Compliance as a Foundation for ESG Oversight

This is an Insight article, written by a selected partner as part of Latin Lawyer's co-published content. Read more on Insight

The interest of regulators, investors and other stakeholders in companies and projects that adopt environmental, social and governance (ESG) principles in their activities has been growing steadily in the past few years, fuelling a worldwide quest to identify and measure factors that make an organisation compliant with a given set of ESG laws, regulations, guidelines and social expectations. So far, there is no worldwide common ground on what precisely ESG is and what exactly is expected of ESG-compliant organisations. Nevertheless, all actors seemingly agree that part of the equation involves going beyond the traditional economic-financial metrics to assess companies holistically, often in light of several risks factors that have grown in importance since the early days of modern corporate risk governance.

This article attempts to identify and describe the current foundations and frameworks of ESG principles and compliance in Latin America, with a particular eye to Brazil, given the country’s size and economic weight for the region. We begin by reviewing the international trends that are guiding the discussion of ESG in the region, and present an outline of landmark local laws and regulations. Next, we analyse the level of ESG maturity in Brazil, foreseeable challenges and some of the compliance tools that can be leveraged to enhance ESG oversight in the future.

We believe that ESG risk management and compliance are here to stay. Existing compliance programmes in Brazil and other jurisdictions in Latin America can definitely provide organisations and stakeholders with useful tools for improved ESG oversight. In turn, this can mean better overall handling of climate change, community relations and resource management, among other paramount aspects that are key to business organisations.

Influence from international ESG perspectives

Stakeholder interest in ESG in Latin America is rapidly evolving in alignment with a worldwide trend and social urge to weigh and address key ESG issues. According to the World Economic Forum 2021 Global Risks Report, global economic activities in the next 10 years are highly likely to face risks related to extreme weather, climate action failure and human-led environmental damage, alongside cybersecurity failure, digital inequality, increased economic fragility and societal division.[2]

Europe is a frequent source of regulatory influence for Latin America. Regulations such as the EU Taxonomy for Sustainable Activities,[3] the EU due diligence law on environment and human rights[4] and the intended regulation for ESG ratings and assessment tools[5] are likely to impact on rule-making in Latin American countries. Many multilateral organisations, such as the United Nations and the Organisation for Economic Co-operation and Development (OECD) are also acting towards developing and defining ESG standards on responsible investment, corporate behaviour, sustainable finance and other related subjects.

The ESG movement has gained further momentum in Latin America following the covid-19 pandemic and its dramatic and unfortunate repercussions in the health and well-being of populations and the resulting worsening of economic inequality and access to natural resources. In comparison with other regions, Latin America is expected to suffer a greater economic contraction following the pandemic.[6] According to the Allianz 2021 Risk Barometer, Latin America also presents heightened business interruption risks, including supply chain disruption, as a consequence of political, social and economic factors.[7] In addition, S&P highlights Brazil’s complex regulatory system, which imposes heavy compliance costs for businesses, encouraging informality, tax evasion and corruption, despite the country’s strong regulations on corporate governance.[8]

In Brazil, recent developments have also highlighted socioenvironmental risks that are aggravated by climate and human rights perspectives. Despite Brazil’s commitment to the climate change agenda following its hosting of Eco92 (United Nations Conference on Environment and Development), such commitment has been recently put into question by international observers in light of perceived setbacks in the implementation of public policies aimed at combating deforestation and the consequent reduction of greenhouse gas emissions, especially due to the large fires in the Amazon and the Pantanal regions.[9] These recent events have reopened the discussion on the traceability of products negotiated by Brazil, especially those from the agribusiness, to ensure compliance with international ESG principles.

From a social perspective, notwithstanding Brazilian historical ratification of human rights treaties and adoption of mechanisms from the United Nations and Inter American Human Rights systems, issues related to race and gender discrimination have gained increasing prominence in recent years and the conduct of Brazilian companies towards such issues are under scrutiny from stakeholders, consumers, regulators, investors and the press.

The scenario described above has resulted in increased interest from the Brazilian business community in ESG policies and risk assessment, despite the absence of a unified legal framework regarding the issues in the regulatory landscape. As a result, the ESG agenda has gathered more momentum in the business environment, leading to more initiatives of proposed regulation or self-regulation and voluntary compliance and commitments.

Brazilian landmark ESG laws and regulation

As seen at the global level, the legal framework of ESG in Brazil is still highly fragmented. The Brazilian Federal Constitution provides a series of principles that touch on several ESG aspects, such as the social function of property and of contracts, the defence of the environment, and the reduction of regional and social inequalities. Commentators argue that these principles apply equally to the government and companies, which have an implicit duty to employ best efforts to at least mitigate the negative sustainability impacts in their activities.

