The Role of Compliance Programs in Italian Counter-Corruption Policies

This paper offers a general overview on the Italian legislation regulating compliance programs. Even though the main relevant piece of legislation was adopted early, in 2001, after fifteen years its importance is becoming –– more and more patent. Although normative rules about compliance programs represent just a part of the Italian countercorruption policies, the structure provided under the 2001 Act (legislative decree no. 231), was extended also to public bodies and agencies that are not subject to that very same Act. Compliance programs were introduced beside the “quasi-criminal” liability of companies for their employees’ misconduct. The existence and the respect of a proper compliance program is the only viable defence for a company, if for example an act of bribery is perpetrated by an employee. What makes the Italian compliance programs regulation worth presentation is the particular relationship between corporations’ organizational duties, quasi-criminal liability and the Constitutional ban of any prosecutorial discretion (art. 112 It. Cost.). The outcomes of such synergy turn out to be peculiar, especially if compared to other realities, like the US federal one. Volume 5 • Issue 3 • 1000185 J Civil Legal Sci ISSN: 2169-0170 JCLS, an open access journal Volume 5 • Issue 3 • 1000185 J Civil Legal Sci ISSN: 2169-0170 JCLS, an open access journal Citation: Quattrocolo S (2016) The Role of Compliance Programs in Italian Counter-Corruption Policies. J Civil Legal Sci 5: 185. doi:10.4172/21690170.1000185 And some recent developments In the light of the previous basic elements, readers will not be surprised to discover that in the Italian legal system (as in Germany [1], and in other European countries owing to a Roman Catholic tradition), societas delinquere non potest, thus, societas puniri non potest [2]. If punishment is aimed to rehabilitation, criminal liability can only be strictly individual and corporations cannot be subject to it. This does not mean that the Italian penal system does not punish misconduct related to (or originated in) corporate activity. On the contrary: The Italian criminal code has always been rich in provisions punishing corruptive misdeeds and the number of the offences has increased during past decades. Nonetheless, those offences cannot affect legal entities: As already stated, according to the Italian Constitution, only individuals can be charged and convicted for their personal behaviour (art. 27 Cost.), rejecting as a consequence all sorts of strict liability in criminal matters. However, corporations can take considerable unfair advantage of an individual’s misconduct, whose punishment will not wholly satisfy the public opinion’s expectations [3]. In fact, especially after the recent economic crisis, a stronger feeling of deception has grown in the public opinion: Corruption does not only divert public wealth form legal and proper purposes, but it boosts the disproportion between the rich and poor [4]. For this reason, in many European countries, a parallel system of regulatory sanctions has been introduced to sanction corporations for the illegal disadvantage taken from the offences perpetrated by their employees [2]. The whole European area has recently been experiencing a trend eroding the customary principle of societas delinquere non potest [5]. Actually, the tool for that erosion was corporate compliance. On the one hand, it was exported to the Old Continent by multinational companies, desiring to uniform their operative rules. On the other hand, compliance was established, in some countries, through legal instruments [6]. This is what has happened in Italy, where legislation was adopted in 2001 as a measure to implement the 1997 OECD convention against the corruption of foreign civil servants. The d.lgs. 231/2001 (from now on, the 2001 Act) introduced the so called “corporations’ administrative liability” related to some specific offences perpetrated by their employees; beside the general establishment of such liability, the same decree also introduced a judicial procedure to asses it: That procedure is very similar to criminal trials. The competent jurisdiction is the criminal one, and the context of the “regulatory” assessment is the criminal proceeding itself, aimed to ascertain the perpetrator’s guilt. Thus, many Italian commentators affirmed that finally, societas puniri potest. For the aim of this paper, we will not linger on the quasi-criminal nature of the proceedings assessing corporate regulatory liability. Rather, we will focus on the relationship between compliance programs and companies’ (regulatory) roles in preventing corruptive crimes. Nonetheless, it is worth keeping in mind that such proceedings must respect all the constitutional principles cited above: The rules for adjudicating it have influenced, to some extent, the features of that liability