Risk prevention–based regulation: The importance of compliance programs in the context of the New Insolvency Code

The New Insolvency Code (“NIC”)[1] introduced several innovations to the traditional system of management and detection of company business crisis and insolvency by highlighting the central role of risk prevention and of the exchange of information between the various corporate bodies.

One of the most important innovations introduced by the NIC is concerned with amendments to the second paragraph of section 2086 of the Italian Civil Code,[2] which requires a company’s directors to (i) establish “organizational, management, and accounting structures” appropriate to the type and size of their specific company that can detect possible business crisis and the loss of status as a going concern in a timely manner; and (ii) adopt and implement the relevant tools provided by law to overcome such crisis and restore the activity of the company as going concern.

An organizational, management, and accounting structure is considered appropriate when the related directives and procedures ensure (i) that decision-making power is assigned to and effectively exercised by those with an appropriate level of skill and responsibility; (ii) thorough, prompt, and reliable recording and representation of management activities; (iii) provision and acquisition of valid information useful for management decisions; and (iv) the production of reliable data for the drafting of financial statements.

Moreover, through that structure, company directors shall ensure that potential financial crisis can be detected, and that the company shall continue to operate as a going concern. This means that it is necessary to implement an internal control system aimed at preventing the risk of crisis, which may be detected on the basis of specific indexes.[3]

The provisions of the NIC also require directors to intervene promptly when a crisis indicator has been detected; should they fail to do so, the Board of Statutory Auditors has the authority to inform directly the body for settlement of business crises (Organismo di composizione della crisi di impresa – OCRI), specifically introduced by the NIC.

Therefore, in order to be compliant with the system outlined by the NIC, it is essential to define and enforce adequate forms of internal control, ensuring prompt and efficient communication among the various company’s functions. In this respect, the experience of the organizational and management system provided by Legislative Decree No. 231/2001 may be considered a key benchmark.

An example of risk prevention–based regulation: Compliance programs pursuant to Legislative Decree No. 231/2001

An adequate organizational corporate structure is one of the pillars of corporate governance. Duties of organization are imposed to prevent risk and they represent safeguards for the business and are necessary for it to operate properly in the market, manage critical phases, and remain exempt from liabilities and consequent sanctions.

In this respect, compliance with Legislative Decree No. 231/2001 (“231 Compliance”) certainly plays an important role, since it is based on a duty for the company to adopt and effectively implement a compliance program (“231 Model”), in accordance with specific structures and standards, to prevent the commission of the predicate offenses set forth by Legislative Decree No. 231/2001.

This 231 Compliance is based on a risk prevention approach similar to that introduced by the NIC in general and specifically by section 2086, paragraph 2, of the Italian Civil Code.

Therefore, 231 Model  may be considered an important example for directors to follow in order to establish properly the structure required by the NIC and the Italian Civil Code.

In addition, 231 Compliance may be considered a model to be followed for the implementation of the NIC provisions in relation to the following specific aspects:

1. Effectiveness Requirement

According to Legislative Decree No. 231/2001, a company may not be considered criminally liable in connection to predicate offenses, but only if it adopted and effectively implemented 231 Model.

231 Model cannot be merely a paper compliance program, and it must be tailored to the company’s structure—this includes the areas of delegation of powers to specific roles and specific risk areas and activities. 231 Model  cannot be considered effective unless it establishes a culture of compliance reinforced by adequate training, oversight, and investigations to respond appropriately to red flags.

The same approach has been identified by the NIC. Pursuant to section 2086, paragraph 2 of the Italian Civil Code, organizational management and accounting structures aimed at promptly detecting a potential business crisis should be customized to the specific company’s business. Therefore, the directors shall identify a clear system of roles, delegation, and procedures aimed at facilitating clear identification of the tasks and consequent responsibilities of the subjects involved, as well as a set of directives, procedures, and practices aimed at ensuring that corporate reporting is not only reliable but complete, correct, and promptly performed, in compliance with the accounting standards adopted by the company (“Effectiveness Requirement”).

2. Proactive cooperation among corporate bodies

The Effectiveness Requirement must then result in practical implementation characterized by proactive cooperation between the various corporate bodies. In this regard as well, experience with 231 Model  may serve as a real-world example of how information flows within corporate bodies should work.

Under the system outlined by Legislative Decree No. 231/2001, a dedicated supervisory body (“231 Supervisory Body”) must constantly interact with various company divisions in order to carry out its principal task, i.e., monitoring how effective 231 Model  is in crime prevention and updating it as necessary. On the basis of the flow of information provided, the 231 Supervisory Body should periodically assess the risk of commission of crimes and ensure that the company applies effective controls to prevent that risk. Then, the 231 Supervisory Body shall communicate with management and the board of directors to ensure that any critical issues are handled. This means that the whole system for the exchange of information must be organized, prompt, and accurate.

In the system outlined by the NIC, the function of the 231 Supervisory Body is given to the internal and external auditors, who are identified as the main “supervisory players,” since they are the people charged with ensuring that the company continues to operate in economic and financial equilibrium and that it maintains an adequate structure; they do so by managing information flow and reporting anything that might reasonably be considered evidence of a business crisis to the board of directors.

The importance of establishing specific controls for the detection of business crises under 231 Model

The current emergency due to COVID-19 has undoubtedly had significant negative impact on companies’ business. As a consequence, the number of companies at risk of insolvency is likely to increase dramatically.

As a further consequence of the increased risk of insolvency, business misconduct aimed at postponing or concealing the occurrence of insolvency is also likely to increase. This may result in growing incidence of certain types of corporate crimes, such as false accounting and tax crimes.

Effectively organizing a company for NIC and 231 Compliance purposes means implementing a set of corporate oversight and information channels for preventing all possible risks (i.e., both insolvency and criminal liability) to which a company may be exposed. Indeed, if insolvency does occur, (i) top management may be considered civilly liable for not having adopted the structure provided by section 2086 of the Italian Civil Code; and (ii) the company may be considered criminally liable should a predicate offense indirectly connected to the insolvency (e.g., tax crimes, false accounting) set forth in Legislative Decree No. 231/2001 have been committed by its associates.

This means that assessment of the effectiveness of organizational, management, and accounting structures, as identified by section 2086, second paragraph of the Italian Civil Code, should also consider (i) the features of 231 Model effectively implemented by the company and (ii) cooperation, in terms of exchange of information concerning business crisis red flags between the 231 Supervisory Body and internal and external auditors and corporate bodies.

[1] Legislative Decree No. 14/2019, which will be fully implemented on September 1, 2021.

[2] Amended section 2086, paragraph 2, of the Italian Civil Code entered into force in 2019.

[3] The establishment and regulation of the specific indexes is under the auspices of the Italian National Accountants Committee. Some of those indexes, by means of example, are the following: (i) “sustainability of financial costs,” calculated as the ratio of financial charges to turnover; (ii) “assets adequacy,” calculated as the ratio of shareholders’ equity to total payables; and (iii) “liquidity,” calculated as the ratio of cash flow to assets.

Follow us on