At the federal level, there are multiple laws and regulations that set forth ESG obligations that must be observed by businesses when conducting their activities. State and municipal laws also set a variety of norms regarding these themes that are not necessarily harmonious, which is an important factor considering Brazil’s continental dimensions and regional differences in economic and social development.

Furthermore, regulatory agencies from different business sectors have also enacted regulations that touch upon ESG aspects, such as:

  • Brazilian Securities and Exchange Commission (CVM) Instruction No. 480/2009, which sets obligations for publicly held companies to periodically disclose to the market the risk factors and the effects of the regulation on their activities, calling attention especially to environmental and governance aspects that must be disclosed to regulators and investors. On December 2020, CVM opened a public consultation process towards a revamp of Instruction No. 480/2009, which has resulted in the issuance of Resolution CVM No. 59 of 21 December 2021, implementing obligations of disclosure related to ESG issues as of January 2023, such as detailed information of sustainability reports, the specific disclosure of climate, environmental and social risks, information regarding diversity on board and of employees and ESG indicators integrated for the variable compensation of directors;
  • National Monetary Council (CMN) Resolution No. 4,327/2014, which demands financial institutions to have and comply with a written Policy on Social and Environmental Responsibility (PRSA) requiring financial institutions to actively track the social and environmental risks their portfolios are exposed to;
  • Social Security National Council (CNPC) Recommendation No. 1, which recommends that private pension plans (EFPC) provide information on the extent and methodology of considering ESG factors in their investment portfolios; and
  • the Brazilian Superintendence of Private Insurance (SUSEP) has issued a public consultation process for a new regulation regarding sustainability requirements to be observed by supplementary pension entities (EAPCs), insurance companies and local reinsurers, considering social, environmental and climate risks disclosure. The proposal includes procedures to evaluate and subscribe risks related to sustainability, adoption of a sustainability policy, the issuance of a sustainability report, and other matters.

Brazil’s legal framework on ESG matters also includes a series of non-mandatory norms and guidelines that may be observed by enterprises. For instance, the Code of Best Corporate Governance Practices published by the Brazilian Institute of Corporate Governance (IBGC) sets best practices regarding governance bodies such as shareholders’ meetings, executive boards, audit committees, among others, as well as procedures to address conflicts of interest.[10] The Integrity Programme Guidelines for Legal Entities, issued by the Federal Controller General’s Office, is another example of a non-binding document that clarifies the concept of corporate integrity programmes in light of non-binding standards and assists companies in developing or improving policies to prevent, detect and remedy wrongful acts committed against the government.[11]

In light of this fragmented scenario, we present below some Brazilian laws and regulations that are in some way related to ESG matters and may be applicable to companies, either as legally required measures or as voluntary guidelines for action.

Governance aspects

From a governance and risk management perspective, some examples of landmark Brazilian laws and regulations include the following:

  • The Corporations Law (Federal Law No. 6,404/1976) sets various governance rules and principles that must guide the actions of corporations, assigning fiduciary duties to management and controlling shareholders. It contains provisions regarding the need to harmonise the interest of the corporation to generate profit for its shareholders with socioenvironmental aspects of its activities.[12]
  • The State-Owned Companies Law (Federal Law No. 13,303/2016) contains governance and compliance principles and rules that apply specifically to state-owned or -controlled companies, which must observe statutory rules regarding corporate governance, transparency, risk management and internal controls.
  • The Securities Market and Capital Markets Laws (Federal Laws No. 4,728/1965 and No. 6,385/1976) contain principles and rules that governs capital markets activities and set out the foundations for the oversight and protection of corporations, minority shareholders and the market in general.
  • The CVM Directive Release No. 02/2021 contains guidance as to the minimum elements that must compose a publicly held company’s compliance activities and the compliance report.
  • The Clean Companies Law (Federal Law No. 12,846/2013) and its regulation (Federal Decree No. 8,420/2015) set forth the standards that shall guide assessment of corporate integrity programmes in the event of enforcement against corporate entities for certain violations against Brazilian and foreign governments (e.g., bribery of government officials, public procurement, fraud and obstruction of justice).
  • The Anti-Money Laundering Law (Federal Law No. 9,613/1998) sets forth the activities that must adopt anti-money laundering compliance programmes and sanctions for compliance failures, which are further regulated by several industry regulators or by COAF, the Brazilian financial intelligence unit (in the latter case, when the industry in question does not have an established regulator).

