top of page

Is Compliance a "Safe Conduct"? The Risk of Misaligned Incentives in Bill 686/25

  • Jan 30
  • 5 min read
The image is a black and white photograph capturing a corporate and analytical work environment. The primary focus is on the hands of two individuals dressed in professional business attire (suits and blazers).

Corporate integrity and compliance remain critical pillars for institutions and the Brazilian market, especially in light of recent headlines.


From inquiries involving significant and fraudulent financial operations at Banco Master to governance crises affecting national passions—such as the recent case observed at São Paulo Futebol Clube—the message, from any angle, is clear: without corporate governance supported by robust integrity and compliance controls, an organization’s reputation and sustainability hang by a thread. Consequently, the market and economic regulation follow the same path of insecurity.


It is precisely within this landscape of constant vigilance that we must discuss a legislative proposal with the potential to rewrite the rules of corporate liability and the legal effects of so-called Integrity and Compliance Programs in Brazil—a matter that demands our immediate critical attention.


What is at Stake:

Specifically, we address Bill (PL) 686/25, introduced to the Chamber of Deputies in 2025. The proposal presents an idea that is seductive at first glance but controversial in essence: the exclusion of criminal liability and administrative misconduct (improbidade administrativa) for legal entities that prove they have Integrity and Compliance Programs verified as effective.


The declared intention, in principle, appears to be fostering a culture of corporate integrity—a topic that, in the era of the ESG agenda, remains undeniably strategic and necessary for both the public and private sectors.

In general terms, the Bill establishes that if a company possesses clear and robust compliance structures, policies, and controls, it could be "rewarded" with the "exclusion" of its criminal and civil legal liability, particularly regarding illicit acts committed by third parties or even by its agents, officers, and representatives.


However, as I analyzed in an exclusive interview with the Integridade ESG portal, the "devil is in the details," especially when dealing with a legal and market context as complex and multifactorial as Brazil's. Are we creating a real incentive or merely a potential "safe conduct" (salvo-conduto) within the national regulatory environment?


The Risk of the "Inverted Signal"

To deepen this discussion, in the 2025 interview with Integridade ESG, I sought to provide an essential counterpoint: the automation of the removal of criminal and civil liability could generate an "inverted signal" for the regulatory environment, especially if certain points are not well-evaluated and regulated.


Currently, a company in Brazil, whether public or private, may be held criminally liable for the following offenses: environmental crimes (Federal Law No. 9,605/1998) and crimes against the tax, economic, and consumer relations orders (Federal Law No. 8,137/1990 and Federal Law No. 12,529/2011).

In none of these current laws does a company have the possibility of exclusion or mitigation of its criminal liability based solely on possessing effective integrity and compliance programs, even if they are "certified" or "evaluated" by third parties.


Thus, even if the scope of Bill 686/2025 broadly indicates illicit acts, administrative misconduct, and corruption, the measure must integrate and align with the existing framework for corporate crimes in the Brazilian legal system. This system is not limited to the topics mentioned in the Bill, as it encompasses environmental, economic, tax, and consumer issues.


Furthermore, the proposal submitted to the Chamber must be compatible with the Brazilian Penal Code (Decree-Law No. 2,848/1940), among other issues that deserve careful attention in the discussion and secure legal grounding of the bill.


Another central point is that the proposal may subvert preventive logic. By ensuring that an integrity and compliance program (no matter how robust on paper) "automatically exempts" a company from criminal or civil punishment, there is a risk of signaling to economic agents and the market that public law enforcement and rigor can be bureaucratically "bypassed." This is particularly concerning given the difficulty in establishing robust criteria to be observed by the public and technical authorities designated for such oversight.


Exclusion vs. Mitigation: Which Regime for Brazil?

It is fundamental to look at what already exists. Today, Federal Law 12,846/2013, popularly known as the "Anti-Corruption Law" (a law which, in fact, does not carry that formal title, but rather refers to the administrative and civil liability regime of legal entities for acts harmful to national and foreign Public Administration), already offers benefits for more "ethical" companies. However, such incentives come in the form of mitigation (reduction) of sanctions, and not total exemption.


A reformulation and expansion of the benefits for mitigating penalties and sanctions in Law 12,846/2013 would be appropriate and is indeed necessary, seeking to generate greater incentives for legal entities to implement integrity and compliance controls. However, in principle, this should not result in the "integral extinction of criminal or civil liability."


This logic of mitigation, with exemption being a rare exception, is the global standard. Reference legislations, such as the Foreign Corrupt Practices Act (FCPA) in the US, do not provide for the total exclusion of legal liability simply because a company has internal controls. They use compliance as a factor for formulating leniency agreements and for mitigating penalties. Examples of this approach include France (Sapin II Law - 2016), Argentina (Law 27,401 - 2017), and Mexico (LGRA - 2017), among others.


The exception, applied in a very meticulous and exceptional manner, is the UK Bribery Act (UKBA) in the United Kingdom. This regulation provides, strictly for cases of bribery, the possibility for companies involved in the illicit act to discuss and prove in court that their compliance controls were effective, despite the irregularities committed by their agents or third parties.


By proposing total exemption, Bill 686/25 may place Brazil at odds with international best practices for prevention, unless the conditions and the integration of the initiative with other laws and regulations governing the criminal, civil, and administrative liability of legal entities are better understood. Otherwise, the fight against environmental, tax, and economic crimes could be weakened.


Reality Check: Compliance is Not Infallible

Another point is the "reality check": even the best integrity and compliance programs do not shield a company (nor its agents, stakeholders, and the market) against 100% of fraud, bribery, and irregularities. In Brazil, the Americanas case is a painful and recent example that having formal structures does not prevent serious ethical collapses, even when subject to audits by the so-called "Big Four."

Consider, then, an emblematic case and perhaps the largest "corporate fraud" scandal in Brazilian history: the operations of Banco Master and its developments. Not only are agents and business groups involved in fraud and illicit acts, but there are also questions regarding the performance of the competent State regulator in the matters addressed.


As if these examples were not enough, there is intense discussion regarding integrity and ethical conduct within the Brazilian Judiciary, notably in the Supreme Federal Court (STF), and the urgent need for the development and application of a Code of Conduct—a mandatory mechanism for any Integrity and Compliance Program, whether public or private.


Integrity and Compliance Programs, regardless of the type of corporate liability (civil, administrative, or criminal), are fundamental mechanisms for the development of corporate governance. They represent an advanced logic of regulated self-regulation, where public authorities, through prior legal or regulatory standards, begin to consider and grant public effects to integrity and compliance systems effectively developed within companies and private organizations. This is a regulatory strategy for prevention and for redefining the relationship between economic agents, legal entities, and higher standards of integrity.


Brazilian legislation (especially in its implementation) does indeed need to distinguish the CNPJ (the company) from the CPF (the corrupt agents) to avoid the institutional collapse of companies that generate jobs and income—a mistake made during the Lava-Jato investigation. However, preemptively exempting the "CNPJ" may remove the incentive for constant and effective vigilance, thereby affecting the concrete purpose of economic regulation for agents and the market.


Conclusion

The debate over Bill 686/25 is undoubtedly important, particularly for discussing better and more effective ways to incentivize corporate governance structures, risk management, and compliance. It is not a matter of being "for or against" companies, but rather about calibrating incentives in a "sui generis" and complex regulatory and cultural environment like Brazil's. Do we want compliance practices to be a legitimate and rigorous ethical shield, or merely an "insurance policy" against punishment? It is worth reflecting.


--

[Automatically translated]

Originally published on LinkedIn.

Author: Bruno Teixeira Peixoto

Comments

bottom of page