10. Selling Integrity

Integrity as a key part of the business

To succeed in the market today, a company must pay attention to several variables, including investments, control of revenues and expenses, customers, competitors, suppliers, innovative production processes and compliance with applicable legislation.

Another element that has been gaining importance for organisations that wish to have business continuity is ethical and transparent behaviour in commercial relationships.

The development of this behaviour occurs by incorporating an ethical culture in the company’s employees, from senior management to professionals working in the production and services areas. One way to implement such a culture in an organisation is through the structuring of a compliance (or integrity) programme. This parallels the management systems already known by organisations in quality, environment and occupational health and safety, considering that the resulting actions resulting are aimed at the prevention, detection and correction of potentially harmful acts.

How to turn compliance into a business strategy and use it to your advantage

The most well-known standards that regulate ethical business conduct necessitate implementing an effective compliance programme to satisfy particular requirements. The most important international standards include the following:

  • US Foreign Corrupt Practices Act (FCPA):[2] Although the FCPA’s anti-bribery provisions do not expressly require implementation of a compliance programme, the sanctions imposed on a company that violates this law typically are harsher if the company previously lacked an effective programme. Additionally, issuers of US securities are subject to the FCPA’s accounting provisions, including requirements regarding internal accounting controls. According to the Principles of Federal Prosecution of Business, three of the nine principles that must be taken into account when deciding to bring a criminal action for violation of the FCPA concern previous compliance mechanisms in the company, namely: (1) complicity of or the condescension by management regarding acts of corruption; (2) the existence and effectiveness of a pre-existing compliance programme; and (3) the remedial measures adopted by the company after identification of the practice of corruption, which include the adoption or improvement of a compliance programme.
  • UK Bribery Act (UKBA):[3] UK law implicitly recognises that it is impossible to prevent absolutely possible acts of corruption. For the corporate offence of failing to prevent bribery, the only enumerated defence is proof that a company previously had adopted adequate procedures designed to prevent bribery. A company that demonstrates a structured and effective compliance programme may avoid liability.

In Latin America, specifically, there are also some important standards.

  • Brazilian Federal Law No. 12846 of 2013: The creation of a compliance programme is provided expressly in Article 7, Item VIII, as an attenuating circumstance of the fine penalty. The regulation of integrity programmes is found in Articles 41 and 42 of Brazilian Federal Decree No. 8420 of 18 March 2015.
  • Argentine Law No. 27401 of 2017:[4] Although this Law does not broadly require Argentine companies to have an integrity programme, it does bring one exception. If a company enters into contracts with the Argentine federal government, it must have an active integrity programme so that it can participate in certain types of government contracts (for example, contracts that, according to local law, require the approval of a higher-ranking minister or civil servant, and some concession and public works contracts).
  • Chilean Law No. 20393 of 2009:[5] Article 3 provides that if an organisation has committed the crime of corruption, any resulting sanctions will be mitigated if, prior to the crime being committed, the organisation had adopted and implemented models of organisation, administration and supervision to prevent crimes like the one committed. One way to illustrate the existence of this management model is through the implementation of a compliance programme.
  • Peruvian Law No. 30424 of 2016:[6] The adoption of a prevention model, such as the implementation of a compliance programme, is considered a mitigating factor when applying the penalties for bribery crimes, as provided for in Article 12(e).[7]
  • Colombian Law No. 1778 of 2016: Considering the precept brought by Article 23, the Superintendency of Societies (the regulatory agency of the government of Colombia that supervises corporations) establishes the companies that must implement a business ethics programme, when the requirements brought by Resolution 100-002657, of 25 July 2016, with the market segments mentioned by this Resolution: pharmaceutical, infrastructure and construction, manufacturing, mining (energy) and information technology.[8]

The implementation of a compliance programme is not only a fulfilment of a legal requirement but is also seen as a considerable competitive advantage for a company that carries out operations with international customers.

When structuring a compliance programme, an organisation must demonstrate that it is prepared to comply with international anti-corruption standards, including those applicable to its customers and partners. This can make the organisation attractive as compared with competitors who do not have this type of structure, since customers or partners often want to do business with companies that generate less compliance and reputational risk.

Another benefit brought by a compliance programme is the minimisation of failures and nonconformities linked to acts of corruption. As previously stated, a compliance programme is similar to a quality management system, having as its main objective its continuous improvement, the development of employees through training, process integration, risk mitigation and alignment of the understanding of all professionals with regard to ethical culture within the company.

Under the bias of legal compliance with anti-corruption rules, companies that have a structure based on a compliance programme are less susceptible to the application of penalties and fines. This point deserves particular attention, given that fines can be relatively high and may directly affect a company’s strategy or business continuity.