itself. Analysis and Discussion of the Statutory Law Companies’ role in preventing corruption: The legal pattern of the ‘omitted control’ Even though it is clear that no convergence has yet been found on the definition of such corporate liability (is it truly regulatory, Page 2 of 6 or criminal in disguise? Or rather civil?), there is agreement among Italian scholars as far as the rationale of the regulation is concerned: The purpose of the 2001 Act is to involve companies in the pro-active prevention of some criminal offences [7]. It is a clear example of the legal transplant of a well-established American trend [8]: Through compliance, national jurisdictions defer to the private sector the duty to prevent corruption [9]. Nonetheless, the control of this “privately devolved” function is tailored upon traditional criminal patterns [10]. In fact, most of the rules provided by the 2001 Act are directly inspired by the general theory of individuals’ criminal liability, both from the objective viewpoint (causational link between fact and offender), and the subjective one (mens rea); as stated, even the procedural rules somehow overlap with the individuals’ trial discipline. The Act provides for some duties, the omission of which does not amount by itself to a crime (while the omission of the duties imposed, e.g., by the rules on occupational safety, does amount to a criminal offence); nevertheless, compliance to those duties is necessary to prevent regulatory liability under the 2001 Act. It must be clarified that the company can decide not to be compliant with the law: This behaviour will not amount to a criminal offence. But, if it is assessed that a corruptive fact has been committed within or on behalf of the company, the inconsistency will also determine the company’s regulatory liability. In such cases, no effective defence will help the company avoid regulatory liability, especially if the person convicted for the crime stands in a leading position within the company. As already said, the rationale of this statutory choice is to involve corporations in counter-crime activity: They are asked to prevent some crimes by adopting a compliance model; the enumeration of those crimes is provided by the very same 2001 Act (art. 24, 25), and their number has increased constantly through the years. Companies endorse an autonomous guarantor role in the prevention of crime by the active involvement of the individuals holding leading positions within them. This pattern underpins a certain amount of independence between the role (and the liability) of the company and the role of the individual whose offences the company must prevent [11]. If a crime occurs, both the company (that did not prevent it) and the individual (who committed it) will be charged respectively in a regulatory and a criminal proceeding, which will eventually be reunited. However, it is worth noting that the regulatory proceeding against the corporation can be held even if the perpetrator cannot be personally identified; s/ he cannot be held criminally responsible; s/he died; and, to a certain extent, even if the criminal offence prosecution is time-barred (art. 8 and 60). So far, the Italian model of compliance responds to a positive evolution of legal systems, along with the public opinion’s expectations: Corruption implies not only the gatekeepers’ penal liability, but also the whole collective organization’s responsibility [12].


Preliminary Notes Introduction
This short essay originates from an international research context.Being part of a group investigating anti-corruption policies, I needed to present the most relevant Italian regulation on the matter to foreign colleagues, who were not familiar with our legal order.The structure of this paper responds to the two challenging tasks I had to face in that context: First, to sketch out the main features of the Italian legal order, impinging also on counter-corruption policies; second, to describe briefly, but clearly, the most recent and meaningful relevant Italian legislation.In the light of such aims, I decided to waive a general overview of the classical tools provided under the domestic penal law (as most of the legal orders provide for criminal offences, punishing bribery, embezzlement and similar corruptive misconduct); rather, I deemed it more useful to focus on a recent trend plainly inspired by corporate compliance, which is certainly more familiar to commonlaw legal orders.Thus, the first part of this article is devoted to a very short introduction of the main features of the Italian criminal system.In fact, the corporate compliance program regulation is deeply related to it.The second part focuses on the importance of such compliance regulations as a means to contrast corruption: Special attention will be paid to how organizational patterns can be used as benchmarks in assessing quasi-criminal corporate liability, if employees commit one of the relevant offences.

