Italian Legislative Decree 231/2001

1. Italian Legislative Decree 231/2001 and the Liability of Legal Entities

(Italian) Legislative Decree 231, issued through implementation of Article 11 of Law No. 300 of 29 September 2000, seeks to align Italian legislation on corporate liability with that established by some international conventions ratified by our country. It establishes the corporate liability of a Legal Entity for crimes committed by directors, executives and/or employees, provided these are committed in the interest or to the benefit of the entity itself. Consequently, a legal person shall not be held liable if the perpetrator of the crime acted in their sole interest, or in the interest of third parties.

A company is held responsible for the crime committed within its corporate structure under certain conditions:

1. The crime must be contained in the list of so-called “predicate offences”;

2. The perpetrator of the crime falls into one of the two categories provided for by article 5, paragraph 1, (parts a and b) of (Italian) Legislative Decree 231/2001:
   Part a) senior managers: “persons holding representative, administrative or executive roles in the company or in one of its organisations with financial and organisational responsibility, as well as persons holding management and control powers, even in a de-facto capacity”.
   Part b) subordinate persons: “persons under the direction or supervision of one of the entities referred to in part a)”.

3. The crime must have been committed in the interest or for the benefit of the company;
4. The company must be guilty of an organisational failing (so-called organisational negligence), which made possible, facilitated or merely resulted in a failure to prevent, the committing of the criminal act.

If the company is found liable for corporate wrongdoing resulting from the predicate offence committed, a range of sanctions may be applied, divided between principal penalties (administrative pecuniary penalty, a ban, and confiscation of assets) and accessory penalties (publication of the judgement).

2. Forms of exemption of companies from liability

(Italian) Legislative Decree 231 sets out forms of exemption from the corporate liability of companies. Article 6 of (Italian) Legislative Decree 231 establishes that in the event of a crime committed by a member of Senior Management, the company is not liable if it proves that:

• prior to the crime being committed, the management body has adopted and effectively implemented adequate organisational and management systems aimed at preventing crimes of this type occurring
• an internal company body vested with independent control powers has been entrusted with overseeing the implementation and updating of, as well as compliance with, these systems
• the individuals committed the crime by fraudulently evading these organisational and management systems
• there was no negligence or lack of oversight by the competent body

Therefore, in the case of a crime committed by a Senior Manager, the company is presumed liable due to the fact that such persons express and represent the policy, and thus the will of the company itself. However, this presumption can be overturned if the company can demonstrate the existence of one of the four conditions set out in article 6 of (Italian) Legislative Decree 231.
In this case, even if the Senior Manager is personally liable, the company itself is not liable, pursuant to (Italian) Legislative Decree 231.
(Italian) Legislative Decree 231 recognizes an exemption where organisation and management systems exist, provided these are suitable for preventing the crimes described in the decree and, at the same time, are effectively implemented by the Board of Directors.
Similarly, article 7 of (Italian) Legislative Decree 231 establishes the corporate liability of the company for crimes committed by Subordinates, if their commission was made possible by the company failing to comply with its management or supervisory obligations. In any case, failure to comply with said
management or supervisory obligations is excluded if, prior to the crime being committed, the company demonstrates that it has adopted and effectively implemented an organisational and management system suitable for preventing crimes of the type that occurred.
Therefore, in the case governed by Article 7 of (Italian) Legislative Decree 231, the company’s adoption of the organisational and management system will be viewed favourably. This will shift the burden of proof to the prosecution, which must then demonstrate that the company failed to adopt and effectively implement said system.

3. Form and requirements of the Organisational and Management System

The system must meet the following requirements:

1. identify those activities within which crimes defined in the decree may be committed
2. draw up specific protocols for planning training and setting out company decision-making practices in a manner that prevents such crimes
3. identify ways of managing financial resources in a manner that prevents such crimes from being committed
4. set out information obligations for the body responsible for supervising the correct functioning of and compliance with the system
5. introduce an internal disciplinary system to penalise failure to comply with the measures indicated in the system

The system is comprised of various elements, including:

• A general part which typically contains:
• An introduction and brief description of the company’s activities and mission, a list of crimes and subjects involved, corporate structure (corporate bodies, executive powers, assignment of responsibilities, relationships with public administration), control system.
• A special part containing:
• A Code of Ethics which represents a “contract” between the company and its stakeholders, proving the company’s independence to the various stakeholders and publicly outlining its understanding of its responsibilities and scope of company policies. The Code of Ethics defines the commitments and moral responsibilities in the conduct of business and entrepreneurial activities carried out by people who work in the company or come into contact with it.
• o The Disciplinary Code, which sets out the penalties applicable for failure to comply with the provisions of the system and the Code of Ethics. The disciplinary system is based on the assumption that violations of the system are sufficiently serious to undermine the relationship between the company and its stakeholders, a relationship grounded on the values of transparency, fairness, loyalty and integrity.
• Protocols: The protocols are a set of principles and procedures aimed at preventing the commission of one of the crimes set out in (Italian) Legislative Decree 231/2001. These protocols in turn serve as the basis for defining individual procedures, job descriptions and responsibilities. The principles underlying the crime prevention protocols are: separation of activities, traceability of operations, the principle of oversight.
• A Whistleblowing policy, meaning the reporting procedures and actions defined to protect individuals who report illegal acts and irregularities.

4. The Supervisory Body

In implementing the provisions of the Decree, the company’s Board of Directors has agreed to establish a Supervisory Body with the responsibility of supervising the correct functioning of and compliance with “Modello 231”, identifying and recommending any corrective measures to the Board of Directors.
The B+B Supervisory Body is responsible for:

• promoting suitable initiatives for disseminating knowledge and understanding of the principles of Modello 231, defining specific information/training needs and internal communication programmes, conducted in coordination with key staff within the company;
• periodically reporting to the Board of Directors and the Board of Statutory Auditors on the status of implementation of Modello 231;
• defining and communicating the required information flows across the company —after first notifying the Board of Directors. This includes specifying those staff responsible for sending the information, as well as the required frequency and communication methods.
• defining and communicating to all parties methods for reporting wrongdoing (see Whistleblowing);
• evaluating any reports received;
• using appropriate measures to verify and report to the Board of Directors any violations of Modello 231 that may result in liability;
• proposing to the Employer the adoption of any disciplinary measures against employees following violations of Modello 231, in accordance with article 45 and subsequent amendments, the relevant National Collective Labour Agreement, and article 7 of (Italian) Law 300/70.

The Supervisory Body is responsible for monitoring the correct functioning of and compliance with Modello 231 and for ensuring it is kept up to date.
To this end, the Supervisory Body:

• will have access to all company documents and information relevant to fulfilling its assigned duties;
• may engage third parties with proven professional expertise when necessary for conducting verification and control activities or for updating Modello 231, subject to prior authorisation from the Board of Directors;
• will ask company employees to promptly provide all necessary information and data to identify aspects related to company activities relevant to the Modello and to ensure its effective implementation;
• may periodically receive information regarding the organisational and control systems as described above, as well as communications forwarded to the company by senior management and/or employees facing legal proceedings for the crimes defined in the Decree. Additionally, it may receive reports prepared during control activities conducted by staff and/or external parties along with minutes from the Supervisory Authorities, relating to facts, actions, events or omissions critically relevant to the provisions of Decree 231. Furthermore, it may be informed about the effective implementation of Modello 231 at all company levels and provided with evidence of the disciplinary proceedings undertaken and any penalties imposed (including disciplinary measures against employees).