it | en |

Newsletter: “Directors Found Liable for Damages Due to Lack of Compliance Program pursuant to Legislative Decree 231/2001”

Italian case law continues to focus on the enforcement of Legislative Decree 231 of 2001, a body of law setting forth quasi-criminal liability for corporations in case certain crimes are committed on their behalf. A decision by the Milan Court (no. 1774 of 2008) has gone as far as to state that a managing director who does not adopt a compliance program pursuant to such legislation breaches his fiduciary duties and is liable for damages vis-à-vis the company.

Director’s Liability

In a landmark decision (no. 1774 of 2008) the Court of Milan held that the former managing director of a joint stock corporation, which had been condemned pursuant to Legislative Decree 231/2001, was liable vis-à-vis the company and its shareholders for not having adopted an organizational model aimed at preventing the commission of crimes on behalf of the company.

According to the Court’s reasoning, the adoption of an effective organizational model would have shielded the company from any liability pursuant to Legislative Decree 231/2001, thus preventing the sanctions imposed upon the company. Therefore, even though the adoption of an organizational model is not strictly mandated by Italian law, the lack of such adoption by the managing body amounted to a negligent conduct in the management of the company and to a failure in ensuring that the managing, organizational and accounting structure of the company be adequate to its nature and size. Such breach of the director’s fiduciary duties procured damages to the company for which the director has been held responsible.

Corporate Liability pursuant to Decree 231

While traditionally only individuals could be subject to criminal liability, Legislative Decree 231/2001 has introduced a quasi-criminal liability for corporations in case a specific crime is committed on their behalf by any of their representatives. In such case, in addition to the personal liability of the individual, the corporation, too, is held liable, unless it can provide evidence that it has adopted and effectively enforced organizational models aimed at preventing the committed crime.

Sanctions for corporations’ liability vary from monetary sanctions to the prohibition to enter into agreements with any public entities. These latter sanctions are especially worrisome to companies whose key accounts are public administrations (e.g., in the health sector), who are active in the financial industry or whose production activities involve health and safety requirements.

Compliance Programs

According to Section 24 of Legislative Decree 231/01, corporate liability arises when the following requirements are met:

(i) OBJECTIVE REQUIREMENT: a specific crime is carried out in the interest of the company by individuals working within its internal organization; and

(ii) SUBJECTIVE REQUIREMENT: the company lacks effective compliance programs in order to prevent such crimes, thereby being responsible for the so called culpa in vigilando.

An effective organization model pursuant to Legislative Decree 231/01 must provide: (i) a detailed risk analysis on the commission of any of the crimes provided for by the concerned legislation; and (ii) appropriate policies and measures aimed at preventing the risk that a crime is committed. In addition, an organizational model must set up a compliance committee with the specific task of monitoring the application of the model.


This newsletter only contains a general description and is not and should not be considered or relied on as legal advice.

Source: Ughi e Nunziante