Independent third party assessments a sine qua non-requirement for a crime prevention model to be considered effective.

BY FRANCISCA FRANZANI

With regard to the entry into force of Chile’s Economic Crimes Act, which modified the regulation of the criminal liability of legal persons, we have seen that many companies, in a responsible manner, and some well in advance, updated their crime prevention models in line with the standards required by this new regulation.

As of September 1, 2024, when the law came into force for legal persons, we have seen that a second phase of concern has begun for companies and boards of directors regarding the definition of the most suitable independent third-party evaluator to audit the model and the frequency to be considered for this evaluation.

In this context, and with no clear answer yet, it is possible to point out that the main authors who participated in the drafting of the law modified the concept of certification, thinking that what will really ensure that a crime prevention model works is an in-depth audit, ideally carried out by experts, who not only correctly manage the criminal risks that the company could face, but who also know the line of business and the activities carried out by the organization.

However, on February 7 this year, the Financial Market Commission (CMF), in its judgement n° 31445, clearly stated that risk classification companies are exclusive purpose entities. Since evaluating prevention models is a complementary activity, such companies would not include this line of business. In this sense, although there is no certainty as to who the correct evaluators are, there is already a pronouncement of who is not.

However, given that there is no judicial precedent in our country and that the Law is quite recent, we must ask ourselves what a Court will assess in the face of a potential lawsuit against a certain organization in order to define whether the model adopted, in addition to being efficient, had a correct assessment by an independent third party.

In this context, the key will be that the assessor has knowledge of the law and criminal risks and, at the same time, knows the business, the activities and the risks it faces daily. For this reason, many recognized authors have also established that, although this third party should not be the one who developed the model, it can be the one who regularly audits and advises a company on compliance risks. On the other hand, another element to consider is the frequency with which these assessments are carried out. On this point, the Law does not establish a specific period either. Still, it has been suggested that it should be between one and two years, depending on the size of the organization and the regularity with which the controls are monitored by the different areas.

Thus, there is no doubt that one of the legislator’s motives for broadening the spectrum of assessors by modifying the concept of ‘certifier’ was to make it easier for companies to have proper audits of their models, which prove not only the existence of formal controls such as policies and procedures but also the existence of an understanding and interest of the members of the organization in knowing and complying with the model adopted by the company.

Francisca Franzani is the Chile-based partner and US-LatAm practice group regional co-leader for white collar at DLA Piper.

More Perspectives