Some fundamental features of the Italian criminal system
To the extent required by the scope of this essay, the Italian criminal order can be described, firstly, as a German tradition system, strongly inspired -both at the constitutional and at the secondary levels -by a strict rule of law.Nullum crimen, nulla poena sine lege, along with the individual personal responsibility and the rehabilitation purpose of punishment are the fundamental principles underpinning the whole system, which is based on the following major statutory sources: The Italian Constitution (adopted in 1948, the most authentic fruit of the republican reform, after WWII); the European Convention of Human Rights (having, according to a recent constitutional court interpretation, an intermediate position, below the Constitution and above Parliament law); the 1930 Criminal Code and the 1988 Criminal procedural Code.Quite surprisingly, the latter introduced (in the late '80s) an almost adversarial procedure, based on a strong distinction between the investigation (led by the prosecutor, with the help of the police), the preliminary hearing (judicial control on the prosecutor's investigation and indictment) and the trial phase (public, adversarial, to gather pieces of evidence through cross examination: see art. 111 Cost.).The traditional figure of the juge d'instruction was abandoned in favour of a more common-law inspired procedure.
As for the judiciary, prosecutors and judges share the same status of "magistrates".Magistrates' duties and qualities are mostly established by the Constitution itself.They are recruited among law school graduates through a public selection.At the end of a very selective procedure the successful candidates should decide whether to be a prosecutor or a judge.Both judges and prosecutors are completely independent from the other branches of the State: The Government, in particular, has no way of controlling or influencing -directly or indirectly -magistrates, whether judges or prosecutors.They are all subject only to a unique superior power: The law (art.101 co. 1 Cost).Thus, prosecutors do not have discretionary power in prosecuting an accused person (art.112 Cost.):If, at the end of the investigation, the prosecutor holds elements against the suspect, the latter must be indicted.There is no room for pre-trial bargaining or prosecution agreements in lieu of indictment: The suspect must face trial.At the most, by waiving some procedural rights (e.g., the right to be judged only upon evidence gathered adversarially), the defendant will be able to bargain for a reduced sentence, if deemed liable.

And some recent developments
In the light of the previous basic elements, readers will not be surprised to discover that in the Italian legal system (as in Germany [1], and in other European countries owing to a Roman Catholic tradition), societas delinquere non potest, thus, societas puniri non potest [2].If punishment is aimed to rehabilitation, criminal liability can only be strictly individual and corporations cannot be subject to it.This does not mean that the Italian penal system does not punish misconduct related to (or originated in) corporate activity.On the contrary: The Italian criminal code has always been rich in provisions punishing corruptive misdeeds and the number of the offences has increased during past decades.Nonetheless, those offences cannot affect legal entities: As already stated, according to the Italian Constitution, only individuals can be charged and convicted for their personal behaviour (art.27 Cost.),rejecting as a consequence all sorts of strict liability in criminal matters.However, corporations can take considerable unfair advantage of an individual's misconduct, whose punishment will not wholly satisfy the public opinion's expectations [3].In fact, especially after the recent economic crisis, a stronger feeling of deception has grown in the public opinion: Corruption does not only divert public wealth form legal and proper purposes, but it boosts the disproportion between the rich and poor [4].For this reason, in many European countries, a parallel system of regulatory sanctions has been introduced to sanction corporations for the illegal disadvantage taken from the offences perpetrated by their employees [2].The whole European area has recently been experiencing a trend eroding the customary principle of societas delinquere non potest [5].
Actually, the tool for that erosion was corporate compliance.On the one hand, it was exported to the Old Continent by multinational companies, desiring to uniform their operative rules.On the other hand, compliance was established, in some countries, through legal instruments [6].
This is what has happened in Italy, where legislation was adopted in 2001 as a measure to implement the 1997 OECD convention against the corruption of foreign civil servants.The d.lgs.231/2001 (from now on, the 2001 Act) introduced the so called "corporations' administrative liability" related to some specific offences perpetrated by their employees; beside the general establishment of such liability, the same decree also introduced a judicial procedure to asses it: That procedure is very similar to criminal trials.The competent jurisdiction is the criminal one, and the context of the "regulatory" assessment is the criminal proceeding itself, aimed to ascertain the perpetrator's guilt.Thus, many Italian commentators affirmed that finally, societas puniri potest.