In addition to minimising the incidence of penalties on its activities, a company that is in compliance also exercises its social role in the country where it operates, since it generates jobs, pays taxes, and preserves the environment and the safety and health of its employees. When this compliance extends to the supply chain, the positive effects are even greater, given that the company requires that its service providers have the same lawful posture as its own.

Last, the absence of a structure aimed at preventing and combating corruption within the company makes it more vulnerable to involvement in illegal acts, bringing immeasurable consequences, such as loss of credibility in the market before partners, customers, suppliers and supervisory bodies, among others.

The creation of a compliance programme, by itself, does not guarantee the existence of an ethical culture in a company. It is necessary that the actions foreseen in the programme are carried out continuously and effectively, and are experienced by all employees in their daily working life.

How to measure a compliance programme’s effectiveness

To develop a continuous and effective compliance programme it is necessary to constitute a specific, independent and autonomous area within the organisation that is responsible for the management of the following pillars:

  • Corporate governance: establishes the alignment of senior management, decision flow and authority limits.
  • Prevention: addresses all aspects relating to the definition of guidelines, communication, training and specific compliance controls, such as the assessment of suppliers, business partners and customers, and management of access to the company’s transactional systems.
  • Detection: management of the communication channel to register any complaints, requests, suggestions, compliments and clarification of doubts. The detection pillar also provides for the evaluation of the compliance programme through the performance of internal and external audits.
  • Correction: includes (1) application of penalties for non-compliance with the legal requirements and guidelines of the company and (2) recommendations for improvements in the company’s processes, to be approved by the corporate governance process, so that cases identified as irregular no longer occur, which makes up the permanent cycle of the continuous improvement process.

Bruno Carneiro Maeda puts this in the following terms:

To be effective in fulfilling its purpose, a company’s compliance area must be able to: 1. inhibit and reduce the probability of committing any breach of laws, internal ethical and regulatory standards of the corporation; 2. detect any undue activity or exposure to unacceptable levels of risk; and 3. react appropriately to verified deviations, allowing the application of administrative and, if applicable, judicial punishments, always quickly and fairly.[9]

Although there are some differences between the guidelines issued by the United States, the United Kingdom, Brazil, Argentina, Chile, Peru and Colombia, all principles permeate the concepts of prevention, detection and correction, which are found in management system methodologies. For these guidelines, an effective programme must establish standards and procedures to prevent and detect criminal conduct, demonstrate the commitment of the company’s senior management and not include in the body of senior management any people who have been involved in illegal activities or have acted contrary to a compliance programme. They also provide that the company must conduct effective training and communication, monitor the effectiveness of the programme through defined auditing procedures, establish defined and effective disciplinary mechanisms, and define processes for internal investigations and correction of nonconformities.

Regarding the differences, some of these guidelines establish that to develop an effective compliance programme, the company must perform due diligences in the corporate sectors and in partner companies or acquired companies, as well as implement internal channels for denouncing irregularities, which are open to third parties and properly disseminated. Some of them also provide that a policy for the protection of whistle-blowers against reprisals must also be implemented.

Notwithstanding that the above is only established in some of these guidelines, in all countries, even in those that have no legal provisions for it, these are seen as good practices and may be implemented by companies.

On the other hand, a survey conducted in 2018 by the non-governmental organisation Transparency International reveals that the continued failure of most countries to significantly control corruption is contributing to a crisis of democracy around the world. That is to say, even though some companies have created an awareness of compliance, the data show that most organisations have not yet heeded the risk of not having a culture of compliance.

To improve this situation, some organisations have been adopting the nomenclature change from compliance programme to integrity programme. This is not just a change of words, as the concept brought by the term ‘integrity’ encompasses both the fulfilment of an organisation’s legal and internal requirements, and the internalisation of a culture of ethics and transparency. To illustrate this understanding, we quote Alexandre Di Miceli da Silveira:

When mismanaged, a company’s culture can become so pernicious that people often take no meaning in internal regulations and laws. The recent scandals in Brazil, evidenced by Operation Lava Jato, for example, were not caused by the absence of governance documents, but by toxic cultures that led ordinary people to omission or illegal behaviour.[10]

In this matter, being compliant is limited to meeting the regulations applicable to the company. Integrity, on the other hand, is to act correctly even if the conduct is not provided for in any regulations. This becomes a competitive differential, since by having integrity as one of its values, an organisation is more solid and secure before its stakeholders.

