The criminal liability of companies and organizations in Italy. What is Decree 231/2001?

The criminal liability of companies and organizations in Italy. What is Decree 231/2001?
Stefano Pipitone
3rd of November 2019

Legislative Decree 231/2001 radically changed the corporate world in Italy. Organizations that do not protect themselves with the 231 Organizational Models and the Supervisory Body are subject to independent criminal liability.

Perhaps not everyone knows that the criminal liability of companies has been introduced in our country.
This is an autonomous responsibility of the organizations (corporations, companies, even associations), which is added to that of the private individual who has committed the crime (manager, employees or stakeholders).

Legislative Decree 231/2001 has a system of penalties which, in the event of conviction, subjects the company to financial penalties (pecuniary penalties ranging from € 24,700 to over € 1,500,000), to which can be added interdictory penalties (such as the suspension of business) or the revocation of authorisations, to name but a few.
As with all companies that carry out their business or social activities through authorizations, accreditations or agreements, the risk of being subject to interdictory penalties is undoubtedly the most important profile.

Let’s try to bring clarity to a discipline as important as it is unknown to most people.
This law was introduced in Italy with Legislative Decree 231/2001, which regulates the “Administrative liability of entities”.
Even if the official tag defines it as an administrative responsibility, in reality it is in all aspects a criminal responsibility, both in substance and in the procedural aspects.

In fact, Legislative Decree 231/2001 provides for an autonomous form of responsibility on the part of companies when three conditions are met.

First. Pre-established list of crimes

The fact of crime must be included among the so-called pre-established list of crimes.
The Decree provides for a specific and detailed list of crimes (indicated in an imperative list) in the presence of which the responsibility for the facts is also extended to the Organization (company or association).
This article is intended only as a general disclosure; to give an idea of the extent of the rule is sufficient to refer to the areas of crimes that are relevant for the purposes of Legislative Decree 231/2001:
– Offences against the Public Administration (corruption, fraud against the State, etc.)
– Corporate offences (false corporate communications, illegal distribution of profits, corruption among private individuals, etc.) )
– Tax offences (false invoices)
– Offences committed in violation of the regulations on the prevention of accidents and the protection of the health of workers
(injury and manslaughter)
– Offences of receiving stolen goods, recycling, self-recycling
– Environmental crimes (environmental disaster, soil discharge, unauthorised waste management, illegal trafficking, etc.)
– Market abuse
– Computer crimes and illegal processing of data
– Offences against industry and trade
– Offences against the individual personality
– Offences relating to infringement of copyright
– Employment of illegally staying third-country nationals

Second. Interest or advantage of the company.

The crime must be committed in the interest or to the advantage of the company.
The mere commission of the offence, in itself, does not take on automatic significance.
For example, think of an inspection by Public Officials (ASP, Fire Brigade, Police) and an attempt to bribe the Public Official to prevent him from detecting an infraction committed by the company. Or the violation of safety regulations to reduce business costs. Or to real false statements used as a means of fraud against the State.
In all these examples, the offence is committed in order to achieve an interest of the company or, in any case, the company gains an advantage.

On the other hand, a crime outside the list of predicate offences (requirement no. 1) or committed for the exclusive benefit of a private individual (and from which the entity does not derive any advantage) will not take on any significance.

ThirdlyOrganization and Control Model and Supervisory Body

If the first two requirements are met, the responsibility of the company is assumed if it has not adopted an Organization and Control Model (drawn up according to the parameters of Legislative Decree 231/2001) and has not appointed a special Supervisory Body.

In short, even in the presence of a pre-conditional crime, from which an advantage may derive for the company, the company is protected from all forms of responsibility if it has adopted an Organisation, Management and Control Model (MOG or MOGC) and has appointed a Supervisory Body ( ODV).
In this way, Parliament wanted to avoid creating a form of strict liability, which automatically takes place to the detriment of companies for the simple commission of a crime. The legislator’s intention is to punish only those companies that do not have a specific “virtuous” organisation, by adopting a MOG and setting up a ODV.

The Organisational Management and Control Models are in fact calibrated to the specific activities of the company, mapping all areas of activity according to the risk of committing crimes. After an initial phase of study and analysis of production processes, operating procedures and remuneration systems, the chain of command, delegation system, supervisors and consequent responsibilities, a company organisation is adopted that complies with the principles established by Legislative Decree 231/2001.

The adoption of an effective and effective MOG acts as a protective shield for the company from all cases of commission of crimes.
The ODV, which is independent and autonomous from the company administration, has the task of supervising the effectiveness of the models, the effectiveness in practice in company life and also has the power to supervise the concrete application of the model, as well as to carry out inspections.
The need for vigilance is particularly felt because the Model, in order to perform the function of exemption from criminal liability, must be effective and effective (updated, calibrated to the concrete characteristics of the Body, employees must be trained on Legislative Decree 231/2001).
Otherwise, the risk is that the MOG does not save the company from liability.

This rigorous approach of the judiciary was necessary to respond to the proliferation of pre-packaged MOGs, sold on the market at little price to allow companies to meet only formally the obligations 231/2001, often required by the Public Administration.

In addition to protection from liability for crimes, there are further benefits from the adoption of MOG and ODV.

Above all, the activity of identification, analysis and management of the risk of crimes (risk analysis and risk assessments) that is carried out within the scope of Legislative Decree 231/2001 contributes to improving the efficiency and productivity of the company, because all the activity is aimed precisely at reducing the risk of crime.

From the point of view of corporate governance (Board of Directors or CEO), assessing the opportunity to bring the company into line with the provisions of Legislative Decree 231/2001 protects the directors from possible actions of responsibility.
The choice of compliance with Legislative Decree 231/2001, in fact, is part of the general duty to adequately organize the company that is managed.
For this reason, the Supreme Court of Cassation has stated that the director is answerable on his own account when he has failed to assess the advisability of setting up company controls for the prevention of the crimes covered by the decree.
The importance of the system is so evident that INAIL has induced it to offer special facilities for companies that comply with the 231/2001 models.

Having a MOG 231/2001 also has a positive impact on the so-called legality rating, introduced by the Antitrust Authority.
The legality rating is an indicator with which the AGCM (Antitrust Authority) recognizes companies that pay particular attention to the proper management of their business an acknowledgement, attributing the so-called stars of legality (from 1 to 3). The benefits are reputations, but also access to public funding from the PA or banks and, sometimes, are noted on the ability to contract with the PA.
In this context, the adoption of MOG and ODV allows ( according to art. 3, paragraph 2, let. c) of the Regulation) to obtain the attribution of a star of legality.

In conclusion, in consideration of the discipline introduced in Italy by Legislative Decree 231/2001 and the risks related to the criminal liability of the company, as well as the advantages of the MOG, it is now prudent to seriously consider the opportunity to provide the company or association with a valid system of governance and control in accordance with Legislative Decree 231/2001.

For further information, please write directly to