For the aim of this paper, we will not linger on the quasi-criminal nature of the proceedings assessing corporate regulatory liability.Rather, we will focus on the relationship between compliance programs and companies' (regulatory) roles in preventing corruptive crimes.Nonetheless, it is worth keeping in mind that such proceedings must respect all the constitutional principles cited above: The rules for adjudicating it have influenced, to some extent, the features of that liability itself.

Companies' role in preventing corruption: The legal pattern of the 'omitted control'
Even though it is clear that no convergence has yet been found on the definition of such corporate liability (is it truly regulatory, or criminal in disguise?Or rather civil?), there is agreement among Italian scholars as far as the rationale of the regulation is concerned: The purpose of the 2001 Act is to involve companies in the pro-active prevention of some criminal offences [7].It is a clear example of the legal transplant of a well-established American trend [8]: Through compliance, national jurisdictions defer to the private sector the duty to prevent corruption [9].Nonetheless, the control of this "privately devolved" function is tailored upon traditional criminal patterns [10].
In fact, most of the rules provided by the 2001 Act are directly inspired by the general theory of individuals' criminal liability, both from the objective viewpoint (causational link between fact and offender), and the subjective one (mens rea); as stated, even the procedural rules somehow overlap with the individuals' trial discipline.
The Act provides for some duties, the omission of which does not amount by itself to a crime (while the omission of the duties imposed, e.g., by the rules on occupational safety, does amount to a criminal offence); nevertheless, compliance to those duties is necessary to prevent regulatory liability under the 2001 Act.It must be clarified that the company can decide not to be compliant with the law: This behaviour will not amount to a criminal offence.But, if it is assessed that a corruptive fact has been committed within or on behalf of the company, the inconsistency will also determine the company's regulatory liability.In such cases, no effective defence will help the company avoid regulatory liability, especially if the person convicted for the crime stands in a leading position within the company.
As already said, the rationale of this statutory choice is to involve corporations in counter-crime activity: They are asked to prevent some crimes by adopting a compliance model; the enumeration of those crimes is provided by the very same 2001 Act (art.24, 25), and their number has increased constantly through the years.Companies endorse an autonomous guarantor role in the prevention of crime by the active involvement of the individuals holding leading positions within them.This pattern underpins a certain amount of independence between the role (and the liability) of the company and the role of the individual whose offences the company must prevent [11].If a crime occurs, both the company (that did not prevent it) and the individual (who committed it) will be charged respectively in a regulatory and a criminal proceeding, which will eventually be reunited.However, it is worth noting that the regulatory proceeding against the corporation can be held even if the perpetrator cannot be personally identified; s/ he cannot be held criminally responsible; s/he died; and, to a certain extent, even if the criminal offence prosecution is time-barred (art.8 and 60).So far, the Italian model of compliance responds to a positive evolution of legal systems, along with the public opinion's expectations: Corruption implies not only the gatekeepers' penal liability, but also the whole collective organization's responsibility [12].

Companies affected
As for the companies concerned, the 2001 Act relies on a general distinction between public bodies and private companies (art.1).
Among the public entities, the Act affects neither the State, the Regions, the Provinces and the other public entities having a territorial standing, nor the public bodies having constitutional relevance (e.g.CSM, Consiglio superiore della Magistratura ) or public entities without economic relevance (e.g.tourist offices).Public entities with economic relevance (e.g.ENI, FINMECCANICA) are affected by the 2001 Act.In fact, it is possible to argue that these are very special companies: Even though they are part of the public system and subject to public scheme of failure in preventing a relevant crime.The fault depends on the assessment of the company's failure in preventing an employee's criminal behaviour (both in a leading or in a subordinate position) acting on the company's behalf or in its interest.The fault can be severe: as a result, harsh sanctions can be applied to the company.
To avoid regulatory liability, companies are requested to adopt two tools (failing to adopt these tools the company will not be allowed to defend itself from the charge of failure in preventing the employees' crime): 1) The adoption of an adequate compliance program; 2) The creation of a supervisory board, in charge of patrolling the application and the adequacy of the compliance program.
