Corporate risk management: a 360º vision (II)

Article published on July 2 in the newspaper “El Mundo”.

The first part of this column analyzed the types of corporate risk that may exist for a company, considering its different stakeholders. The second part of this column aims to explain how they can be mitigated with an adequate corporate compliance system and why it is important to implement it in time, before the risks materialize.

Companies are, in practice, living beings. They are holders of rights and obligations and, for several years now, they have been recognized as holders of fundamental rights in Colombia (see Constitutional Court ruling S.U. 182/1998). Other international bodies, such as the Inter-American Commission on Human Rights, have slowly accepted that companies are holders of human rights, and therefore subject to international protection.

But as practically living beings, they are also susceptible to committing, in addition to all kinds of infractions, acts that initially could only be attributed to humans, such as crimes. In a memorable conference given by Professor Francisco Bernate in February of this year at the ICDT, it was pointed out that, although not explicitly, the current regulations already enshrine the criminal liability of legal entities. Thus, Law 1573 of 2012 (which approves the Convention on Combating Bribery of Foreign Public Servants in International Business Transactions as part of the commitments assumed by the OECD), Law 970 of 2005 (which approves the United Nations Convention against Corruption), Law 412 of 1997 (approving the Inter-American Convention against Corruption) and Law 800 of 2003 (approving the United Nations Convention against Transnational Organized Crime) establish not only the duty of the company to refrain from committing crimes (negative duty), but also the duty to actively prevent them (positive duty).

Professor Bernate states that, with these rules (regardless of whether the issue is specifically regulated in other laws that may arise in the future) in Colombia there is already a criminal liability of the company, which is autonomous from that of its directors. By way of example, it indicates that if a law firm hires a recent graduate for one million pesos (as basic salary) and pays him for each hour worked in excess of the regulations a sum "to motivate him to bill more" and, if after years that "motivation" causes the lawyer to have disturbed his health to the point of dying from a nervous breakdown, the company could be charged with pretermination homicide. When the company is considered as a criminal enterprise (or as a conduit for crime), the judge of control of guarantees may - at the request of the Prosecutor's Office - cancel its legal status and order the temporary closure of premises and establishments open to the public (art. 91, Law 906 of 2004). These measures shall apply, among others, to companies that have sought to benefit from the commission of crimes against public administration or with any punishable conduct related to public assets (art. 34, Law 1778 of 2016). This cancellation, although it could transgress the eventual "human right" to existence and legal personality, enshrined -indirectly- in the Inter-American Convention on Human Rights, is a contingency to which every company in Colombia is exposed.

Now, the way to mitigate (since it cannot be completely exempted) the liability of the legal person -and indirectly that of its administrators-, for the commission of crimes, is to establish a corporate compliance system within the company where it can demonstrate compliance with its duty to take positive actions to avoid the commission of crimes, as well as infractions of any nature. Through these systems, areas (or persons) responsible for the prevention, detection, and response to corporate risks of all kinds can be designated. An example of this is the Siemens Compliance System, which became a global benchmark when the company was able to overcome one of the worst private corruption and transnational bribery scandals in recent history.

Consider, for example, the case of a company that has a system in place to prevent, detect and respond to the risk of its employees engaging in restrictive business practices - such as price fixing - with its competitors. In the event of such a situation, it will clearly be a mitigating factor for the company and its directors to have had the system in place, and the company will be able to claim that the deviant conduct was that of the individual employee who, disregarding company policies and circumventing the systems, engaged in these practices. Likewise, the adoption of transparency and business ethics programs, internal anti-corruption mechanisms, internal auditing mechanisms and standards and the promotion of transparency will be considered as a mitigating factor if the company that applies them is involved in a cross-border bribery matter.

Document

Gestión-del-riesgo-societario-una-visión-360-_​ENG.pdf

Want to know more?