Doing Business in Brazil

25. Compliance and Corporate Excellence: Basic Agenda


In Brazil, the anti-corruption agenda is increasingly gaining ground in the private and public sectors, which have reflected these concerns respectively in internal and public policies. This movement towards improvement and engagement also come from the the impact that corruption may have on companies and individuals, as well as legislative advances in combating practices against the public administration and society. 

We will discuss below the main legislative progress in Brazil related to compliance and integrity, and list important public initiatives that help foster compliance in the conduct of business by Brazilian companies and other companies operating in Brazil.

The legislative progress of Compliance in Brazil

The international movement toward integrity in the corporate environment, especially in combating corruption and bribery, is not recent.

Brazil ratified the commitment to fight corruption in 1997 by adhering to the OECD (Organization for Economic Cooperation and Development) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Currently, the country is following the “roadmap for accession”, and it is up to the country to write an initial memorandum with information about the convergence of the country to the normative instruments of the organization. The OECD will then examine whether the country’s policies comply with the organization’s guidelines and, if necessary, propose adjustments until the process of full accession is completed.

In 2022, the OECD published a roadmap for the next steps in Brazil’s accesion process. This is a very significant advance for Brazilian and multinational companies that operate in the country, as it points to possible changes in important sectors of the Brazilian legal system, especially in combating uncompetitive commercial practices, such as transnational bribery.

The Brazilian Anti-Corruption Law (Federal Law No. 12,846/2013) dated as of 2013, having entered into force in 2014, and represented a real progress in sanctioning private entities for acts of corruption by individuals acting in their interest or benefit. The Law brought new provisions and concepts to the legal anti-corruption framework.

The strict liability of legal entities provided for Article 2 of the Law determines that legal entities may be held liable for the occurrence of the harmful acts provided for therein practiced in their interest or benefit, exclusive or not, regardless of their order, authorization or even knowledge, and may be punished for the conduct of their partners, employees, representatives and third parties. The Law also provides for the liability of the successor in case of statutory change, transformation, restructuring, merger, acquisition or spin-off of a company.

The Law provides benefits for companies that adopt and effectively implement integrity programs. In addition to being tools of risk mitigation and remediation, the Anticorruption Law treats the existence of compliance mechanisms and procedures as one of the reduction criteria in the calculation of the sanctions in the event of any wrongful act having been committed. Recently, Federal Decree no. 11,129/2022, which revoked the previous Federal Decree no. 8,420/2015, increased the percentage of reduction of the fine for the adoption of an effective integrity program from 4 to 5% and reinforced and included elements for a compliance program to be considered effective.

The importance of the adoption of compliance programs has also been provided for other laws. The New Bidding Law No. 14,133/2021, which replaced the previous Federal Law No. 8,666/93, now considers mandatory the adoption of compliance programs for companies intending to participate in bidding procedures with values of more than R$ 200 million. The companies winning a bidding procedure have a period of 6 months, as of the signing of the contract, to develop the compliance program in accordance with the parameters of Federal Decree 11,129/2022.

In the New Bidding Law, the existence of a compliance program also works as a tie-breaker criterion between the competing proposals. This is the way trough which the legislator intends to bring an incentive to the creation of mechanisms of prevention and fight against corruption, protecting public resources. 

Most Brazilian states have already regulated the Anti-Corruption Law at the state level – and the issue is under discussion in the other states that have not yet done so. 

The pioneering initiative was the State of Rio de Janeiro under State Law No. 7,753/2017. The example was followed by the Federal District (Law no. 6.112/2018) and by the States of Rio Grande do Sul (State Law no. 15.228/2018), Amazonas (State Law no. 4.370/2018), Goiás (State Law no. 20.489/2019), and Pernambuco (State Law no. 16.722/2019). Also in a precursory manner, the Federal District, through Decree 40.388/2020, published rules on the evaluation of the compliance program by the competent state agencies – following the guidelines of the Office of the Comptroller General, competent agency at the federal level. The State of São Paulo (Decree 67.301/2022) also established criteria for evaluation of the existence and application of compliance programs in the scope of accountability of legal entities for acts against the state public administration.

Adoption of the Integrity Program for Private Companies

The compliance program is provided for in Federal Decree No. 11,129/2022, which regulates the Anticorruption Law, as “the set of mechanisms and internal procedures of integrity, auditing and encouragement of whistleblowing, as well as the effective application of codes of ethics and conduct, policies and guidelines with the objective of detecting and correcting deviations, fraud, irregularities and illicit acts committed against the national or foreign public administration.

