The laws and regulations that guide the creation of compliance programs in Brazil.

Posted on by Posicao Web
06
Jan

The creation of compliance programs in Brazil has ceased to be an optional initiative and has become a strategic and legal necessity for companies of all sizes and sectors. Increased oversight, evolving legislation, and greater demands for transparency from society and the market mean that organizations need to structure effective mechanisms for preventing, detecting, and responding to irregularities. To this end, it is essential to understand which laws and regulations guide the construction of a solid compliance program that is relevant to Brazilian reality.

What is compliance and why is it regulated?

Compliance can be defined as the set of practices, policies, and controls designed to ensure that a company operates in accordance with laws, regulations, internal rules, and ethical standards. In Brazil, the topic gained prominence mainly following major corporate scandals, which highlighted the need for more robust integrity and governance mechanisms.

The Brazilian legal framework is not based on a single compliance law, but on a set of rules that, together, establish obligations and guidelines for responsible business conduct.

Anti-Corruption Law (Law No. 12.846/2013)

A Lei nº 12,846/2013 The Brazilian Anti-Corruption Law, also known as the Corporate Anti-Corruption Law, is one of the main pillars of compliance programs in Brazil. It establishes the objective administrative and civil liability of legal entities for acts against the national or foreign public administration.

A central point of the law is the recognition of the existence of integrity programs as a mitigating factor in the application of sanctions. This has encouraged companies to structure compliance policies, codes of conduct, whistle blowing channels, and effective internal controls.

Decree No. 8,420/2015

The Decree No. 8,420/2015 regulates the Anti-Corruption Law and details the criteria for evaluating integrity programs. It defines the minimum elements that a compliance program must contain, such as:

  • Commitment from senior management;
  • standards of conduct and codes of ethics;
  • periodic training;
  • risk analysis;
  • Internal controls and audits;
  • reporting channels and investigation mechanisms.

This decree serves as a practical reference for companies that wish to structure or revise their compliance programs in a way that aligns with the expectations of public authorities.

General Data Protection Law (Law No. 13.709/2018)

The LGPD introduced new obligations related to the processing of personal data, directly impacting compliance programs. It requires companies to adopt technical and organizational measures to ensure security, privacy, and transparency in the use of data.

Aspects such as data governance, risk management, accountability, and employee training are fundamental both for the LGPD (Brazilian General Data Protection Law) and for an effective compliance program. Therefore, data protection has become an indispensable component of corporate compliance.

Laws and regulations of the financial and regulated market.

Companies operating in regulated sectors, such as finance, insurance, healthcare, and energy, must also observe specific compliance standards. Bodies such as the Central Bank, the CVM (Brazilian Securities and Exchange Commission), the ANS (National Agency for Supplementary Health), and ANEEL (National Agency for Electric Energy) publish regulations that require internal controls, risk management, anti-money laundering measures, and corporate governance.

These standards reinforce the importance of compliance programs tailored to the realities and risks of each sector.

International norms and standards

In addition to national legislation, many companies adopt international standards as a benchmark to strengthen their compliance programs. Among the most widely used are:

  • ISO 37301(Compliance Management System);
  • ISO 37001(Anti-Bribery Management System);
  • ISO 19600(compliance guidelines);
  • Foreign Corrupt Practices Act (FCPA), from United States;
  • UK Bribery Act, from the United Kingdom.

Although not legally required in Brazil, these standards are widely recognized and valued by the market, especially by companies operating globally.

The role of internal rules and organizational culture

In addition to external laws and regulations, compliance programs must be supported by clear internal policies, such as codes of ethics, conduct manuals, and operational procedures. These documents translate legal requirements into the day-to-day reality of the company.

The effectiveness of compliance, however, depends on the organizational culture. Without leadership engagement and employee commitment, even the best-structured programs tend to fail.

The creation of compliance programs in Brazil is guided by a robust set of laws, decrees, and regulations aimed at promoting integrity, transparency, and corporate responsibility. Knowing and understanding this legal framework is the first step in structuring an effective and sustainable program.

By aligning legislation, best practices, and organizational culture, companies not only reduce legal risks but also strengthen their reputation and their ability to grow ethically and competitively.penas reduzem riscos legais, mas também fortalecem sua reputação e sua capacidade de crescer de forma ética e competitiva.

This entry was posted in Uncategorized. Bookmark the permalink.
Posicao Web