Navigating Corruption Risks in the Brazilian Infrastructure Sector: New Trends to Guide Investors


It is no secret that Brazil has been navigating troubled waters since the beginning of 2014. The country has faced the longest and hardest recession in its history and, since March 2014, has also been carrying out its biggest corruption investigation, which has also contributed to the economic crisis.

These have certainly been challenging times for companies and businesses in Brazil. However, since the end of 2017, economic indicators have shown the first signs of recovery and investment opportunities are booming, for the most part owing to cash-flow pressures suffered by some of the Brazilian largest groups. As a consequence of the financial and reputational damage caused by the current investigations, many of these groups have decided to sell relevant and profitable assets to survive the current crisis, thus generating new opportunities for domestic and foreign investors.

These investment opportunities are particularly widespread in the infrastructure sector. That notwithstanding, common concerns of potential buyers are the anti-corruption and regulatory implications that could arise from the acquisition of an asset potentially connected to bribery, bid rigging or other violations of Brazilian law.

In this context, this article aims to provide a short guide to the main risks that investors may face when planning to take advantage of upcoming opportunities in the Brazilian infrastructure and energy sector, as well as a preliminary assessment of how such risks could be managed or mitigated in the context of the transaction and after it is closed.

A short overview of the anti-corruption investigations in Brazil

Operation Car Wash has been investigating a huge corruption scheme involving the state-owned oil titan, Petrobras, and several of the largest Brazilian infrastructure groups, including some international companies. As of August 2018, Operation Car Wash has generated 2,476 judicial and administrative procedures, 236 arrest warrants, and 513 requests for international cooperation. It has also produced 11 corporate leniency agreements, with more being negotiated, along with 175 plea bargaining agreements. In addition, 328 people are facing criminal charges for corruption, crimes against the financial system, international drug trafficking, formation of criminal organisations and money laundering, among others.

Along with Operation Car Wash, several other investigations have been launched, such as Tolypeutes, Leviatã and Recebedor. Apart from involving large sums of money allegedly diverted to corruption, such operations have in common the fact that all of them involve companies operating in the infrastructure sector. Many other investigations were also started on different fronts, such as Zelotes, Greenfield, Carne Fraca, Mar de Lama, etc.

Infrastructure companies are at the centre of this turmoil. Their frequent interaction with public authorities makes them particularly vulnerable to corruption-related risks, and many of their most valuable assets may be particularly affected by the corresponding legal and reputational consequences of such investigations, such as public financing, concessions and licences.

Overview of the Brazilian anti-corruption legislation

Anti-corruption legislation has been in place in Brazil for a very long time, but until recently was mainly focused on applying criminal sanctions to individuals (either giving or receiving illicit advantages). The legal tools to fight corruption, throughout almost all Brazil's legislative history, have been almost exclusively punitive criminal rules, with an extremely restricted focus on the control, prevention and sharing of responsibilities between the state, corporations and civil society.

The approach to combating corruption in Brazil has undergone a profound transformation in recent years. The 1988 Federal Constitution, the Brazilian Public Procurement Law,2 the Fiscal Responsibility Law3 and the Administrative Misconduct Law4 have marked the beginning of a period of strong legislative focus on preventing and stopping acts that undermine the government, creating a consolidated legal framework for the criminal, administrative and civil punishment of individuals and companies that engage in such acts.

This shift in focus culminated in the enactment of Law No. 12,846 of 2013, the Brazilian Clean Company Act (BCCA), which specifically aims to punish companies doing business in Brazil for acts against the Brazilian or foreign public administration.

If, on the one hand, this has created a strong set of statutes to fight corruption from different and complementary angles, on the other it has created quite a complex scenario for companies and individuals, in which anti-corruption laws overlap, leading to different sanctions, established by different regulations and involving multiple enforcement agencies. In this sense, there are a number of different statutes that could be simultaneously applied in the case of illegal acts involving public corruption.5

Companies that engage in corruption may face civil and administrative6 penalties, along with their employees and executives. The table below summarises this complex backdrop of legal penalties.

Statutory basisType of actionPotential enforcersPotential sanctions for legal entities


(Civil Code)

Civil action for damages against legal entities and individuals.Both the injured entity and the Public Prosecutor's Office can start a lawsuit before the appropriate civil court.Compensation for the damage suffered by the public party.