Its adoption is not mandatory, nor does it exempt legal entities from judicial or administrative liability. However, in addition to its preventive character, the effective implementation of an integrity program can mitigate by up to 5% the sanctions to which legal entities may be subject. The new Federal Decree No. 11,129/2022 has advanced in relation to the relevance of the role and support of the senior management of companies to implement preventive measures, now considering as an evaluation criterion the allocation of adequate resources for the program, which included human, technological and financial resources.

Moreover, the Decree also reinforces the risk-based approach, starting to determine that the compliance program must be structured, implemented and updated according to the current characteristics and risks of the activities of each legal entity, which, in turn, must ensure the continuous improvement and review of the program to ensure its effectiveness. This is a relevant provision that emphasizes the understanding that the compliance programs must be customized – there are no “standard” compliance programs. An adequate compliance program must, then, be preceded by a risk assessment of the company and its activities. 

Among the innovations implemented by the new Decree, it is highlighted the inclusion as an evaluation parameter of the compliance program the need to perform appropriate diligences for the hiring and supervision of third parties, with express mention to brokers, consultants and commercial representatives, as well as in relation to the hiring of politically exposed persons (PEPs) and the performance of donations and sponsorships. These are areas of sensitive interest to the compliance area, as they commonly involve interactions with public agencies and non-profit entities.

The compliance program, however, cannot be created with the sole objective of meeting legal requirements. The program must have quality and fulfill the purpose of its implementation and contribute to the creation of a culture of integrity in accordance with the sector of activity, and not only to comply with the requirements of a public notice / requirement. 

Considering the above, the legislative movement represents the trend that, more and more, the implementation of compliance programs ceases to be optional to become mandatory in the development of business, especially in the interaction with the Government, demonstrating the advance in seeking for integrity in commercial relations and public contracting. 

In addition, the implementation of a compliance program in this scenario is a factor that guarantees the continuity and competitiveness of the business (sustainability), bringing positive impacts in the management of the company even for companies that have commercial relations with other national and foreign companies and not only those that participate in bids with the Government.

Compliance in the Public Administration 

It is certain that in order for the compliance and integrity practices to be effective, especially in public-private relations, the Public Administration also plays a fundamental role and must develop controls and procedures that ensure the conformity of its performance.

In this sense, Law No. 13,303/2016 (Lei das Estatais) provides for the legal status of public enterprises, mixed economy companies and their subsidiaries, within the scope of the Union, the States, the Federal District and the Municipalities. The Law brings provisions about the modernization of the management of state-controlled companies, seeking to inhibit political influences of their administration with rules concerning corporate governance, compliance program, and transparency in their activities.

The Law determines the preparation and disclosure of a code of conduct and integrity, which, among other matters, provides for the principles and values and mission of the state-owned enterprise, measures to prevent acts of corruption and fraud, a channel for receiving internal and external complaints, and sanctions applicable in the event of violation of internal rules of ethics and conduct (art. 9, §1).

Also in the scope of the federal public administration, Federal Decree No. 9,203/2017, amended and supplemented by Federal Decree No. 9,901/2019, establishes, more broadly, the governance policy, setting, as principles, responsiveness, integrity, reliability, regulatory improvement, accountability, and transparency. Bodies and entities must, therefore, implement and maintain mechanisms, instances and practices capable of conferring clarity about their ethical identity.  

Along the same lines, Law 13,848/2019 (the Regulatory Agencies Law) – now requires such entities to adopt a compliance program, which addresses the management, organization, decision-making process, and social control of regulatory agencies as measures to ensure the autonomy and provide more transparency to regulatory agencies, as well as establish means to prevent the interference of private initiative in the regulated sector.

Federal Law No. 13,608/2018 brought more definitively the concept of whistleblower and the importance of their collaboration, bringing predictions about the telephone service for receiving reports with guaranteed anonymity and about reward for information that assists investigations of unlawful conduct by private or public organizations.

This law was amended and had provisions included by Federal Law No. 13,964/2019 (known as the Anticrime Package), representing advances such as the provision of full protection against actions or omissions practiced in retaliation for the exercise of the right to report, such as arbitrary dismissal, unjustified change of duties, imposition of sanctions and other types of retaliation. The practice of retaliation against the whistleblower will constitute serious disciplinary conduct and will subject the agent to dismissal from public service, in addition to the whistleblower being compensated in double for any material and moral damage. Moreover, the Anti-Crime Package added, in an innovative way, the possibility of informant participation in up to 5% (five percent) of the amount recovered by the State if the information provided results in the recovery of proceeds of crime against the public administration. 

