. 9,613/1998 and applicable regulations.
The Securities and Exchange Commission of Brazil (CVM) has likewise advanced in promoting corporate integrity. In 2021, it issued Resolution CVM No. 45, later updated by Resolutions CVM No. 65/2022, No. 162/2022, and No. 179/2023, repealing Instruction CVM No. 607. The new regulation provides that the effective adoption of internal mechanisms for integrity, auditing, whistleblowing, and enforcement of codes of ethics and conduct may serve as a mitigating factor in the application of administrative penalties. Each mitigating factor can result in a reduction of up to 25% of the fine amount, representing a significant incentive for implementing compliance programs.
Resolution CVM No. 50, later updated by Resolution CVM No. 179/2023, preserved the “risk-based approach” introduced by Instruction CVM No. 617, consolidating it as a central governance tool for preventing money laundering. The regulation establishes the mandatory structuring of compliance programs specifically for anti-money laundering purposes, requiring periodic revision of rules, procedures, and internal controls based on risks identified through systematic and continuous internal assessments.
Within the scope of the Federal Executive Branch, the Office of the Comptroller General, Brazil’s highest authority for enforcing the Anti-Corruption Law, has included, since January 2023, the Federal Secretariat for Internal Control, which replaced the former Secretariat for Combating Corruption, absorbing its responsibilities under the CGU’s mandate. The new structure adopts a strategic directive focused on strengthening the evaluation of programs and public policies, bringing CGU closer to citizens and transforming oversight into a management tool aimed at improving public services. Additionally, it incorporated investigative functions related to special operations in cooperation with state defense agencies.
CGU plays a structuring role in disseminating a compliance culture within Brazil’s corporate environment, acting not only in regulatory enforcement but also in promoting the adoption of integrity mechanisms. The agency provides guidelines to private entities through the guide “Integrity Program: Guidelines for Private Companies”, which defines essential pillars and procedures for detecting illicit acts and mitigating risks. In October 2024, the second edition of this document was published under the title “Integrity Program: Guidelines for Private Companies – Volume II”, aiming to redefine the concept of integrity programs in alignment with regulatory updates and international best practices. Complementarily, in November 2024, CGU’s Private Integrity Secretariat launched the manual “Integrity Program: Sustainable Practices for Private Companies”, incorporating an expanded approach that integrates the ESG agenda, with guidelines for preventing and combating corruption and fraud in projects with social and environmental impact.
Additionally, in September 2018, CGU published the “Practical Manual for Evaluating Integrity Programs in Administrative Liability Proceedings for Legal Entities”, designed to guide authorities in analyzing compliance programs of companies subject to Administrative Liability Proceedings. The document also serves as a reference for corporate self-assessment, ensuring greater legal certainty and consistency in decision-making. In 2022, the manual was updated by Joint Ordinance No. 06/2022, adapting its parameters to the provisions of Decree No. 11,129/2022, which repealed Decree No. 8,420/2015 and redefined criteria for assessing the effectiveness of integrity programs.
Regarding the prevention of conflicts of interest, CGU, together with the Public Ethics Commission, issued Joint Normative Guidance No. 1/2016, regulating the participation of federal public officials in events funded by third parties, with rules on transportation, lodging, meals, registration fees, and entertainment, to prevent seemingly lawful benefits from constituting undue payments. In addition, Federal Decree No. 10,889/2021, which regulates Law No. 12,813/2013, consolidated parameters for granting gifts, presents, and hospitality to federal public officials, establishing objective value limits and conditions for such practices.
Under the Integrity and Anti-Corruption Plan 2025–2027, CGU published the “Guide for Identifying and Quantifying Undue Advantage”, a normative instrument aimed at standardizing legal and methodological criteria for measuring illicit economic benefits obtained by legal entities through corrupt practices. The document establishes objective parameters for calculating undue advantage in different contexts, such as administrative contracts, avoided costs, and additional profits, serving as technical support for applying sanctions under Law No. 12,846/2013.
Additionally, CGU released the second edition of the “Sanctions Dosimetry Report in Administrative Liability Proceedings”, consolidating criteria applicable to the calculation of fines under the Anti-Corruption Law. The study systematizes average percentages, aggravating circumstances (such as senior management awareness and concurrence of infractions), and mitigating factors, highlighting the effectiveness of integrity programs, whose demonstration resulted in an average reduction of 39% in applied sanctions.