In conclusion, the effectiveness of a compliance programme, and consequently the effectiveness of an ethical culture, depends on a structure based on well-defined processes, clear responsibilities, comprehensive controls and monitoring, continuous improvement actions, communication and periodic training, and incorporation of the ethics and transparency in the organisation’s values. In addition, the existence of indicators for the compliance programme is extremely important for verifying its evolution and effectiveness, and the adequate measuring of resources (human, financial, material and others).

Key performance indicators

As mentioned at the beginning of the chapter, integrity programmes are similar to the management systems already used by companies, since their structure is based on the Plan, Do, Check and Action cycle. In this way, and to guarantee the effectiveness of a programme, it is not sufficient just to plan and to take action. It is also essential to measure whether the actions contemplated in the planning are having the desired effect or whether they need to be adapted to achieve the proposed objective.

The most robust tool to assess whether a given action is efficient is through performance indicators, composed of three variables: objective, metric and goal.

The objective of a key performance indicator is what the manager seeks to accomplish in the company (‘why’ measure). The metric would be the methodology used to evaluate the indicator (‘how to’ measure). Finally, the goal is the minimum index to be achieved using the metric, demonstrating whether the indicator has achieved its objective.

In terms of integrity, the main performance indicators could be divided into three pillars:

  • Processes:
    • training planned versus training performed;
    • result of audits (internal and external); and
    • control of the risks raised in an integrity risk assessment.
  • Culture:
    • dissemination of a company’s code of ethics and conduct; and
    • the psychological security climate of the organisation (how safe employees feel in their work environment with regard to the quality and transparency of organisational communication, commitment from senior management, freedom to participate in meetings and decision-making).
  • Leadership:
    • degree of ethical leadership in organisations (assessment of leadership by their followers, considering issues of governance and integrity); and
    • periodic behavioural assessments by senior management.

Finally, and no less important, as a performance indicator signals a positive result, that is, with goals reached or surpassed recurrently, it can be transformed into process control, allowing for the creation of new performance indicators. This is the continuous improvement put into practice.


At first, companies see the implementation of an integrity programme as a need to comply with the rules that regulate anti-corruption actions. However, a structured integrity programme, combined with the management of performance indicators, will result in a company with greater security for its employees, shareholders and stakeholders.

In addition, the methodology used in most integrity programmes brings benefits not only to the compliance area but to the company as a whole. Considering that an organisation will have well-defined processes, more assertive risk management, an ethical and transparent culture rooted in employees and a reduction in expenses for the payment of fines and infractions, this becomes a competitive differentiator, given that solid performance and a good reputation are well regarded in the market for providing safe and long-lasting business for customers.

[1] Carolina Goldenberg is a senior analyst at Whirlpool Corporation and Jussara Rocha Tibério is senior compliance analyst at Camargo Corrêa Infra.

[2] The Foreign Corrupt Practices Act of 1977, as amended, 15 U.S.C. §§ 78dd-1, et seq. < https://www.justice.gov/sites/default/files/criminal-fraud/legacy/2012/11/14/fcpa-english.pdf>.

[4] Law 27401 of 8 November 2017 on the Criminal liability regime for legal persons for crimes committed against public administration and transnational bribery < https://www.legiscompliance.com.br/legislacao/norma/124>.

[5] Law 20393 of 2009 (last amended 31 January 2019) < https://www.leychile.cl/Navegar?idNorma=1008668>.

[6] Law 30424 of 2016 regulating the administrative responsibility of legal persons regarding transnational assets < https://busquedas.elperuano.pe/normaslegales/ley-que-regula-la-responsabilidad-administrativa-de-las-pers-ley-n-30424-1370638-1/>.

[7] Ellis, Matteson, ‘Peru inclui a Responsabilidade Corporativa por Crimes de Corrupção na Defesa de Empresas que possuem Programas de Conformidade’, FCPAméricas Blog, at https://fcpamericas.com/portuguese/peru-inclui-responsabilidade-corporativa-por-crimes-de-corrupcao-na-defesa-de-empresas-possuem-programas-de-conformidade/.

[8] Ellis, Matteson, ‘O “ACT”: Nova Lei Anticorrupção decretada na Colômbia’, FCPAméricas Blog, at http://fcpamericas.com/portuguese/act-nova-lei-anticorrupcao-decretada-na-colombia/.

[9] Carneiro Maeda, B, ‘Programas de Compliance Anticorrupção: importância e elementos essenciais’ in Del Debbio, A; Carneiro Maeda, B; da Silva Ayres, C H (coord.), Temas de Anticorrupção & Compliance (Rio de Janeiro: Elsevier, 2013), p. 171.

[10] Silveira, Alexandre Di Miceli da, Ética Empresarial na Prática – Soluções para Gestão e Governançca no Século XXI (2018), p. 174.

Get unlimited access to all Latin Lawyer content