Doing Business in Brazil

25. Compliance and Corporate Excellence: Basic Agenda


Considering legal and regulatory aspects, it is correct to say that organizations have never been so demanding in terms of corporate governance and integrity in Brazil. 

The global anti-corruption agenda and the recent cases of fraud and misconduct that affected the country have strengthened the movement for integrity in the business conduct and reflected not only in the agendas of companies, but also in the legislative process, in the activities of the law enforcement authorities and in public policies.  

Beyond the private corporate sphere, it is important to highlight improvements in terms of legal requirements for Public Administration’s entities, such as the structuring and implementation of mechanisms and procedures that ensure the compliance of their performance.

We would certainly not deny that, despite the increased attention to themes including ethical conduct, legal compliance and governance in organizations, as well as their inclusion in public policies’ provisions, there is still much to be done in terms of effective practice. In addition, the recognition that the development of compliance measures does not simply represent an additional cost to the companies, but an investment essential to the sustainability of the business remains a recurrent question in the corporate environment. 

We will discuss below the main Brazilian standards of compliance and integrity, bringing recent changes and provisions. We will also list important public initiatives that aim promoting compliance in the business conduct within Brazilian companies, private and public, and other companies operating in Brazil.  

  1. Evolution in the treatment of compliance issues in Brazil:

In fact, the international movement towards integrity in the corporate environment, especially in combating corruption and bribery, is not recent.

In 1977, the United States of America had already enacted the Foreign Corrupt Practices Act (FCPA), which prohibits bribery of foreign public officials by imposing sanctions to involved people. 

The movement intensified in the 1990s, when several international actors formalized their intentions to fight against corruption through multilateral treaties and agreements, with an emphasis on integrity in the establishment of trade relations. The signatories committed to criminalize bribery and other illicit practices and to impose strict sanctions on those involved, which resulted in creating legal diplomas and the adoption of a series of international instruments to repress such practices.

Even before the draft of a specific bill was initiated, Brazil ratified its commitment to combat corruption in 1997 by acceding to the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.

In Brazil, the agenda for compliance and the adoption of control mechanisms initiated in the financial sector. The Federal Law 9,613 (known as the Money Laundering Law) and Resolution 2,554 of the Central Bank of Brazil, both enacted in 1998, incorporated the rules of the Basel Committee on Banking Supervision (1975). The committee obliged financial institutions to adopt compliance structures and effective internal control mechanisms to prevent money laundering and other illegal activities. Therefore, the concept of implementing a department focused on risks, controls and compliance in Brazil started in this sector. 

After more than a decade, in 2013, largely because of the commitments assumed by the country in international alliances on the subject, the Brazilian Anticorruption Law (Federal Law No. 12,846 / 2013) was enacted. 

In addition to the implementation of control mechanisms by companies in the fight against corruption and other illegal conducts – which, as we have mentioned, was not an entirely new legal diploma in Brazilian legislation – the Law brought new provisions and concepts to our legal scenario regarding the fight against corruption.  

The Law determines, in Article 2, the strict liability of legal entities. This means that legal entities can be strictly liable for harmful acts provided by the law committed in their interest or benefit and hence may be punished by the conduct of their partners, employees, representatives and third parties.

In addition, for the first time in Brazilian legislation, compliance programs (or integrity programs – the letter of the Law) may bring benefits stated in the law. It means that, besides being mechanisms for risk and liability mitigation, the Anti-Corruption Law establishes the existence of internal compliance mechanisms and procedures as one criteria for reducing the amount of applicable sanctions in case a violation is occurred. Federal Decree No. 8,420/2015, which regulated the Law, established the parameters of reduction, granting a greater percentage of reduction to companies that have applied an effective compliance program, which can result in a reduction of up to 4% in the calculation of the applicable fine. 

The Law establishes, therefore, that the adoption of a proper structured and effective integrity program may prevent irregularities not only from being committed, but also may grant a higher discount in the administrative sanctions for violation.

In addition to the provisions of the Anti-Corruption Law and Decree No. 8,420/2015, several other bills have advanced in this matter by offering advantages to companies with compliance structures in place. 