(Administrative Misconduct Law)

Civil improbity action against legal entities and individuals.Both the injured entity and the Public Prosecutor's Office can start a lawsuit before the appropriate civil court.Loss of assets or amounts unlawfully acquired; payment of a civil fine of up to three times the benefits gained or damage caused; prohibition from entering into new contracts with the public administration or from receiving tax or credit benefits or incentives, including through a legal entity of which it is a majority partner, for up to 10 years.



BCCA's civil proceeding against legal entities only.Both the injured entity and the Public Prosecutor's Office can start a lawsuit before the appropriate civil court.Loss of assets, rights or values that represent a direct or indirect advantage or benefit obtained from the infraction, except for the right of the injured party or third party in good faith; suspension or partial prohibition of its activities; compulsory dissolution of the legal entity; prohibition on receiving incentives, subsidies, donations or loans from public entities and financial institutions, for a minimum term of one year and a maximum of five years.



BCCA's administrative proceeding against legal entities only.The injured entity and other agencies, such as the appropriate Internal Control Offices (e.g., the Ministry for Transparency, Supervision and Internal Control (CGU) in case of actions involving the federal administration) can start an investigation ex officio.Fine; public exposure of the conviction.
8,666/1993 (Public Procurement Law) and other public procurement laws and contractsAdministrative liability action under the Public Procurement Law and under the Concessions Law, mostly against legal entities.The injured entity and other agencies can start an investigation ex officio.Warning; fine; temporary suspension from participation in bidding procedures and prohibition from contracting with the public administration, for a period of up to two years; declaration of unfitness to tender or contract with the public administration as long as the reasons for punishment continue, or until it is rehabilitated by the authority that imposed the sanction.


(Federal Court of Accounts' Organic Law)

Administrative liability under the Federal Court of Accounts' Organic Law, mostly against legal entities.The Federal Court of Accounts can start an investigation ex officio.Disbarment from participating in bids of the federal public administration for up to five years.
8,137/90 and 12,529/11 (Competition Law)Administrative liability against legal entities (the law includes provisions regarding criminal liability of individuals as well).The Administrative Council for Economic Defence (CADE).Fine; publication of the conviction; ineligibility for official financing and participation in bids; registration with the National Registry for Consumer Protection; recommendation to the respective public agencies regarding intellectual property and tax matters; company divestiture, transfer of corporate control, sale of assets or partial interruption of activity; prohibition from carrying on trade on its own behalf or as a representative; any other act or measure required to eliminate harmful effects on the economic order.

Understanding the legal risks and navigating them

As explained above, a single act of corruption can trigger parallel enforcement actions by various different enforcement agencies, potentially resulting in overlapping penalties, which can range from fines to the loss of assets and licences. Among these actions, a growing concern relates to the recently enacted BCCA.

The BCCA has created a system of responsibility based on strict liability, under which a conviction can be made irrespective of any proof of fault, wilful misconduct or even knowledge of the wrongdoing. Indeed, according to the system established by the BCCA, a benefit to the investigated company is in principle a sufficient trigger for establishing the company's liability, making it responsible even for acts committed by third parties on its behalf. Additionally, it has provided for the joint responsibility of affiliates, subsidiaries, controlling or parent companies, and even members of consortiums. The penalties to be applied under the BCCA are also substantial, including fines of up to 20 per cent of the company's annual gross revenue, along with other relevant penalties7 such as debarment or even, in extreme cases, the closure of the legal entity.

That considered, the BCCA should be a relevant (although not exclusive) focus of attention for corporations investing in Brazil, especially for those companies investing in industries in which there is a higher interaction with public authorities, such as the infrastructure and energy sector.

The BCCA became effective on 29 January 2014 and sets out five main potential offences:

  • to promise, offer or give, directly or indirectly, any improper advantage to a public official, or third person related to him or her;
  • to finance, fund, sponsor or in any way subsidise illicit acts against the public administration;
  • to make use of an intermediary (individual or legal entity) to conceal or disguise the real interests or the identity of the beneficiaries of the acts performed;
  • regarding public tenders and contracts, to thwart, defraud, impede or disturb any act of public bidding procedure and its competitive nature, to manipulate or defraud the balance of economic and financial contracts with the public administration; and
  • to hinder the investigation or assessment activity of public agencies, entities or officials, or to interfere with their work, including activities falling within the scope of regulatory agencies and supervisory bodies of the national financial system.