As for a compliance program, the 2001 Act refers to the management realm, that is to say that it does not interfere in regulating the individuals' roles in the company (who does what?) but rather affects the plan of the organisation of each company's activity: How must that activity be organised to achieve the desired purposes?With regard, for instance, to the prevention of bribery risks, a compliance program will set forth patterns of how to properly treat with public bodies and agencies.In the light of this purpose, the protocol will not impose any specific behaviour (e.g. to establish, among the employees, who is in charge of a specific activity); it will rather suggest the best way to act with regard to some particular activities, e.g.suggesting which is the most suitable category of employees with regard to a particular activity (in a bribery prevention framework, the employees who will deal with the police during a search should be individuals who have no commitment with direct payments, who have never undergone sanctions -not even disciplinary -, for facts related to bribery ).
The compliance program should be able to guarantee respect of the law and to prevent crimes, or, at least, to convince the judge adjudicating the case that it is suited to such purpose [13].When a crime is committed by an employee in a leading position, the company can be released from regulatory liability only if it proves that the employee intentionally disregarded the compliance program.It is, in fact, an indirect proof of the effectiveness of the compliance model: If the employee had not intentionally breached or ignored the compliance program, the latter would have prevented crime, demonstrating its efficiency.In fact, to be consistent to the 2001 Act, companies must consider that the adoption of the compliance program does not suffice: The model must be effectively applied.
The compliance program must be observed and respected by all the employees, all along the management chain.In other words, companies must be very careful in implementing the program.In fact, its adoption by itself only means that the company is aware of the risks of misconduct.Nonetheless, corporations will not fulfil their duty to comply with the 2001 Act only by adopting a list of abstract precautionary rules [13].What is relevant to avoid a regulatory conviction is the effectiveness of the program.Through a complete process of its implementation at each level of the organization, companies can demonstrate that the miscarriage was due to the employee's intentional behaviour.

The construction of a compliance program
Art. 6 of the 2001 Act establishes the essential elements of a compliance program.First and foremost, the article clearly excludes the viability of a general compliance model: the program must suit the specificity of each company.Letters a and b of art.6 state that: the compliance program must assess in each company the risk areas for the commission of crimes; moreover, it must provide for protocols to law rules, they are held in respect of the market criteria.As for private companies, the 2001 Act affects a very large number of these, regardless of legal personality.The only relevant criterion is that they must have an autonomous organisation, albeit embryonic.It must be said that, in the private sector, only individual enterprises are not touched by the 2001 Act.In fact, in these cases, no distinction would be possible between the company and the individual in charge of it; thus, no distinction could be possible between regulatory and criminal liability because the same person would be punished both criminally and administratively, with a patent violation of the principle of substantive ne bis idem.
However, two kinds of remarks must be made from the "subjective" point of view.On the one hand, it is worth noting that in Italy, as in many other European countries, the productive framework is mostly composed of medium-sized and small-sized enterprises.Unfortunately, according to the Italian regulation, the burden of the commitment to compliance is not tailored on the company's size, but generally set for all the entities subject to it.The duty to comply with organizational models or programs under the 2001 Act can seriously affect the smallest of the Italian companies [9].
On the other hand, the Italian economic fabric (opposed to the productive one) is mostly dominated by the public sector.In the current years of "spoilt capitalism", the entrepreneur faces the public administration rather than the market.Moreover such phenomenon was strengthened in recent years by the strong commitment of major entrepreneurs in politics [4].As a result of law no.190/2012, the majority of the public entities that were not affected by the 2001 Act has recently been subject to similar organizational duties [13].