In 2019, Federal Decree No. 10,153 determined procedures to be followed by agencies of the direct, autonomous and foundational administration and companies that provide public services in order to ensure the protection of the identity of informants of illicit acts and irregularities committed against the direct and indirect federal public administration.

Federal Decree no. 10,889/2021, in regulating Law no. 12,813/2013 (Conflict of Interest Law), established the Electronic System of Agendas of the Federal Executive Branch (e-Agendas), developed by the Office of the Comptroller General. It is a system that concentrates the public commitments of authorities, such as participation in public engagements like hearings, meetings, public audiences, events, and in political-electoral events; trips made for services and hospitalities paid by private agents for institutional representation by public agents. Besides appointments, the system stores events and public hearings held by agencies and entities of the Federal Executive Branch.

The e-Agendas represents an important measure to promote the transparency of public agents, and the information recorded in the system by public agents with obligations in the Federal Executive Branch can be accessed by anyone.

Regulatory Standards and Public Policies and Guidelines

The regulatory activity in Brazil has also reflected in its forecasts the importance of the adoption of compliance measures in the development of the companies’ businesses. The prevention to the crimes of laundering or concealment of assets, rights and values is ruled by Law No. 9.613, of March 03, 1998, which was altered by Law No. 12.613, of July 09, 2012. The regulation and discipline of the mandatory mechanisms for the development of the activities of companies subject to the Law, which was previously the exclusive responsibility of the Council for Control of Financial Activities (COAF), became, in 2012, shared with regulatory or supervisory bodies of activities (for example, the Central Bank is responsible for financial institutions). Thus, the development of an effective anti-money laundering and terrorist financing policy must be based on the specific regulations of the agency that regulates the activity, being fundamental a risk analysis of the activity itself.

The Council for Financial Activities Control (COAF), through Resolution no. 36/2021, disciplines the form of adoption of guidelines of policies that companies must have and procedural rules, including a structure of internal risk assessment, to establish internal controls to prevent money laundering, terrorism financing and financing of the proliferation of weapons of mass destruction that allow compliance with the provisions of the Anti-Corruption Law.

Within the scope of the Central Bank of Brazil, Resolution No. 4,595/2017 determines, among other rules, the preparation of a compliance program by financial institutions aimed at mitigating the risks inherent to the sector. Circular No. 978/2020 provides on the policy, procedures and internal controls to be adopted by financial institutions aiming at preventing the use of the financial system for the practice of crimes of money laundering and concealment of assets, bringing parameters that must be followed for a correct risk assessment, from which the governance and compliance policies and procedures will be structured.

The National Bank of Economic and Social Development (BNDES) also adopts, under Resolution No. 3,439/2018, rules for contracts signed by the bank, starting to require its financial agents to prove, whenever requested, the adoption of compliance program, policies and procedures aimed at preventing and fighting corruption, fraud and other irregularities provided for in the legislation, especially in the Anticorruption Law and respective changes in the applicable regulations and in the policies and rules of the BNDES, in relation to the contracts it signs with the final beneficiaries. In addition, it also began to require that proof be provided of the adoption of procedures aimed at complying with the norms concerning the prevention of money laundering and the fight against financing terrorism, especially those provided for in Law no. 9,613/1988 and respective changes in the applicable regulations and in the policies and norms of the BNDES.

Another entity that has taken an important step in promoting the adoption of compliance programs by companies is the Securities and Exchange Commission (CVM). In 2021, the entity published CVM Resolution No. 45, which revoked the previous CVM Instruction No. 607, providing for the effective adoption of internal integrity and auditing mechanisms and procedures and incentives for whistleblowing, as well as the effective application of codes of ethics and conduct at the level of the legal entity, as mitigating factors for fines imposed in administrative proceedings. Each mitigating factor can guarantee a reduction of up to 25% of the determined fine – which represents an incentive to the implementation of compliance measures.

CVM Resolution no. 50 kept the insertion of the “risk-based approach” established by the previous CVM Instruction no. 617 as the main governance tool of the prevention of money laundering, pointing out the need of structuring a compliance program, especially in relation to money laundering, and reformulation of its rules, procedures and internal controls based on risks identified in internal assessments, which must be periodically conducted. 

The Office of the Comptroller General (CGU), the highest authority on enforcement of the Anticorruption Law within the Federal Executive Branch, became, in January 2023, the Federal Internal Control Office, which extinguished the Anti-Corruption Office, keeping its attributions within the scope of the Comptroller General’s powers. The new Secretariat has a directive to rescue and strengthen evaluation activities of federal public programs and policies, bringing CGU closer to citizens and making control a management tool to improve public services provided by the State to the population.