Compliance programmes are generally not obligatory pursuant to Brazilian law. Exceptions include individuals or corporate entities doing business in areas covered by the Anti-Money Laundering Law, certain government contractors that must implement anti-corruption compliance as a condition for the performance of contracts, and self-regulation such as the special listing segments offered by the stock exchange. Nevertheless, statutory provisions can provide incentives for companies that have an effective compliance programme in place in the form of penalty reduction or sanction mitigation factors.

Social aspects

On social aspects, Brazil has extensive legislation regulating labour and employment rights. The Federal Constitution, the Consolidation of Labor Laws and sparse federal laws provide for the labour and employment legal framework in Brazil. The federal legislative power holds the authority to legislate on labour and employment rights. Moreover, collective bargaining agreements and regulation of services and activities in local and state levels add to the set of norms that govern labour and employment relations in complementary perspectives. Beyond general labour regulations, some federal laws establish diversity rules applicable to businesses such as the following:

  • Federal Law 9,029/1995 prohibits any discriminatory or restrictive practice for the purpose of admission or maintenance of the employment relationship based on gender, origin, race, colour, marital status, family situation, disability, professional rehabilitation, age, among others.
  • Federal Law 8,213/1991 requires companies with 100 or more employees to fill 2 per cent to 5 per cent of its positions with rehabilitated beneficiaries or people with disabilities.
  • The new Government Procurement Law (Federal Law No. 14,133/2021) prohibits the participation in the bidding process of companies legally convicted for the exploitation of child labour, forced labour or adolescent labour (when under conditions not authorised by law), and sets forth gender equality on work environment as resolution criteria between tenderers.

The legal framework regarding business and human rights guidelines, on its turn, is recent and non-binding:

  • Federal Decree 9,571/2018 provides for the National Guidelines on Business and Human Rights, which were developed in accordance with the UN Guiding Principles on Business and Human Rights. Among the guidelines are the requirements to respect labour and fundamental rights provided in the Federal Constitution, to monitor the supply chain in respect of possible human rights violations, and to implement educational activities to foster human rights observance.
  • National Council of Human Rights Resolution No. 05/2020 sets the National Guidelines for a Public Policy on Business and Human Rights, which requires businesses to promote, respect and protect human rights in their activities.

Environmental aspects

Brazil has extensive environmental protections laws and regulations, which are more targeted to preventing and punishing environmental damages. In fact, environmental crimes are the only type of criminal liability applicable to companies in Brazil. All other crimes generate liability for individuals only.

On the subject of climate change and more general environmental protection issues, the legislation is also sparse and currently limited to the ratification of the international commitments undertaken by Brazil, which designates the private sector as an ally in the fulfilment of goals to reduce greenhouse gas emissions.

Federal Law 12,187/2009 sets Brazilian National Policy on Climate Change and officialises Brazil’s voluntary commitment to the United Nations Framework Convention on Climate Change (UNFCC) to reduce greenhouse gas emissions, guiding multisector actions and stimulating social and private participation aimed at climate change mitigation.

Federal Decree 9,073/2017 enacts the Paris Agreement under UNFCC, establishing Brazil’s commitment to a global framework dedicated to avoiding dangerous climate change by limiting global warming to well below 2°C and pursuing efforts to limit it to 1.5°C, as well as to encourage and facilitate engagement in the mitigation of greenhouse gas emissions by private entities.

ESG maturity and challenges in Brazil

Despite the laws and regulations mentioned above and increased public exposure and awareness of ESG aspects, Brazil is still at an early stage of development regarding ESG, particularly in comparison with other jurisdictions such as the European Union and some of its member countries.

In contrast with efforts of the EU and some other countries, Brazil’s regulation does not include key aspects of the theme, such as an ESG taxonomy, demanding compulsory human rights due diligence, or setting of a common methodology for ESG reporting and measurement.

The lack of formal guidelines regarding ESG questions and how to report findings, added to the incipient use of formal and structured ESG methodologies (such as the Global Reporting Initiative (GRI Standards); the Task Force on Climate-related Financial Disclosures (TCFD Standards); the Accounting Standards Board (SASB Standards), among others), are some of the obstacles for companies in Brazil to setting up effective implementation and monitoring of ESG commitments.

This scenario leaves room for insecurity for companies, investors, policymakers and other stakeholders in relation to properly assessing activities that are being developed with due respect for socioenvironmental criteria. In fact, a recent survey of around 30,000 investors has shown that about two-thirds of Brazilian investors have little to no knowledge about responsible investment from an ESG standpoint.[13] In addition, 24 per cent of them stated a lack of trust on the real impact of ESG factors, while an additional 24 per cent said they are concerned that an ESG investment may represent a financial trade-off.