Most of Brazilian States have already regulated the Anti-Corruption Law through laws or decrees stating the effective application of the Law at the state level – and the issue is under discussion in other States that have not yet done so. Some of them went beyond federal provisions and made mandatory the existence of compliance programs in companies entering into contracts with the direct, indirect and foundational State Public Administration. The pioneering initiative came from the State of Rio de Janeiro, under the State Law No. 7,753/2017. The example was followed by the Federal District (Law No. 6,112/2018) and the States of Rio Grande do Sul (State Law No. 15,228/2018), Amazonas (State Law No. 4,370/2018), Goiás (State Law No. 20,489/2019) and Pernambuco (State Law No. 16,722/2019). Also as a precursor, the Federal District, through Decree 40.388/2020, published rules on the assessment of the compliance program by the competent enforcement authorities – following the guidelines of the Federal Office of the Comptroller General (“CGU”) , the competent authority at the federal level. 

Converging on the importance of compliance, there are several bills that deal with the subject. Bill No. 429/2017, recently approved in the Senate and awaiting approval in the House of Representatives, determines the creation of a integrity program for political parties. According to the proposed wording, the parties will have to provide in their statutes an integrity program, which must contain a set of internal mechanisms and procedures for control, audit and incentive to report irregularities.

Other propositions should also be mentioned, such as Bill No. 7,149/2017, which determines that companies entering into contracts with the Federal Public Administration must adopt a compliance program and Bill No. 303/2016 that proposes the adoption of compliance programs by the States, Municipalities and the Union so that the respective entities can receive public resources .

In the public sphere, Bill No. 5,442/19, pending before the House of Representatives, proposes the mandatory implementation of compliance programs by public and public-private (mixed-capital) companies that explore economic activity that is potentially harmful to the environment.

As exposed, the legislative movement represents a trend that, more and more, implementing compliance programs will be no longer optional and will become mandatory in business development, especially in case it involves public entities, demonstrating the progress in the goals for integrity in commercial relations and public contracts.

1.1. Compliance in the Public Administration 

It is true that, in order for compliance and integrity practices to be effective, especially in public-private relations, the Public Administration also plays a fundamental role, and must develop controls and procedures that ensure the conformity of its performance.

Federal Law No. 13,303/2016 (also known as the “State-owned Companies Law”) provides for the legal statute of State-owned companies, government-controlled private companies and their subsidiaries, within the Union, the States, the Federal District and Municipalities. In this sense, the Law contains provisions on the modernization of the management of state controlled companies, seeking to inhibit the political influence on their administration with rules regarding corporate governance, compliance and transparency in their activities.

The Law determines the adoption and disclosure of a code of conduct and integrity, which, among other matters, provides for the principles, values and goals of the state-owned companies. It also provides the implementation of measures for the prevention of acts of corruption and fraud, reporting channels for receiving internal and external complaints and potential sanctions applicable in case of violation of the internal rules (article 9, §1).

Also, within the scope of the Federal Public Administration, Federal Decree no. 9,203/2017, which was amended by Federal Decree no. 9.901/2019, establishes in a broader way the governance policy for public bodies, determining its principles and concepts of responsiveness, integrity, reliability, regulatory improvement, accountability and transparency. Bodies and entities must, therefore, implement and maintain mechanisms, instances and practices capable of providing transparency about their ethical identity. 

In the same approach, the recently published Federal Law 13,848/2019 – Law of Regulatory Agencies – also imposes on these entities the adoption of an integrity program to promote institutional measures and actions aimed at prevention, detection , punishment and remediation of fraud and acts of corruption (art. 3, §3).

Federal Law no. 13,964 / 2019 (known as “Anti-crime Package”) innovated by making it mandatory to create whistleblowing channels for receiving complaints for public bodies, including direct administration – formalizing a mechanism that is already provided as a recommendation for private companies and mandatory for indirect administration (public companies and mixed-capital companies under the State-Owned Law).

1.2. The improvements of regulations regarding the whistleblowers 

The whistleblower activity has been increasingly considered an important tool in the fight against corruption. The whistleblower is the one who, when perceiving irregularities within an organization, whether public or private, reports the facts to the competent authorities for investigation and adoption of appropriate measures.

Although Law No. 9,807/1999, which instituted the Federal Program for Assistance to Victims and Witnesses, provided for the protection of witnesses who had collaborated with investigations, it was the Federal Law No. 13,608/2018 that definitely brought the concept of whistleblowers to Brazilian legal system and the importance of their collaboration. The Law provided guidelines on telephone services for receiving complaints granting anonymity and rewards for information that contribute in the investigation of illegal conduct by private or public organizations.

