What is Model 231?

Legislative Decree 231/01 aims to prevent and combat the risk of corporate crimes by establishing the liability of legal entities for unlawful acts committed to their advantage or in their interest by employees or collaborators. It promotes a system of organization, control, and sanctions to ensure compliance with ethical and legal standards in the workplace.

The Organizational Model 231 is a tool that documents the set of rules, procedures, and protocols adopted by companies to prevent the commission of unlawful acts that could result in corporate liability. In addition, the decree requires the appointment of an independent body, whose duty is to monitor the implementation and updating of the model (the Supervisory Body). The goal of Law 231 is to encourage companies to implement crime prevention systems through the adoption of organizational, management, and control models.

The 231 framework is primarily aimed at companies and entities wishing to prevent the commission of crimes by adopting preventive measures against corruption, fraud, money laundering, and other unlawful acts (predicate offenses). To be exempt from liability under Legislative Decree 231, companies must adopt an Organizational, Management, and Control Model (MOGC) and establish a Supervisory Body. However, adoption of Model 231 is not mandatory; it remains a voluntary choice.

Adopting Model 231 reduces the risk of incurring criminal and administrative sanctions for crimes committed in the interest or to the advantage of the company by managers or employees. The company can thus avoid heavy fines and suspension of activities, as well as other sanctions such as confiscation, revocation of licenses and authorizations, and bans on contracting with public authorities.

Model 231 is created by companies that choose to adopt it and must be developed by a multidisciplinary team. In addition to internal legal and compliance teams, lawyers, compliance experts, and external consultants are often involved. These professionals analyze risks and define internal procedures. Implementation requires the involvement of the entire organization.

The creation of Model 231 follows a structured process, with several key phases:

Implementation phases

Risk analysis and assessment (risk assessment and gap analysis)

This stage requires a detailed mapping of business processes to identify areas at risk of crimes. Risks are then assessed based on their likelihood, severity of sanctions, and potential impact, leading to the creation of an Action Plan.

Drafting the Model and defining control procedures

Based on the risk analysis, the Organizational, Management, and Control Model is drafted (composed of a General Part and a Special Part), and protocols and control procedures are defined to prevent identified offenses. These include authorization, verification, and monitoring systems. The Code of Ethics is a separate document but forms an integral part of the Model.

Training and information activities

Training and informing all involved stakeholders (directors, employees, collaborators, third parties, control bodies, and stakeholders in general) is essential to ensure the effectiveness of Model 231. Training activities aim to spread knowledge of prevention policies, procedures, and the applicable legal framework.

The Supervisory Body is appointed by the company and is responsible for verifying the functioning and compliance of Model 231. It must be autonomous and independent, with adequate powers to exercise effective control. The OdV also monitors periodic updates to the Model. Its activities include scheduled audits as well as information flows from corporate functions. It also receives reports of potential violations of the Model or crimes.

• Crimes against the Public Administration (such as corruption or bid rigging);
• Corporate crimes (such as false corporate communications or unlawful influence on the shareholders’ meeting);
• Market abuse crimes (such as market manipulation);
• Health and safety crimes, committed in violation of workplace accident-prevention and health protection regulations;
• Crimes of receiving stolen goods, money laundering, use of illicitly obtained money, goods or assets, as well as self-laundering;
• Computer crimes;
• Crimes against industry and commerce (such as commercial fraud);
• Crimes related to copyright infringement;
• Environmental crimes;
• Crimes related to the employment of third-country nationals with irregular residence status;
• Private sector corruption;
• Sports competition fraud;
• Tax crimes (e.g., failure to file tax returns; false invoicing; failure to pay VAT);
• Customs crimes (various forms of smuggling);
• Crimes against cultural heritage and laundering of cultural assets.

Legislative Decree 231/2001 introduces monetary and disqualifying sanctions for entities when crimes are committed by their representatives or employees to the entity’s benefit. Monetary sanctions are based on a quota mechanism, determined by the seriousness of the offense, with a monetary value per quota reflecting the entity’s economic size. Disqualifying sanctions aim to restrict the entity’s activity, including suspension or revocation of licenses, prohibition from contracting with the Public Administration, and exclusion from funding. Other sanctions may include confiscation of the proceeds of the crime and publication of the judgment.