Nonetheless, due to the cross-border nature of these issues, Brazilian businesses are already experiencing the effects of stronger ESG regulations set by other jurisdictions, such as the United States and European Union, either because foreign investors are now urging for more clarity towards these issues, or because new laws may also be grounds for transnational litigation in the event of socio­environmental problems. In this context, the management of ESG risks in Brazil may be boosted by foreign standards, building a favourable environment for the recognition of best practices built on the basis of the compliance programmes that presently focus mostly on anti-corruption and other corporate integrity matters.

Leveraging the existing compliance framework to enhance ESG oversight

Compliance programmes in Brazil started to gain importance in 2013, with the enactment of the Clean Companies Law. Initially, most companies focused on corporate integrity and anti-corruption programmes, which were the main risk areas of concern due to many years of aggressive anti-corruption and competition enforcement led by Brazilian federal prosecutors and other authorities. With time, sophisticated professionals and an increase in the perceived utility of compliance structures (such as codes of conduct, internal reporting channels and trainings), corporate programmes have been tasked with broader responsibilities. Those include risk assessment and mitigation measures not only in the anti-corruption field, but also data privacy and other important and specific risks of each company. As a result, compliance and risk management functions are now increasingly urged to adopt a more holistic approach and respond to stakeholder scrutiny and good practice standards that incentivise companies to incorporate ESG aspects into risk analysis and oversight.

This holistic approach and the professionalisation of risk analysis and management are fundamental for the ‘New Market’ (Novo Mercado) special listing segment[14] created by B3 S.A. – Brasil, Bolsa, Balcão (B3), Brazil’s principal stock exchange. For instance, the enhancement of governance reporting lines and responsibilities is in great part due to the supervision of B3, which has embraced the three-line defence system established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as the gold standard for corporations to be deemed compliant with the New Market listing segment.

The New Market listing rules require corporations to adopt an audit committee, which is an advisory body that oversees the quality of financial statements, internal controls, risk management and compliance, aiming at the reliability and integrity of the information, as well as the protection of the company and its stakeholders’ interests. Second, the New Market demands corporations to adopt an internal audit function, which is responsible for monitoring, evaluating and making recommendations on the company’s internal controls, in accordance with policies, rules and procedures established by the board of directors. In contrast with other areas, the internal audit function can be created in-house or outsourced. Last, the New Market also sets forth that corporations must have an appropriate risk management process and keep adequate internal controls and integrity (or anti-corruption) compliance programmes, considering the complexity of its activities, the particularities of its industry and the local aspects of its operations.

Therefore, an important portion of publicly traded corporations must already have a robust compliance and risk management structure, especially focusing on anti-corruption matters. According to data from 121 publicly traded corporations analysed in 2019, (1) 81 had audit committees, but only 16 were fully adapted to New Market regulations; (2) 88 had an internal audit area, but only nine were adapted to New Market regulations; and (3) 83 had risk management, internal controls and compliance committees in accordance with the regulation of the New Market.[15]

This is likely to evolve with regulatory reforms involving publicly traded corporations. As mentioned before, in December 2020, the CVM initiated public consultation procedures for a regulatory reform that, among other things, intends to improve disclosure regarding ESG aspects in response to increasing investor demands over the subject. The creation or enhancement of the following obligations or requirements for issuers are among the topics open for public consultation before the CVM: (1) enhanced and highlighted disclosures regarding social, environmental and climate risk factors; (2) an obligation to state where the issuer stands on relevant sustainable development objectives; (3) an obligation to disclose diversity data with respect to management and the workforce; and (4) an obligation to disclose sustainability reports or key performance indicators regarding environmental and social aspects, or a justification for not doing so.

Despite a positive outlook, ESG issues still lack prominence in the agenda for implementation and monitoring. Companies can likely overcome such challenges by applying well-established compliance principles that can include written sustainability or ESG policies and other policies, procedures and internal controls such as:

  • assessments regarding how its activities and policies lack or comply with social and environmental aspects, in light of current regulations and market pressure (e.g., by preparing a risk assessment to obtain clarity on what areas of risk should be prioritised);
  • implementation of its commitment to ESG criteria (e.g., by training its staff on the subject, adapting current hiring practices and demanding commitment from other partners throughout the value chain);
  • monitoring of setbacks and progress related to its goals (e.g., by setting reporting or communication channels that allow employees, customers and business partners to share their perceptions on the theme and report misconduct); and
  • adopting prevention, mitigation and remediation measures against non-compliance with such commitments (e.g., by adopting sanctions for wrongdoers or action plans to contain possible negative effects arising from their actions).

