Corporate Liability for Criminal Conduct by Employees: Italian Law n. 231/2001
Legislative Decree n. 231/2001 (“Law 231”) introduced a form of direct corporate liability in Italy for crimes committed by employees or representatives in the interest or for the benefit of the company. While the law defines this liability as administrative, it is in effect equivalent to a criminal liability since the company will be subjected to penalties together with the individual who materially committed the crime.
Legislative Decree n. 231/2001 (“Law 231”) introduced a form of direct corporate liability for crimes committed by a company’s employees or representatives in the interest or for the benefit of the company. While the law defines this liability as administrative, it is in effect equivalent to a criminal liability since the company will be subjected to penalties together with the individual who materially committed the crime.
The goal of Law 231 is to hold companies accountable for criminal actions committed for their benefit and to encourage the adoption of organizational governance models to prevent managers, employees or external agents/representatives from engaging in such activities. In fact, Law 231 specifically provides that a company can be exonerated from liability only through the adoption of an adequate model.
Since its introduction, the application of Law 231 has been progressively broadened to encompass an extended list of crimes and this list is projected to increase further in the future (for example, to include environmental crimes). The most recent extension has been to include the crimes of homicide and serious bodily injury in connection to violations of workplace health and safety rules. A current list of crimes that could subject a company to liability includes the following:
- unjust enrichment, fraud, including wire fraud, resulting in damage to the State or public entities;
- corruption and misappropriation of public funds;
- falsification or counterfeiting of money, public credit and tax stamps;
- corporate crimes;
- crimes relating to terrorism or subversion of democratic order;
- mutilation of female genitals;
- crimes against persons;
- market abuse;
- IT and data privacy crimes;
- Homicide and serious bodily injury in relation to workplace health and safety violations;
- Money laundering.
Recent court cases have demonstrated the intent of the courts in Italy to apply the law to all companies, regardless of size. Foreign companies may also be subject to liability under Law 231 for crimes committed in Italy, which can be particularly relevant for groups with wholly owned Italian subsidiaries and integrated group management structures.
Liability Thresholds and Sanctions
In order for criminal liability to attach to the company, Law 231 requires the following:
- commission of one of the crimes specified in Law 231;
- the crime is committed is in the interest of or provides a benefit to the company;
- the crime is committed by an individual holding a representative, administrative or managerial position, or by persons under their direction or control;
- the company has not taken adequate governance measures to prevent the commission of such crimes.
If each of the above elements is present, the company may be subject to the following sanctions:
- monetary fines based on a system of quotas with a minimum of 100 and a maximum of 1000. Each quota may vary from a minimum of €258,22 to a maximum of €1.549,37, resulting in sanctions ranging from €25.800 to €1.549.370. The number of quotas will be determined by the court in relation to the gravity of the crime and any actions taken to mitigate or prevent its commission. For multiple crimes connected to the same underlying action, sanctions may increased threefold up to a maximum of €4.648.110;
- confiscation of the price or value of profit connected to the crime;
- administrative sanctions such as bans on conducting business, disqualification from contracting with the Public Administration, suspension or revocation of authorizations, licenses or permits, exclusion from financing, grants and subsidies and/or revocation of those already granted, prohibition from advertising goods and services. Such administrative sanctions may also be applied preventively and, therefore, prior to a final judicial ruling on liability.
Given the severity of the possible sanctions, including the possibility of administrative sanctions being applied preventively, the failure of a company to adopt an organizational model can have serious repercussions on its ability to conduct business if an employee commits a crime covered by Law 231.
Mitigation/Avoidance of Liability: The Organizational Model
Law 231 provides specific forms to exempt a company from liabilities for crimes committed by its employees. In particular, the company will be exonerated if it can demonstrate that it adopted and effectively implement, before the crime occurred, an organizational governance model adequate to prevent the specific crime committed and that supervision of the model was entrusted to an independent oversight body that sufficiently performed its duties. Adoption of a model after a crime has occurred will not exempt the company from liability, but it will allow for reduction of sanctions and, in particular, will permit the company to avoid application of preventive administrative sanctions.
While Law 231 does not provide for a specific model, it does require that the model adopted by the company meet the following basic criteria:
- identify the areas of business where the risk of commission of crimes is most likely;
- provide specific protocols for formulating and implementing decisions by the company to prevent crimes;
- identify best practices over management of financial resources to prevent crimes being committed;
- mandatory duties to provide information to the oversight body;
- adopt disciplinary measures adequate to sanction non-compliance with the rules.
It is important to note that Italian courts will not consider the adoption of standardized or “off-the-shelf” models as adequate to exempt the company from liability. Instead the organizational model must be tailored to address the company’s specific business and organizational structures as these relate to potential criminal actions.
To prepare an adequate organizational model, a company should conduct an internal audit to assess risks in the following areas: legal, organizational, human resources, administration and management control, security and finance. Once the areas of the company at risk for the crimes specified in Law 231 have been identified, the company should proceed with the adoption of specific prevention protocols, including a code of ethics and systems for decision making, signature authorities, disciplinary actions, as well as internal controls for proper supervision by an independent oversight body.
Although Law 231 does not mandate the adoption of an organizational model, it is the only way available to a company to mitigate or avoid liabilities in the event an employee engages in criminal conduct. In addition, failure to implement an organizational model may expose directors and managers of Italian companies to liability for omission of duty. Considering the severity of the sanctions imposed by Law 231, the need to adopt a model should not be underestimated.
For further information contact:
+39 06 9799 6051 (direct)