Relevant Legislative Decree of 9 December 2021 No. 109-E/2021 “On the Establishment of the National Anti-Corruption Committee and of the General Framework for Corruption Prevention” (Decreto-Lei n.º 109-E/2021 Mecanismo Nacional Anticorrupção e estabelece o regime geral de prevenção da corrupção) provides for a number of legal mechanisms that previously had a form of recommendations thereby placing organisations under the obligation to prevent corruption.
This obligation extends to the following organisations:
- the companies registered in Portugal with 50 or more employees, and the subsidiaries of foreign companies with 50 or more employees conducting their activities in the Portuguese territory;
- the entities and organisations with 50 or more employees, directly or indirectly controlled by the State, autonomous regions, local authorities or State corporations;
- the independent administrative organisations authorised to regulate economic activities in the private, public and cooperative sectors;
- the Bank of Portugal.
Other organisations that do not fall under any of the aforementioned categories should implement compliance programmes taking account of their size and nature of activities.
Moreover, the list of measures to be taken differs from one type of organisation to another.
1. The mandatory components of compliance programmes that should be implemented in all organisations covered by the law are the following:
1) Appointment of an individual from among the senior management (or an equivalent person) responsible for ensuring compliance with anti-corruption requirements;
2) Corruption risk assessment covering all structural units and lines of action of the company, which means:
- identifying the areas of corporate activities particularly vulnerable to corruption and other related offences;
- assessing the probability of commission of offences and alleged effects of each situation to mitigate associated risks;
- compiling a list of preventive and corrective actions to reduce risks and mitigate their impact;
- for the situations with a high or the highest risk – identifying and prioritizing exhaustive preventive measures.
Additionally, organisations should appoint an officer responsible for conducting risk assessment.
3) Development and implementation of codes of conduct setting out the rules for ensuring compliance with the professional ethics principles, including the applicable disciplinary and criminal liability measures for their infringement;
4) Establishment of the channels for reporting corruption and other related offences, adoption of response measures and protection of whistleblowers in line with EU Directive 2019/1937;
5) Anti-corruption training of all managers and employees aimed at raising their awareness of and clarifying the policy and procedures on the prevention of corruption and other related offences. The content of the training programmes and the frequency of training initiatives should take into consideration the corruption risks relevant to different staff categories;
6) Evaluation of the effectiveness of the compliance programme.
2. State-owned enterprises should adopt additional corruption prevention measures such as:
1) Publish and provide open access to different documents containing the information relevant from the point of view of potential corruption risks such as tables of prices on the goods and services provided, information about multi-annual obligations and outstanding payments and receipts, list of exemptions and grants provided along with their amount, list of donations received, employment notifications for managers and employees, warrants of appointment of managers etc.;
2) Oblige the members of governing bodies, managers and employees to submit declarations on the absence of conflicts of interest in case they participate in such procedures as public procurement, provision of subsidies, grants or benefits, urban, ecological, commercial and industrial licensing, and sanctions procedures, and oblige them to inform the superior or, in his/her absence, the person in charge of ensuring compliance with anti-corruption requirements about a potential conflict of interest for the latter to take the necessary measures to prevent or manage it;
3) Raise awareness of the employees about all rules, protocols and procedures that have been adopted in line with the law and should be followed when they file requests for the permission, change and termination of the consolidation of their functions, and revise relevant permissions every time it is justified by the change of functions of the employee;
4) Implement internal controls system, including a plan of the organisation, policy, methods, procedures and good practices in the area of control, taking account of the nature, size and complexity of the organisational structure and activities of the company, as well as specific corruption risks it faces; monitor, on a regular basis, the effectiveness of this system through sample audits and reporting on their findings and any limitations to the superiors, and take necessary measures for improving the controls system;
5) Adopt measures for preserving competition in public procurement and remove administrative barriers.
