Novembre 2017 · solo inglese
It has been long since, back in 2001, well before the UK Anti-bribery Act and the French Loi Sapin II, Italian Legislative Decree No. 231/2001 (the “231 Decree”) first introduced the direct liability of companies, legal entities and partnerships/associations (each a “Legal Entity”) for certain listed crimes committed by their directors, executives, officers, agents and employees (“Executives and Subordinates”) when such commission was in the interest or to the advantage of the Legal Entity (the “231 Responsibility”). Over the years, however, the fabric of the amendments and integrations of the 231 Decree has continued to add new crimes triggering the above 231 Responsibility (the “231 Crimes”). As a result, the list of 231 Crimes has significantly grown and now includes bribes and corruption, corporate crimes, money laundering, cybercrimes, copyright crimes, HSE crimes and many others. Recently, new additional crimes were also included, as we mention below.
1.1 Racism and Xenophobia
The 2017 European Law, approved on November 8, 2017, regulates the obligations arising from Italy’s membership of the European Union (the “2017 EU Law”). Amongst many other provisions, the 2017 EU Law has added a number of additional crimes to the list of the 231 Crimes. More precisely, the new Article 25-terdecies of the 231 Decree (“Racism and Xenophobia”) punishes propaganda and incitement aimed at denying, minimizing or condoning the Shoah, criminal offences of genocide, crimes against humanity, and war crimes.
Following the introduction of that Article 25-terdecies, the organizational, management and control internal rules and procedures that Legal Entities may adopt to shield from/reduce the risk of their 231 Responsibility (so-called “231 Models”) need to include the additional crimes mentioned above and, more in particular, Legal Entities are called to assess: the risk of commission of such crimes by their Executives and Subordinates, the adequacy of their 231 Models to prevent their commission and the need to enhance/integrate such 231 Models with new provisions, procedures and disciplinary sanctions. Clearly, the new Article 25-terdecies appears of special concern for those companies operating in the business of traditional or new media (including social networks).
Article 25-terdecies provides that, in the event that the said crimes are committed, the Legal Entity may be subject to penalties ranging from € 51,600.00 to € 1,239,200.00. In addition, the Legal Entity may be subject to the interdictory sanctions provided for by Article 9 (2) of the 231 Decree, for a period of no less than one year:
a) ban from business activities;
b) suspension or withdrawal of licenses and permits;
c) prohibition on contracting with the State or Governmental agencies;
d) exclusion or revocation of financing and subsidies; and
e) prohibition on advertising goods and services.
If the Legal Entity or any of its organizational/business units is used for the sole or the main purpose of enabling or promoting the commission of any of the crimes specified in the new Article 25-terdecies, the Legal Entity may be punished with a permanent ban from business activities.
1.2 Illegal Immigration and Residence
On November 19, 2017, Law No. 161/2017 (known as “Codice Antimafia”) comes into force.
The main innovative aspect related to the 231 responsibility of Legal Entities is the introduction of two additional offences in Article 25–duodecies of the 231 Decree relating to the employment of foreign citizens coming from non-EU States (the “Foreign Citizens”) without a valid residence permit. In that respect, the following shall be subject to punishment:
1) Promoting, organizing, financing the transport of, or the transporting of Foreign Citizens into the Italian State, or committing other illegal acts aimed at facilitating the illegal entry of Foreign Citizens into the Italian State or into another EU State other than their State of origin or of habitual residence;
2) Gaining unfair profit from the Foreign Citizens’ illegal status or encouraging the Foreign Citizens to stay into the Italian State.
It is worth underlining that the Legal Entity that conjures with the offender or facilitates the crime may be subject to punishment pursuant to Decree 231. Therefore, a careful scrutiny of advisors/suppliers involved with recruitment of employees and workers need to be put in place and integrated within the 231 Models.
The illegal acts under point 1) above may trigger a punishment of the Legal Entity with penalties ranging from € 103,200.00 to € 1,539,000.00, while those specified under point 2) may be punished with penalties ranging from € 25,800.00 to € 309,800.00. In addition, the Legal Entity may be subject to the interdictory sanctions provided for by Article 9 (2) of the 231 Decree (as described in the paragraph above), for a period of no less than one year.
A recent judgment in which the Italian Supreme Court – in line with previous judgments – has confirmed that the 231 Responsibility of the holding company (as well as of any other company belonging to the same Group) with specific reference to 231 Crimes committed by a subsidiary/affiliate can not be affirmed simply because a general interest/advantage of the Group may be envisaged. The holding company (as well as any other specific company belonging to the same Group) may be responsible under the provisions of the 231 Decree only when the crime was committed by Executives and Subordinates of the subsidiary/affiliate in the direct and specific interest of the holding company (or of any other specific company) or when the Executives and Subordinates of the subsidiary/affiliate committing the 231 Crime were at the same time representatives of the holding/parent or of another company of the Group (Judgment of the Italian Supreme Court no. 52316 of 27 September 2016).
We also underline another judgment issued few months ago in which the Italian Supreme Court stated that ISO Uni 9001 models (the “ISO Models”) are not comparable to the 231 Models since the ISO Models (i) do not include the description of the crimes to be prevented, (ii) do not specify the sanctions to be applied in case of failures; (iii) and only focus on the compliance with the rules aimed at preventing accidents at work and environmental crimes (Judgment of the Italian Supreme Court no. 41768/2017). As a result, the existence of the ISO Models per se cannot exempt the Legal Entity from the 231 Responsibility (although it may be considered by the Court in assessing the sanction to be levied).
4.1 New disclosure requirements in the financial statements
The Italian Legislative Decree No. 254/2016 (the “254 Decree”) implementing the Directive 2014/95/EU concerning disclosure of non-financial and diversity information by certain large undertakings and groups (the “Relevant Entities”) now obliges those Relevant Entities to draw up an additional statement to provide information on their businesses, specifically covering environmental, social, employee, respect for human rights, anti-corruption and bribery matters (the “Non-Financial Report”).
Article 3 (1), lett. a, of the 254 Decree specifies that the Non-Financial Report shall include the organizational and management internal models of the Relevant Entities, including the 231 Models. Consequently, the 231 Models shall flow into a document – the Non-Financial Report – that must be drafted by the board of directors, under penalty of the sanctions specified in the 254 Decree. The board will be therefore required to express an independent assessment of the suitability and effectiveness of the 231 Models. One of the possible consequences of this overlapping of functions could be the strengthening of the role of the supervisory body provided for by the 231 Decree and its technical competences.
A new law on whistle blowing and non-retaliation of those employees who raise in good-faith the suspicion of illegal behaviours was recently approved and will soon be published on the Official Gazette. As a result, the 231 Models of Legal Entities must include:
i) Confidential communication/notification channels/means whereby Executives and Subordinates may report suspected infringements or breaches of the 231 Models;
ii) At least one communication channel/mean that safeguards secrecy (also from an IT angle) on the identity of those who have made such reporting;
iii) Prohibition of retaliation (e.g., dismissal/firing, demotion, etc.) of those who have made such reporting in good faith;
iv) Disciplinary sanctions for those who violates point (iii) above, but also for those who report suspected (and ungrounded) infringements in bad faith.
La presente Newsletter ha il solo scopo di fornire informazioni di carattere generale. Di conseguenza, non costituisce un parere legale né può in alcun modo considerarsi come sostitutivo di una consulenza legale specifica.