Still within the scope of interpretative standardization actions, CGU issued Ordinance No. 3,302/2025, through which it approved eight administrative statements aimed at providing greater predictability and legal certainty in the administrative accountability of legal entities under Law No. 12,846/2013. The statements address relevant technical aspects, such as sanction calculation methodology, an expanded definition of undue advantage — including goods, services, or benefits of a material, immaterial, moral, political, or sexual nature — the use of falsified documents in bidding processes, and objective parameters for imputing liability regardless of proof of specific intent or actual consideration by the public agent.
These initiatives seek to reinforce legal certainty, predictability, and consistency in decision-making, promoting greater regulatory stability in relations between companies and Public Administration. Moreover, they provide interpretative coherence and effectiveness to accountability mechanisms, fostering compliance in the private sector and strengthening institutional credibility as well as the protection of public assets.
Another relevant CGU initiative is the “Pro-Ethics Company” program, which encourages the voluntary adoption of integrity measures by companies through public recognition of those that, regardless of size or industry, demonstrate commitment to practices for preventing, detecting, and remediating acts of corruption and fraud. Participating companies submit information and documents regarding their compliance mechanisms and are evaluated according to objective criteria. At the end of the process, those that achieve the minimum score are certified as “Pro-Ethics Company”, with official disclosure to the market.
Similarly, the “Selo Agro Mais Integridade”, established by the Ministry of Agriculture and Livestock (MAPA) in 2018, aims to encourage, recognize, and distinguish companies in the agribusiness sector that adopt effective integrity practices aligned with principles of social and environmental responsibility, sustainability, and corporate ethics, as well as commitment to preventing and mitigating harmful conduct such as fraud, bribery, and corruption. Companies awarded the seal are entitled to institutional disclosure on MAPA’s official website and to use the brand in communication materials, advertising pieces, and related content during the certification period.
These regulations, guidelines, and programs highlight the Brazilian regulatory movement toward requiring companies to implement robust policies and internal controls, consolidating integrity as an essential element of corporate governance and relations with Public Administration.
Compliance and Corporate Excellence
Compliance has been continuously consolidating as an indispensable strategic element for corporate sustainability and contemporary business governance. By acting in the prevention and mitigation of risks arising from unlawful or non-compliant conduct, integrity mechanisms significantly reduce an organization’s exposure to administrative sanctions, legal proceedings, and financial losses, while also preventing severe reputational impacts. This preventive function directly contributes to lowering costs related to fines, indemnities, and rework resulting from irregularities.
Beyond reducing liabilities, the implementation of a robust compliance program preserves institutional image and, consequently, enhances the company’s market value. Systematic risk analysis broadens the understanding of the business, its sector, and the stakeholders involved, enabling more qualified decision-making, better resource allocation, and optimization of results. These factors converge toward greater operational efficiency and improved corporate performance.
It is worth noting that the effectiveness of an integrity program has become a decisive criterion in selecting business partners, such as suppliers, service providers, and subcontractors. This requirement stems not only from the pursuit of ethical alignment but also from the need to mitigate legal risks, considering that national and international legislation provides for liability for unlawful acts committed by third parties. In this scenario, companies tend to prioritize partners that demonstrate maturity in their compliance mechanisms.
Likewise, investors allocate resources to organizations that demonstrate solid governance and lower exposure to regulatory and reputational risks. Thus, companies that adopt effective internal controls present greater investment attractiveness, consolidating a competitive advantage in markets increasingly sensitive to corporate integrity.
Moreover, employees play a strategic role in the effectiveness of the program, acting as the first line of defense in detecting and reporting non-compliance, including that committed by third parties. Continuous training ensures that irregularities are identified during the execution of essential activities, mitigating risks that could compromise business continuity in light of severe sanctions provided by law.
It is unequivocal that the implementation of internal mechanisms aimed at integrity transcends the law/ethics dichotomy, constituting a guarantee of rights and prerogatives. In the current context, maintaining an effective compliance program has ceased to be a mere regulatory requirement and has become an indispensable strategic tool, representing a competitive advantage and a determining factor for business sustainability in any market.
Authors: Heloisa Uelze and Felipe Ferenzini
Trench, Rossi e Watanabe Advogados
Rua Arq. Olavo Redig de Campos, 105 X Av. Enxovia, S/N
31° andar
Edifício EZ Towers, Torre A – 04711-904
São Paulo – SP
Tel.: (11) 3048-6800
E-mail: [email protected]
Offices in Sao Paulo, Rio de Janeiro, Brasília and Porto Alegre, in cooperation with BakerMcKenzie, firm with worldwide representantion. All corporate practice areas; French, Germany, Germany, Spanish, Japanese, Chinese and Israeli Desks.