The lack of substantial case law regarding the enforcement of the BCCA adds uncertainty to any analysis of how the authorities will interpret its provisions. However, there are already some specific elements within the law that are generating deep concerns in investors, therefore we divided this article into the following topics: (1) the strict liability system, (2) provisions regarding M&A transactions; (3) provisions on joint liability; (4) responsibility of executives for corrupt acts; and (5) post-closing initiatives and conclusion.

We aim to demonstrate that even if corruption risks cannot be totally avoided by investors, there are instruments to mitigate the risks imposed by the Brazilian legislation and corruption context that – if correctly implemented – can provide much greater safety and comfort for investors in highly exposed markets.

Strict liability

The strict liability element would be the most significant and relevant innovation of the BCCA, considering that legal entities may be punished regardless of their culpability or even if they had taken all preventive measures possible.

On the basis of the BCCA, a company can be sanctioned because of an isolated employee's or third party's act (such as a vendor or service provider) that benefits or aims to benefit the company, even if its higher management or representatives were unaware of, did not consent to and did not encourage such behaviour.

Considering this strict liability system, the implementation of a compliance management system (CMS) is the most adequate corporate response.

Despite the fact that a CMS cannot be used as a discharge argument under Brazilian legislation, its existence entails the potential reduction of an administrative fine and – naturally – is designed to prevent wrongdoing from happening at all.

On the other hand, an ineffective CMS or a CMS designed to be effective only on paper not only will show itself as useless, but will also not guarantee more lenient sanctions. Sanctioning benefits will only be available for companies capable of demonstrating that at the time of the offence they had effective compliance tools in place, focused on actually preventing corrupt practices and mitigating the company's own specific risks (rather than a 'one-size-fits-all' compliance programme).

Brazilian legislation provides details on the expected features of an adequate CMS,8 similar to those in the US Sentencing Guidelines.

Joint liability

Article 4, Section 2 of the BCCA provides that parent, controlled or affiliated companies, and consortium members (within the scope of the respective contract) shall be held jointly liable for corrupt acts.9

As one can imagine, this is a very controversial provision, especially because it affects companies with absolutely no power to interfere in the decision-making process that led to the misconduct. This scenario of actual unfairness not only enhances uncertainty for companies and enforcers, but can also lead to discussions in court, since jointly liable companies would have strong legal grounds to argue that such liability would be unreasonable. This is also a point of concern in M&A transactions, particularly when a party is planning to acquire a company previously owned by a parent company that is currently under investigation.

Minority shareholdings provide the basis for a better defence against such broad provisions, particularly when the minority investor can demonstrate compliance-oriented conduct in the exercise of its power towards the invested company.

For investors more generally speaking, adequate due diligence is the proper way to map the corresponding risks and provide a subsequent defence should litigation arise in the future.

M&A transactions

The BCCA included special provisions that somehow relate to M&A transactions. Its Article 4 establishes that 'the responsibility of the legal entity remains with it in the event of any of amendments to their articles of incorporation, corporate changes, mergers, acquisitions or spin-offs', limiting such liability – in mergers and acquisitions – to the payment of applicable fines and to the full compensation for occasional damages, up to the value of the transferred assets.

If from the enforcer's perspective this provision aims to guarantee that the sanctions will not be set aside and will be executed (even if just a fraction of it), from the investors perspective it raises the risk of M&A transactions in Brazil, which, as mentioned above, requires carefully conducted anti-corruption due diligences (ACDD).

The ACDD must comprise non-materialised risks, which means that the analysis on the target company shall comprise the conduction of thorough background checks, but also include an assessment of the target's exposure to corruption-related risks and the mitigating mechanisms in place.

In the ideal scenario, legal and the anti-corruption diligences must be coordinated, making it possible to jointly (and more efficiently) assess materialised and non-materialised issues. In this sense, the results of said assessment shall aid companies in their decision-making processes, also supporting the design of contractual protections and other measures that could limit post-closing liabilities.