'Corruptive crimes': A convergent view-point
Many of the criminal offences that underpin companies' regulatory liability correspond to a 'corruptive scheme'.Originally, those offences were all listed in art.24 and 25 of the 2001 Act and had in common the element of bribery.Later, many other offences were added to the list, which is now rather long and no longer homogeneous.Nevertheless, the original normative pattern is still very meaningful.In fact, in a recent document, the Italian Public Function Department stated that: "In the light of the recent law 190/2012 the concept of bribery must be largely intended.It affects any behaviour adopted by an administrative body that, in its ordinary activity, exploits its powers with the aim to receive a form of private, individual undue advantage".Also actions that do not amount to one of the crimes punished under art.218, 319 and 319 ter of the Penal Code must in any case be considered to have corruptive relevance.Even though the Italian Supreme Court [14] has often ruled that the 2001 Act application is subject to strong respect of the rule of law, bribery is not only the conduct that amounts to one of the crimes foreseen by the Penal Code (Title II, Part I): Every hypothesis of mala gestio of the public functions, securing a private advantage, responds to the corruptive pattern.
In the light of these remarks, the rationale of the progressive enlargement of behaviours relevant to the application of the 2001 Act is clear.A company's regulatory liability can rise, not only with regard to behaviour amounting to a bribery, but also amounting to an 'undue reception of public money', 'fraud to the State' (see art. 24 l.231/2001), 'public extortion' and 'induced bribery' (art.25).Generally speaking, (almost all) the actions causing individuals' criminal liability can also cause the regulatory liability of the company which those very same individuals are part of.

The compliance program
The pattern of a company's regulatory liability is tailored upon the guide the company's decision in order to avoid and prevent crimes.
Risk assessment is actually a basic activity.This is a pivotal aspect in the construction of a compliance program, underpinning strong familiarity with the history of the company, of its management and of its activity: All these points are fundamental in assessing the existence of a risk for the commission of crimes, relevant to the 2001 Act.So far the risk of criminal misbehaviour can hardly be distinguished from general economic and financial entrepreneurial risks [15].Especially within big corporations this activity is tantamount to an enormous range of information, which is normally gathered through an 'interview'.This is usually realised through several questionnaires, to be submitted to the different ranks of the company's employees, in order to map out their specific activity and working tasks.The questionnaires must be targeted, first and foremost, on the general framework of the company's activity and on the specific range of crimes that could affect that entrepreneurial area.For example, to prepare a compliance program for a company producing automotive spare parts, it will be necessary to first explore the particular management of the company and then to analyse its relationship with public authorities and agencies, in order to detect any 'sensible areas'.This is the only means of identifying and assessing the effective impact of bribery commission risk and of pointing out the best solutions to prevent it.Business accounting and legal expertise are fundamental in detecting crimes that might be 'hidden' in the fabric of companies' economic management.Especially with regard to counter-bribery policies, it is important that companies rely on practitioners' expertise, in order to assess the real crime risks, also those hiding in practices and habits that would not appear relevant prima facie.
Then, the program must assign an 'incidence-score' to the risk related to each possible crime.This can be a very complex task because it is practically based on prediction forecast of the advantages that the company could actually reap from the perpetration of that very same crime: For such a forecast an accurate reconstruction of the company's history is necessary.
On the basis of the 'incidence-score' a specific protocol should be realised in order to prevent possible crimes.To achieve maximum effectiveness protocols must comply with standing management organisation: It would be useless (or even dangerous, in the light of the 2001 Act) to introduce protocols if you and your employees are totally unfamiliar with it.In fact, the more the program complies with the existing habits and practices, the higher the level of effectiveness that it will achieve.
With regard to counter-bribery policies, penal and general management experiences suggest keeping in mind some general but fundamental points.First of all, it is wise to devolve the protocol control on an employee who does not usually deal exclusively with public bodies and agencies.It is more convenient to entrust the supervision of the protocol implementation to a lower-ranking employee to deal with the Administration: This is a way of fostering the effectiveness of the control.Furthermore, at least two persons should relate with the public administration.In this way no individual will hold autonomous power to spend money.It is also necessary to create a data base of all the events in which contact with the public administration occurred in order to make some information available: Who are the individuals that managed the relationship with the public administration?What was the reason for that relationship?How long was it and what were the results?Was there a litigation?How was it settled?Keeping these elements in mind, it is important to stress how different a compliance program must be, whether adopted for a company whose tasks are public procurements, or for a automotive body-shop company.Starting from a common core of matters (both entities are subject to public agencies' control, for tax reasons, but also for occupational safety reasons), the risk assessment will differ considerably: Only the former company is constantly involved in economic links with the public administration, while the latter can be touched by it only occasionally.As a consequence, the compliance programs should be very different.