Law No. 13,608 / 2018 guarantees the confidentiality of the whistleblower’s data and establishes that the Union, the States, the Federal District and the Municipalities, within the scope of their competences, may establish ways of rewarding the provision of useful information for prevention, repression or prosecution of violations. 

The aforementioned Law was amended and had provisions included by Federal Law no. 13,964 / 2019 (Anti-crime Package), such as the provision of non-retaliation to the whistleblower, such as arbitrary dismissal, unjustified alteration of functions, imposition of sanctions and other types of retaliation. The practice of retaliation against the whistleblower will constitute a serious disciplinary offense. The agents that engage in this retaliation conduct may be subject to dismissal of the public service and, in addition, the whistleblower may be compensated twice for any material and moral damages. 

In addition, the Anticrime Package added, in an innovative way, in its article Article 4-C §3, the possibility of the whistleblower’s participation in up to 5% (five percent) of the amount recovered by the State if the information provided results in the recovery of losses by crimes against Public Administration.

Also in 2019, Federal Decree No. 10,153 determined procedures to guarantee the protection of the identity of whistleblower that reported illicit and irregularities practiced against the Public Administration. These provisions must be followed by the bodies of direct, autarchic and foundational Administration and companies that provide public services. 

  1. Regulatory Standards, Guidelines and Public Policies 

Regulatory activity in Brazil has also reflected in its provisions the importance of adopting compliance measures in the business development. The prevention of money laundering crimes or concealment of assets, rights and values ​​is governed by Law No. 9,613 / 1998, which was amended by Law No. 12,613 /  2012. The regulation and discipline of mandatory mechanisms for the development of the activities of companies subject to the Law, which previously was the exclusive responsibility of the Financial Activities Control Council (COAF), started to be shared with regulatory or supervisory bodies in 2012 (for example, the Central Bank is responsible for financial institutions). Thus, the elaboration of an effective policy to combat money laundering and terrorist financing must be based on the specific regulations of the body that regulates the activity, an analysis of the risks inherent to the activity is essential.

Within the scope of the Central Bank of Brazil, Resolution no. 4,595/2017 determines, among other rules, the elaboration of a compliance program by financial institutions aiming to mitigate the risks inherent to the sector. The recent Letter no. 3,978/2020 provides for policies, procedures and internal controls to be adopted by financial institutions in order to prevent the use of the financial system for the practice of money laudering crimes and concealment of assets, bringing parameters that must be followed for an adequate assessment of risks, from which governance and compliance policies and procedures will be structured.

The National Bank for Economic and Social Development (BNDES) has also adopted new compliance procedures. The entity published Resolution no. 3,439/2018, which changed the rules of contracts signed by the Bank. It is now required that the financial agents have to prove, whenever requested, the adoption of an integrity program, policies and procedures to prevent  corruption, fraud and others irregularities foreseen in the legislation, in particular in the Anticorruption Law and respective changes in the applicable regulation and in BNDES policies and rules , in the contracts signed with the final beneficiaries. In addition, it also started to demand that the adoption of procedures aimed at complying with the rules concerning the prevention of money laundering and the fight against financing of terrorism, in particular those provided for in Law no. 9,613/1988 and respective changes in the applicable regulation and in BNDES policies and rules.

Another entity that took an important step in promoting the adoption of integrity programs by companies was the Brazilian Securities and Exchange Commission (CVM). In 2019, the entity published CVM Instruction no. 607, which provides as a mitigating factor for fines imposed by administrative proceedings the effective adoption of internal mechanisms and procedures of integrity, auditing and incentive to report irregularities, as well as the effective application of codes of ethics and conduct in the legal entity. Each measure can guarantee a reduction of up to 25% of the determined fine – which represents an incentive to implement compliance measures.

Also in 2019, the CVM issued Instruction no. 617, which includes the “Risk Based Approach” as the main governance tool for preventing money laundering. It pointed out the need of structuring a compliance program, especially in relation to money laundering, and reformulating rules, procedures and internal controls based on risks identified in internal assessments, which must be periodically assessed. 

The Brazilian Office of the Comptroller General (CGU), maximum enforcement authority of the Anti-Corruption Law within the federal executive branch, created in January 2019 the Secretariat for Combating Corruption, responsible for, among other assignments, supervising, coordinating and guiding the action of the entity in combating corruption and other actions to ensure the integrity in relations with public agents.