In this regard, the proper and advised drafting of representations, warranties and other provisions in the transaction documents, are also key elements in limiting investors' liability in M&A transactions.

Executives' liability for corporate corruption

Unlike the strict liability applicable to legal entities in the BCCA, individuals ought to be punished in accordance with their own culpability, therefore, when acting with intent or fault when committing the wrongful act.

However, in a sort of Brazilian adaptation of the wilful blindness theory, there have been rulings10 in which managers were held accountable without having specifically committed any illicit act. In such cases, managers were found guilty based solely on the assumption that they had control over all the circumstances of the illicit act and deliberately decided not to act, making such omission criminally relevant.

From a civil perspective, the aforementioned anti-corruption regulations have raised the stakes for corporate corruption in Brazil and corrupt acts could deeply affect a company's value and profit. In this sense, some scholars have sustained that failing to address such risks could be construed as a violation of the executive's duty of care, making him or her accountable for reparations to injured parties (e.g., minority shareholders).

In this context, although the implementation of a compliance programme is not a corporate obligation under Brazilian law and, therefore, companies cannot be held accountable for its absence, some scholars have argued that, depending on the specific case, a manager's complete failure to implement any preventive initiative may be construed as a violation of his or her corresponding duty of care.11

Adequate corporate governance rules and a proper CMS would also serve, in this context, to limit an executive's liability, segregating accountability within the legal entity and demonstrating the exercise of a proper duty of care. In the end, it would help to prevent– in the case of an isolated transgression – allegations that management should be held criminally accountable for omission, or personally responsible for compensating damage suffered by third parties.

Post-closing initiatives and conclusion

It is undeniable that the Brazilian anti-corruption context and legislation present an undesirable level of uncertainty and that any investment in a highly exposed industry will carry some degree of risk. Nevertheless, there are instruments on hand to properly evaluate the risks of a given operation and to mitigate them to acceptable levels, empowering investors to benefit from upcoming opportunities in Brazil.

In this context, it is clear that in order to know and prepare for the potential corruption risks of a given transaction, it is recommended to perform a due diligence that will map possible wrongdoings and vulnerabilities. Information obtained during this process will influence multiple aspects of the transaction, such as the specific language of agreements, appropriate pricing, D&O declarations and guarantees.

Both the factual and legal context ensure the urgent need for companies operating in Brazil to create and implement adequate and effective CMS in order to prevent, detect and remedy breaches of integrity related to corruption. When properly implemented, such mechanisms are able to diminish the risk of wrongdoing, limit occasional sanctions and reduce management exposure to civil and criminal liability.

In this sense, the due diligence results can also serve as a preliminary maturity assessment of the target's CMS and of its risk map, being able to guide the improvement of existent initiatives or the implementation of new ones. That considered, after the transaction is closed, it is important to address what has been preliminarily discovered during the due diligence. Such initiatives may vary, depending on the findings, from applying stronger internal controls and an adequate CMS to performing an in-depth investigation into specific issues.

Internal investigations on specific issues can be performed before or after the closing and differ from the due diligence procedure in focus and range.

A due diligence process is wide-ranging, audits several procedures and situations in order to provide a first assessment on risks and controls, and reveals the general status of risk and the main topics that could raise concern. From an anti-corruption point of view, the due diligence verifies whether there are issues in the target company that could impact it negatively in the future and conducts general audits and tests to check for signs of issues not yet present that could arise (based on the analysis of reputational exposure, interviews, CMS analysis, etc.).

An investigation, on the other hand, is initiated in regard to a specific suspicion. Its procedures are highly focused on answering targeted questions arising from an investigative hypothesis and on preserving all documents and data connected to the issue. For that reason, investigations have a much narrower scope than due diligence but a much wider and deeper list of procedures that are undertaken, such as the extraction and analysis of emails and transaction testing.

It is possible, given the nature of the procedure, for due diligence to be followed by an internal investigation before or after the closing. If a concern is identified during the due diligence process – even though not fully understood – an investigation may be recommended to fully comprehend the situation and its possible effects.