The CGU plays a key role in the dissemination of the compliance culture in the Brazilian corporate environment. The agency, more than law enforcement, undertakes activities to promote the adoption of compliance measures and provides guidelines to entities wishing to implement compliance mechanisms. The guide “Integrity Program: guidelines for private enterprises” indicates the main pillars of a  compliance program and policies and procedures for the detection of evidence of illicit acts and risk mitigation.

In addition, CGU published, in September 2018, the Practical Manual for the Evaluation of Integrity Programs in Administrative Accountability Proceedings of Legal Entities, whose purpose is to guide law enforcement officials on the evaluation of compliance programs of legal entities subjected to Administrative Accountability Proceedings due to a violation of the law. The material also helps companies to internally evaluate their own programs. By making its parameters public, CGU seeks to ensure security and uniformity in the decisions issued in these administrative proceedings. The guide may be updated as a result of Federal Decree 11,129/2022.

Also, in conjunction with the Public Ethics Commission, the CGU issued Joint Normative Guidance no. 1/2016, issued to regulate the participation of federal public agents in events and activities funded by third parties. It establishes rules related to transportation, lodging, meals and registration for participation in events, meals and, finally, entertainment of federal public agents. The measure aims to avoid that privately funded benefits to public employees, although with an appearance of legality, are in fact a way to make an improper payment.

Another CGU initiative, called Pró-Ética (Pro-Ethics), is to encourage the voluntary adoption of compliance measures by companies, through public recognition of those that, regardless of their size and line of business, are committed to implementing measures to prevent, detect and remedy acts of corruption and fraud. In short, companies provide information and documents to the CGU regarding compliance measures adopted. At the end of the process, companies that achieve a certain score are considered Pro-Ethics companies, information that is disclosed to the market.

These are some of the regulations and guidelines issued by the Brazilian regulatory agencies, indicating the normative movement towards the requirement of the implementation by the companies of real policies and internal controls of their activities.

Compliance and Corporate Excellence

Compliance is increasingly showing itself as an essential tool for business sustainability. 

By preventing and reducing the risks of non-compliant conducts, compliance reduces the degree of exposure and accountability in relation to potential illicit behavior of its employees and partners, which directly impacts the reduction of internal losses with irregular conducts, application of fines and sanctions, judicial and administrative processes. 

Besides the reduction of costs, one must consider the preservation of its reputation and, therefore, the increase of its market value.

Also, by analyzing and evaluating its risks, the company expands its knowledge about its business and the market it operates in, including its competitors and partners, increasing the quality of decisions within the organization and generating a better allocation of resources, increasing results. All these factors have a direct impact on the increase of efficiency in the company’s management and performance.

It is also true that the adoption of an effective compliance program becomes one of the criteria to select business partners (suppliers, service providers, subcontractors). This interest does not originate only from the search for business partners that have the same values, but it is also motivated by the fact that several laws, both Brazilian and foreign, punish companies for illicit acts committed by third parties, that is, it is increasingly common that companies prefer to hire partners that adopt measures to mitigate this type of risk. 

More than that, investors want to allocate their money in companies that are less exposed to the most diverse risks, so it is evident that companies that are aware of these risks and adopt adequate controls in relation to them will have better chances of receiving more investments than others that are not.

Furthermore, the employees themselves gain with the effective operation of the program, after all, in many cases it is in the development of the company’s core business that irregularities are noticed. Trained in the compliance program, they will be key pieces, or the first line of defense, for the detection and communication of non-conformities, including those committed by third parties, which the top management would not be able to perceive. With this, they would be ensuring the sustainability of the business and mitigating the risk of the company closing its doors due to the heavy sanctions provided by law.

It is evident that the adoption of internal mechanisms and procedures to ensure integrity and compliance in the corporate environment goes beyond the law/ethics duo to which we are all submitted. The existence of an effective compliance program guarantees rights and prerogatives. In the business world, maintaining a complianceprogram has become a vital business tool, representing a competitive advantage in any market.

Authors: Heloisa Uelze, Felipe Ferenzini, Fernanda Casagrande and Bianca Borges

Trench, Rossi e Watanabe Advogados
Rua Arq. Olavo Redig de Campos, 105 X Av. Enxovia, S/N
31° andar
Edifício EZ Towers, Torre A – 04711-904
São Paulo – SP
Tel.: (11) 3048-6800

E-mail: [email protected]

Offices in Sao Paulo, Rio de Janeiro, Brasília and Porto Alegre, in cooperation with BakerMcKenzie, firm with worldwide representantion. All corporate practice areas; French, Germany, Germany, Spanish, Japanese, Chinese and Israeli Desks.