CGU plays a fundamental role in the dissemination of the culture of compliance in the Brazilian corporate environment. The entity, more than law enforcement, assumes activities to promote the adoption of compliance measures and provides guidelines to the entities wishing to implement compliance mechanisms. The guide “Integrity Program: Guidelines for Private companies” indicates the main pillars of a compliance program and which policies and procedures are necessary to prevent and detect illicit acts and mitigate risks.

In addition, the CGU published, in September 2018, the Practical Manual for evaluation of Integrity Programs in Administrative Process of Accountability of Legal Entities, whose aims to guide those responsible for enforcing the law about the evaluation of compliance programs of legal entities submitted to the administrative accountability process due to violations. The material also helps companies to evaluate internally their own programs. By making its parameters public, the CGU seeks to ensure security and uniformity in its decisions.

Furthermore, along with the Public Ethics Committee, CGU issued Joint Normative Guideline No. 1/2016, in order to regulate the participation of federal public agents in events and activities promoted by private third parties. It establishes rules related to the offer and acceptance of transportation, lodging, meals and participation in events, entertainment for federal public agents. The measure aims to avoid that benefits paid by individuals to public agents, although the appearance of legality, are in fact improper payments.

Another initiative of the CGU is the program “Pró-Ética”, which aims to promote the voluntary adoption of compliance measures by the companies, through the public recognition of those that, regardless of the size and industry, demonstrate that they are committed to implement measures of prevention, detection and remediation of acts of corruption and fraud. In sum, the evaluation is based in the information and documents provided by the companies to the CGU regarding compliance measures that were adopted. At the end of the process, companies that reach a certain score are considered “Pro-Ética companies” and this information is provided to the market.

These are some regulations and guidelines given by the Brazilian regulatory entities, indicating, once again, the increase of normative movement towards the requirement of implementation of effective policies and internal controls by companies.

  1. Compliance and risk mitigation in the 2020 Covid-19 pandemic

With the declaration of a Covid-19 pandemic by the World Health Organization (“WHO”) on March 11, 2020 the Public Administration ended up softening some rules given the exceptional situation faced worldwide.

On March 23 of this year, the Federal Government published Provisional Measure nº. 928 (“MP 928”), providing for actions to deal with the public health emergency. According to MP 928, as long as the pandemic and the confrontation of the public health emergency continue, judicial deadlines will not run in relation to accused and private entities sued in administrative proceedings. The limitation period for applying administrative sanctions – provided in the Anticorruption Law (Law nº 12.846 / 2013), the Law of Civil Agents of the Union (Law nº 8.112 / 1990) and other rules applicable to public employees –  is suspended.

Provisional Measure no. 966 (“MP 966”), published in May, 2020 changed the legal regime of liability of public agents for actions and omissions in acts related to the pandemic. Public agents can only be held liable in the civil and administrative spheres if they act or omit with intent or serious mistake in decisions involving measures to deal with the public health emergency and to combat the economic and social effects resulting from the pandemic. MP 966 limits liability, which will not occur in relation to the technical opinion of the agent who has adopted it as the basis for their decisions, unless it is proven that there is a fraud or serious mistake or collusion between the public agents. There is an intense debate on the constitutionality of MP 966 and there may be changes regarding it in the future.

In order to encourage donations from individuals and companies to strengthen the fight against the pandemic, the Federal Government published Federal Decree no. 10.314 / 2020, which allows the Government to receive donations of goods, services or technology, assuming charges / duties in exchange (such as transport logistics). The regulation amends Federal Decree no. 9.764/2019, which allowed donations to be made by any natural or legal person, national or foreign, in a regular situation in the country, but without any charges to the government. With the inclusion of this new type of donation, the interested party will be able to establish conditions, such as requiring the beneficiary to bear the costs and transport logistics. 

It is certain that a current crisis, in addition to the enormous damage to public health, represents a threat to the sustainability of business. It brings challenges to be faced by public and private sectors, including the risks of non-conformity that a crisis environment ends up favouring.

COAF (Council for the Control of Financial Activities) reinforced the importance of diligent control to mitigate risks, particularly those related to fraud. COAF published a list with the main warning signs detected by them in this crisis period, such as contracting third parties with no previous bidding and overpricing, the receipt of public funds for the purchase of equipment or supplies to fight the pandemic with immediate transfer to third parties with no apparent financial relationship and transfer of funds to public agents by companies that received payments resulting from administrative contracts. 