In a situation such as this, an investigation before the closing would add to the findings of the due diligence to assist decision makers in understanding risks and conducting an informed negotiation. Post-closing investigations, on the other hand, may assist in mitigating risks and preventing the reoccurrence of similar situations.


1 Marcos Paulo Veríssimo is a partner and Raphael Rodrigues Soré is a senior associate at Machado, Meyer, Sendacz e Opice Advogados.

2 Public Procurement Law No. 8,666 of 1993.

3 Fiscal Responsibility Law – Complementary Law No. 101 of 2000.

4 Administrative Misconduct Law No. 8,429 of 1992.

5 Brazilian legislation regarding private corruption is quite scarce and shall not be analysed in this article.

6 Corporate corrupted acts could have criminal implications to the individuals involved; however, not to corporations, since legal entities can only face criminal liability in Brazil in connection with environmental issues.

7 BCCA sanctions will not prevent independent claims for damages by the damaged entity or entities. In this sense, if a company benefits from a corrupt act the damage caused can be compensated alongside the punishments listed below:

  1. fine of 0.1 to 20 per cent of the company's gross revenues of the last year prior to the beginning of the proceeding and, if it is not possible to determine the amount of the revenue, the fine shall be established between 6,000 reais to 60 million;
  2. publishing of the administrative decision not only in the Official Gazette, but also on the main page of the website of the legal entity condemned;
  3. c prohibition to receive public incentives, subsidies, donations and financing from one to five years;
  4. seizure and confiscation of assets and gains related to the misconduct act;
  5. partial suspension or interdiction of activities; and
  6. compulsory dissolution of the legal entity when the entity is (1) used on a regular basis to ease or promote the performance of wrongful acts, or (2) organised to conceal or dissimulate illicit interests or the identity of the beneficiaries of the acts performed.

8 Decree 8,420/2015. Article 42. For the purposes of the provisions in Section 4 of Article 5, the integrity programme shall be assesses for existence and implementation, based on the following parameters: (1) commitment of the senior management of the legal entity, including the boards, evidenced by visible, unequivocal support to the programme; (2) standards of conduct, code of ethics, and integrity policies and procedures applicable to all employees and managers, irrespective of the position or role; (3) standards of conduct, code of ethics and integrity policies that are extensive, when necessary, to third parties, such as suppliers, service providers, brokers and associates; (4) periodic training on the integrity programme; (5) periodic risk analysis oriented to any adjustments required in the integrity programme; (6) accounting records that comprehensively and accurately reflect the corporate transactions; (7) internal controls to ensure the prompt preparation and reliability of the corporate reports and financial statements; (8) specific procedures to prevent fraud and illegal actions within the scope of bidding procedures, the implementation of administrative agreements, or any interactions with the public sector – albeit facilitated by third parties – such as the payment of taxes, submission to audits, or obtaining permits, licences, authorisations and certificates; (9) independence, structure and authority of the internal body in charge of implementing and enforcing the integrity programme; (10) channels to report non-compliance, which should be open and widely disseminated to employees and third parties, as well as methods oriented to safeguard good faith whistle-blowers; (11) disciplinary action in case of breach of the integrity programme; (12) procedures to ensure the prompt interruption of any non-compliance events or violations detected, and timely remediation of the damage caused; (13) appropriate hiring measures and, as appropriate, supervision of third parties such as suppliers, service providers, brokers and associates; (14) during mergers, acquisitions and corporate restructuring procedures, verify any faults or illegal actions committed or the existence of vulnerabilities at the legal entities involved; (15) ongoing monitoring of the integrity programme for improvement, in order to prevent, detect and fight the detrimental actions provided for in Article 5 of Act No. 12,846 of 2013; and (16) transparency of the legal entity regarding donations to candidates and political parties.

9 Such liability would be restricted to the payment of applicable fines and to the full compensation for occasional damages.

11 The duty of care, according to Brazilian legislation, is related to the executives' bias, what must be the one of an honest and active person, acting continuously in the best interest of the company, behaving as carefully and diligently as a reasonable person would do in similar circumstances. In this sense, if the absence of a CMS is considered as a failure of the manager's duty of care, this may lead to civil liability for the manager as an individual.

Unlock unlimited access to all Latin Lawyer content