3. According to the law, the private sector organisations should implement the following additional corruption prevention measures:
1) Implement an internal controls system, taking account of existing corruption risks (here, the organisations can also adopt the approach of the State-owned enterprises as formulated by the law);
2) Conduct preliminary due diligence procedures adjusted to the risk profile of the organisation and allowing for the identification of actual beneficiaries and the detection of potential image and reputational risks and conflicts of interest;
3) Apply the requirements on conflict-of-interest management for the State-owned enterprises in the event that the entity fulfills, in any quality, public or administrative functions.
The law also contains the provisions regulating the application of administrative liability measures for the failure to comply with the established requirements. In line with these, companies and their managers are subject to the following penalties:
- in case of a total absence of corruption risk assessment, its undue conduct or the lack of implementation of all elements of assessment; undue implementation of the internal controls system; failure to introduce a code of conduct or introduction of a code of conduct which does not include the provisions on criminal liability and corporate corruption risks: from €2,000 to €44,891.81 (from 166, 320 to 3,733,203 rubles) for legal persons, and from €2,000 to €3,740.98 (from 166, 320 to 311, 100 rubles) for natural persons;
- in case of a failure to submit reports on corruption risk assessment; failure to comply with the requirements to update the findings of the assessment, codes of conduct, and compliance programmes; failure to duly inform the employees of the existing anti-corruption measures - from €1,000 to €25,000 (from 83,150 to 2, 078,750 rubles) for legal persons, from €1,000 to €2,500 (from 83,150 to 207,875 rubles) for natural persons.
The liability of legal persons arises in the event that an offence is committed by a member of the governing body, agent, representative or employee of the organisation in the exercise of relevant functions or on its behalf. However, the legal person is exempt from liability provided that the indicated individual acted deliberately against the orders and direct instructions of the organisation. When the violation can be remedied given the absence of a high degree of guilt and no record of the company being held liable for similar offences, the action on the case can be suspended until the measures for remedying the violation are taken and eventually dismissed once such measures are adopted.
The managers of the company, the official responsible for meeting the requirements of the compliance programme, and the individuals exercising the functions of management or control in the area of corporate activities where the offence occurred are subject to liability if they themselves commit an offence or fail to adopt measures for an immediate cessation of the offence which they are aware of.
Natural persons can be also held disciplinary liable, whereas the private sector organisations can be subject to such penalties as the publication of the judgement in a national, regional or local newspaper and on the official website of the National Anti-Corruption Committee (Mecanismo Nacional Anticorrupção – MENAC), depending on the gravity of the offence.
MENAC, whose establishment is also provided for by the law, will be an independent body enjoying administrative and financial autonomy and responding only to the Accounts Chamber. It will be empowered to:
- promote and control the implementation of corruption prevention measures in organisations;
- plan, control and supervise compliance of the organisations of the public sector with the legal requirements in partnership with the general inspections or equivalent bodies and the regional inspections, and submit requests to conduct inspection and auditing activities;
- initiate and adopt decisions on the cases related to administrative corruption offences, collect fines;
- transmit the cases having elements of criminal offences to the competent bodies and notify the Accounts Chamber of the offences of financial nature;
- assess the quality, effectiveness and frequency of the update of regulations adopted by the public sector organisations with a view to preventing corruption and related offences;
- support organisations in developing and implementing compliance programmes also by publishing relevant guiding principles and directives on the MENAC website;
- carry out awareness-raising campaigns aimed at preventing corruption offences; specifically, it will create a database of corruption offences and maintain a communications platform to encourage the exchange of information about strategies and best practices in the area of prevention, detection and suppression of corruption and related offences among the competent public bodies, and coordinate the development and implementation of monthly anti-corruption programmes;
- develop, promote or sponsor research, preparation of overviews and publications, organise training and other similar initiatives etc.
In spite of the fact that the law enters into force 180 days after it is published, i.e. on 7 June 2022, certain provisions will not be enforced immediately to allow time to the organisations to adapt them: in particular, the provisions regulating the liability for the failure to comply with the legal requirements will come into effect only a year after the law enters into force with this term being extended to two years for the private sector organisations which fall under the category of small and medium enterprises.