It reveals that, at this point, there is an immediate need for a risk (re)assessment by companies. In this case, new measures must be adopted or existing measures must be updated to the new scenario, to mitigate the various dangers that a crisis could bring. The Compliance department must adopt extraordinary controls to monitor the program’s conformity and reinforce its controls mainly in relation to: i) donations to public agencies; ii) public contracts, agreements and partnerships, especially when arising from emergency contracts; iii) adequacy of accounting records and iv) control mechanisms for employees and third parties, given that they are exercising their activities outside the company, when applicable. 

Other recommended measures are periodic reports to senior management (and in certain cases to investors) and the establishment of a crisis committee to address the issues, which must be multidisciplinary including the Compliance expert.  

On April 28, the Federal Office of the Comptroller General (CGU) launched the booklet “Good Practices of Integrity in Public-Private Relations in Times of Pandemic”, guiding companies in operations carried out with the public sector in the course of the pandemic. The document emphasizes the importance of promoting transparency and integrity in public-private relations, in addition to directing the main inspection actions that will be prioritized after the normalisation of the situation faced by the country. The booklet is divided by the topics “orient, register, disseminate, monitor, report and preserve your image”, providing guidance and suggesting guidelines to be followed by companies.

  1. Compliance and Corporate excellence

Compliance is increasingly showing itself as an essential tool for business sustainability. 

By preventing and reducing the risks of non-compliant conduct, compliance decreases the degree of exposure and liability in relation to potential illicit behaviour by its employees and partners, which directly impacts the reduction of internal losses due to irregular conduct, and waives the application of fines and sanctions, judicial and administrative proceedings. 

An example is CVM Instruction 607, which brings the application of much higher penalties by the regulatory entity, granting the significant discount of up to 25% in an eventual fine imposed by the agency.

In addition to reducing costs, it is necessary to consider preserving its reputation and, therefore, increasing its market value.

Moreover, by analysing and evaluating its risks, the company expands its knowledge about its business and the market in which it operates, including its competitors and partners, improving the quality of their decision and generating a better allocation of resources, expansion of results.. All of these factors have a direct impact on increasing efficiency in the company’s management and performance. 

The adoption of an effective compliance program has become a criterion for selecting business partners (suppliers, service providers, subcontractors). This interest has not only originated in the search for commercial partners that share the same values but is also motivated by the fact that several laws, both Brazilian and foreign, punish companies for illicit acts committed by third parties. It is getting very common for companies to hire partners who adopt effective compliance measures as a way to mitigate this type of risk. 

As we have seen, as banks may increasingly be held liable for the use of money under their management in corruption schemes, financial institutions have turned their attention even more to the correct use of the resources they make available to their customers. In addition, to protect their interests, they started to demand that their potential clients have a compliance program to start the business relationship and release the intended resources.  

More than that, investors want to allocate their money in companies less exposed to the most diverse risks, so it is evident that companies that have solid controls will have better chances of receiving more investments than others who do not. 

Furthermore, the employees themselves gain with the effective functioning of the program. Often, it is in developing the core business of the company where the irregularities are perceived. Trained in a program of effective integrity, these employees will be key pieces for detecting and communicating irregularities, even committed by third parties that could not be perceived by the top management. With this, they would be assuring the sustainability of the business and mitigating the risk of the company closing the doors due to the heavy sanctions provided by law. 

Therefore, it remains evident that the adoption of internal mechanisms and procedures to ensure integrity and conformity in the corporate environment transpose the right/ethical duo to which we are all submitted. In the business world, maintaining a compliance program has become a vital business tool, representing a competitive advantage in any market. 

Authors: Heloisa Uelze, Fernanda Casagrande, Felipe Ferenzini, Bianca Amancio e Matheus Vieira

Trench, Rossi e Watanabe Advogados
Rua Arq. Olavo Redig de Campos, 105 X Av. Enxovia, S/N
31° andar
Edifício EZ Towers, Torre A – 04711-904
São Paulo – SP
Tel.: (11) 3048-6800

E-mail: [email protected]

Offices in Sao Paulo, Rio de Janeiro, Brasília and Porto Alegre, in cooperation with BakerMcKenzie, firm with worldwide representantion. All corporate practice areas; French, Germany, Germany, Spanish, Japanese, Chinese and Israeli Desks.