On June 7, 2022, the general corruption prevention regime (RCPC) came into force in Portugal, through the Decree-Lei No. 109-E/2021[ARP1] .
Characteristics of the RCPC of Portugal
According to the legislation, the Portuguese RCPC will apply to the following entities (covered entities):
- Legal entities with registered office in Portugal and branches in Portugal of legal entities with registered office abroad, provided they have fifty or more workers.
- The services and legal entities of the direct and indirect administration of the State, of the autonomous regions, of local entities and of the public business sector, provided they have fifty or more workers.
- Independent administrative entities with functions of regulating economic activity in the private, public and cooperative sectors.
For covered entities, the regime involves the adoption of certain measures aimed at providing the organization with a Model of Compliance for the prevention of risks of corruption and other related infractions. This Model must also include a code of conduct, a training program and a reporting channel to prevent, detect and punish acts of corruption and related infractions.
As occurs in the Crime Prevention Models provided for in the Spanish Penal Code[ARP2] , the Portuguese regime also provides for the appointment of a Compliance Officer who, independently and autonomously, guarantees and supervises the application of the Compliance Model. Compliance.
The organizations to which the Law applies will have the obligation to identify, analyze and classify the risks and situations that may expose them to acts of corruption and related infractions, as well as to establish preventive and corrective measures to reduce the probability of occurrence and the impact of the risks and situations identified.
Control by the Portuguese authorities
The application of the RGPC is supervised by the National Anti-Corruption Mechanism (MENAC), which also verifies the respective infractions and processes the application of the corresponding fines.
Failure to comply with the duties established in the Law may constitute the commission of an administrative infraction that entails fines and possible accessory sanctions.
Main new features provided by the RGPC in terms of Compliance
As can be seen, the Portuguese GDPR is configured as a mandatory application regime for covered entities, which focuses on the risks of corruption and related infractions. Failure to adopt the planned measures may generate administrative infractions.
Particularly noteworthy is the scope of application of the Law, which also covers branches in Portugal of foreign legal entities. This will entail the need for certain Spanish entities, which have branches in Portugal, to implement Compliance specifics, or to review their current models of Compliance, for the purposes of aligning them with the requirements demanded by the Portuguese GDPR.
Finally, the responsibility of the Compliance Manager is striking, not only to supervise the application of the Model, but also to guarantee it. This novelty, together with a recent agreement adopted by the United States Department of Justice (DoJ) and the Glencore entity[ARP3] , which holds the Compliance Officer (CCO) to certify the implementation and maintenance and of a Compliance, are worrying regarding a possible expansion of the tasks of the CCO and, therefore, their responsibility.
If you found this article interesting and you are interested in getting to know the world of Compliance, we invite you to request information about our Master in Business Administration Compliance and Data Protection.
[ARP1]First hyperlink.
[ARP2]Second hyperlink.
[ARP3]Third hyperlink.