The "supervisory board" (Organo di Vigilanza, O.d.V.)
A very relevant role in the implementation of the compliance program is played by the 2001 Act "supervisory board".Actually, this body can be both individual or collegiate (the latter is more suitable, anyway).It is possible to affirm that the so called O.d.V. is a "genuine" Italian tool [16].In fact, while the concept of compliance program as a machinery to prevent crime risks has patent anglo-american origins, the supervisory board, as provided for in art.6 of the 2001 Act, is quite peculiar, rather unique [17], having inspired other foreign legislations (see the Spanish Ley Organica 1/2015).The reason for such singularity is that, usually, the due diligence defence covers only lower employees' misconducts: under the Italian 2001 Act, it may cover also the managerial liability.Thus, the need to introduce a new body, able to control -from above and independently -the senior management and the statutory auditors board [18].So far, the Italian O.d.V. is neither a supervisory board under, e.g. the German Stock Corporation acts (having no relationship with the management board, except the duty to control it), nor a "compliance officer" or "department".Even if the US Federal Sentencing Guidelines for Organizations (FSGO Chapter 8, § B2.1) do not refer expressly to the compliance officer, they suggest a different pattern from the O.d.V. one.In the federal scheme, in fact, the governing authority and the high-level personnel share a trifold duty to implement the compliance and ethic program: however, they are all part of the corporate organization and they have a economic role in it.
In fact, in a great number of legal orders, legal compliance is considered to be a duty of executive directors.But not in Italy.The O.d.V. was born as an hybrid body, being independent both from the governing authority and from the auditors board.Only after a recent statutory amendment (2011), under art.6.4 bis of the 2001 Act it is possible to merge the functions of the O.d.V. with the ones of the auditors board.However, this option does not seem suitable, as different professionals are requested in the O.d.V., having not only management skills, but also solicitors, criminal lawyers, qualified accountants, occupational safety experts, as the specific task of the O.d.V. is to assess the effectiveness of the compliance program to prevent a large number of crimes.
In fact, from an independent standing-point [17] the O.d.V. has the trifold task to: a) assess compliance with the program; b) scrutinize effectiveness of the compliance program itself; c) take care of its progressive updating.
Under the first task the board should receive regular reports about the application of each single protocol of the program, from the employees entrusted to that duty; the board should also organise an auditing activity, both scheduled and not scheduled, in order to be able to evaluate the model's effectiveness.Under all the three tasks, the body must be able to operate proprio motu.
Even if the idea of a truly independent supervisory board has a pivotal role in the effectiveness of the compliance program, under the 2001 Act very few statutory rules are dedicated to it.Unluckily, no mention is made of its composition, nor of the link between the board itself and the company's general management.
Such relevant normative gaps were, by the way, filled by the praxis (through the practitioners usually in charge of preparing compliance programs: mostly solicitors and business accountants) and by the courts' case-law.Unfortunately the Supreme Court tends to over-extend the duties of the board: According to the most recent case-law [14], the Court demands a high level of commitment from the supervisory board in the general management, it is to say in the adoption of discretionary evaluations and decisions [13].However, the supervisory board does not hold such power/duty: It cannot/should not prevent the company from taking economic and managerial decisions, even if these may create criminal risks.This means that the board does not have a duty to prevent crimes: Its task is fully accomplished by supervising the implementation and the effectiveness of the program.It is worth noting that art.40.2 of the Italian Criminal Code provides for a general model of "duty for preventing crimes", by providing that «failing in preventing a fact that the individual has the legal duty to prevent, corresponds for that individual to perpetrate it».Such «legal duty» has never been expressly established on the O.d.V. members, neither by the 2001 Act nor by any following amendment.Nonetheless, as said above, the evolution of the most recent jurisprudence is not encouraging, almost recalling the case-law related to auditors boards (which are different and independent from the O.d.V.).In fact, since some years, the Italian Supreme Court started ruling that auditors have a duty to prevent crime under art.40.2 ICC, even if such a legal duty is not expressly provided by the law.Such opinion, being strongly criticized by scholars, was recently applied also to the O.d.V. members, pretending that they have the duty to intervene on some aspects of the government policy, which should, conversely, be considered an exclusive discretionary power of the executive board.This jurisprudence sounds similar to the German BGH trend underpinning that the compliance officer has an indirect duty to prevent criminal facts, as Garantenstellung.