In other words, behind most corporate compliance programmes, there are common elements that could serve as best practices for a more effective implementation and oversight of ESG matters: (1) comprehensive and periodic risk assessment; (2) frequent trainings of management and employees; (3) continuous updating of internal policies and procedures; (4) contractual mechanisms dedicated to dissemination of compliance obligations with suppliers and all the value chain; and (5) due diligence practices dedicated to identifying compliance risks of business partners, among other policies, procedures and internal controls.


Even as the compliance environment continues to evolve, traditional compliance practices and policies may certainly be successfully adapted to advance ESG implementation and oversight in Latin American businesses. Many existing compliance programmes in Brazil and Latin America, particularly those implemented by a large portion of publicly traded corporations, already provide comprehensive risk management structures that can be used as tools to improve ESG oversight. Compliance programmes focused on integrity and anti-­corruption matters are well disseminated in the region and can be an important stepping stone for organisations to advance the ESG agenda.

Therefore, the existence of compliance and corporate ethics programmes in the Brazilian and Latin American markets can be a strong factor in directing efficient corporate action towards the integration of ESG criteria into companies’ risk assessments and compliance oversight throughout their value chain.


[1] Juliana Gomes Ramalho Monteiro, Thiago Jabor Pinheiro and Marcel Alberge Ribas are partners at Mattos Filho, Veiga Filho, Marrey Jr e Quiroga Advogados. The authors would like to thank the collaboration of Mattos Filho, Veiga Filho, Marrey Jr e Quiroga Advogados associates Adriana Moura Mattos da Silva, Fernanda Basaglia Teodoro and Daniela Halperin in the preparation of this chapter. This chapter was accurate as at August 2021.

[2] World Economic Forum. ‘The Global Risks Report 2021’. 16th Edition Insight Report. Available at: Last accessed on 15 March 2021.

[3] European Union. ‘EU taxonomy for sustainable activities’. Available at: Last accessed on 16 March 2021.

[4] Reuters. ‘Lawmakers push for European due diligence law on environmental, human rights’. 27 January 2021. Available at: Last accessed on 16 March 2021.

[5] European Securities and Markets Authority. ‘ESMA calls for legislative action on ESG ratings and assessment tools’, 29 January 2021: Last accessed on 16 March 2021.

[6] The Global Risks Report 2021 16th Edition - Insight Report’ (last accessed 15 March 2021).

[7] Allianz. ‘Allianz Risk Barometer - Identifying the Major Business Risks for 2021’ Last accessed on 15 March 2021.

[8] ‘Environmental, Social, And Governance: The ESG Risk Atlas: Sector And Regional Rationales And Scores’ Last accessed 15 March 2021.

[9] ‘Fires in Brazil’s Pantanal wetland and Amazon rainforest worst in a decade’, Unearthed, 4 September 2020. Available on: Last accessed on 15 March 2021.

[10] Instituto Brasileiro de Governança Corporativa (IBGC). ‘Código das Melhores Práticas de Governança Corporativa’, 5th ed. (2008). Available at:

[11] Controladoria Geral da União (CGU).’Programa de Integridade, Diretrizes para Empresas Privadas’. Sept. 2015. Available at:

[12] Corporations Law, Sections 116 and 154. Available at: (stating respectively that a controlling shareholder shall use its controlling power to make the corporation accomplish its purpose and perform its social role, and shall have duties and responsibilities towards the other shareholders of the corporation, those who work for the corporation and the community in which it operates, the rights and interests of which the controlling shareholder must loyally respect and heed; and that an officer shall use the powers conferred upon him or her by law and by the by-laws to achieve the corporation corporate purposes and to support its best interests, including the requirements of the public at large and of the social role of the corporation).

[13] Valor Investe. ‘ESG: sobra interesse, mas falta informação, mostra pesquisa da XP’. 14 August 2020. Available at: Last accessed on 11 March 2021.

[14] B3 listing segments were created for different company profiles and are bound by rules of corporate governance under several levels of complexity, all beyond the obligations that companies have according to the Brazilian legislation. Enrolment is voluntary, but companies must meet the standards assessed by B3 in order to join. Currently, there are five listing segments, from the highest level of governance to lowest: ‘Novo Mercado’, ‘Nível 2’, ‘Nível 1’, ‘Bovespa Mais Nível 2’, ‘Bovespa Mais’. B3. ‘Listing Segments’. Available at: Last accessed on 08 June 2021.

Unlock unlimited access to all Latin Lawyer content