Concluding, on the one hand, such direct commitment of the O.d.V. in preventing crimes is not expressly provided by the law; on the other hand, it is undesirable: It would involve the "supervisory board" in managerial decisions, depriving it of its fundamental character of impartiality [13].

What next? The importance of training and of information
A fundamental aspect in the construction of a compliance model is represented by the training and by the information of all employees.Nonetheless, the 2001 Act does not provide for specific measures to disseminate the program.
As the area of occupational security demonstrates, prevention is impossible without a strong commitment to a training protocol.Training is deemed unavoidable in preventing workers' accidents.As for counter-corruption normative policies, information and training seem to assume more and more capital importance.Information has a very relevant role in assessing mens rea in regulatory proceedings.
Even if informing people about corruption may seem very elementary, it is crucial for several reasons.First of all, information is useful to spread a common sensitivity for actions amounting to bribery (it is not possible to say that a common perception of the phenomenon does actually exist), according to the courts' case-law.Second, it is important to give accurate information about the content of the protocols, which make up the compliance program.
Training and informing are fundamental activities, both from a general viewpoint (the legislator's), and an individual viewpoint (the single company's).With a decent basis of information and training, individuals are able to detect bribery-risky behaviour, even in those acts that are not usually perceived as relevant (e.g. the exercise of discretion in administrative activity).
Thus, on the one hand, fostering training and information, even if not expressly provided under the 2001 Act, can assure the compliance program the prescribed effectiveness: This will help the judge in ruling positively on the company's respect of it.Nonetheless, on the other hand, the more employees are informed and trained in singling out risky attitudes and behaviour, the easier the assessment of mens rea in the perpetration of the corruptive misconducts will be.Thus, as a paradox, the area of the companies' liability could be enlarged as a result of the employees' training and information [7].

Conclusions Some concluding remarks
This short essay gives an example of one of the most important recent transplants from one legal family to another.As reported, company compliance, imported from the American (federal) legal order [3], was able to erode the historical European attitude to the matter of corporate liability for criminal acts.The current Italian legislation seems to be an interesting compromise between two different approaches: Without establishing a formal criminal liability for legal entities, the 2001 Act provided for a comprehensive set of rules, finally filling a gap.Especially with regard to corruptive misconducts, a perpetrator can rarely be identified as a single person [19]; or, if identified, s/he often cannot be considered the real beneficiary of the results of the bribe.These fall back, instead, on the company as a whole [11].In these cases, the tools of traditional penal law are unsatisfactory or insufficient: The regulatory liability established in d.lgs.231/2001 covers that area of inconsistency, introducing severe requirements and harsh sanctions for non-compliant corporations.
At the moment, three interesting trends can be singled out.First, the transplant is very challenging: Fifteen years have elapsed since the entry into force of the 2001 Act, and the reactions of the Italian economic stakeholders are still limited.Companies are not yet used to the idea of a legal duty to adopt organizational patterns: They are still "getting ready" for it.Second, the transplant, though challenging, seems to be satisfactory as the model of the compliance program was somehow extended also to bodies that are not subject to the 2001 Act.Third, the Italian case-law about companies' regulatory liability is still a "green fruit".We can expect some very interesting rulings in the near future.Local courts and prosecution offices still need to "get used" to this recent, very peculiar, quasi-criminal proceeding: In a short period of time we will be able to read interesting judgments -the consequence of that transplant -and a new area for comparative analysis will be established.