2023
93
19032023
11082023
Università degli studi di Torino, Italia
Abstract: The paper conducts a comprehensive analysis of corporate criminal liability in Italy, with a specific focus on internal corporate investigations. After providing a brief overview of the Italian legal system concerning corporate criminal liability, the paper compares internal investigations conducted by companies with the Public Prosecutor’s preliminary investigations, examining their respective strengths, weaknesses, and differences. Additionally, the research explores the admissibility of internal investigations during the preliminary investigation stage and in the negotiation process, specifying the inherent limitations and practical challenges in the absence of specific regulations on this matter.
Keywords: Italian Corporate Criminal Liability, White Collar Crimes, Internal Investigations, Preliminary Investigation.
Resumo: O artigo realiza uma análise abrangente da responsabilidade penal corporativa na Itália, com foco específico nas investigações internas corporativas. Após fornecer uma breve visão geral do sistema legal italiano em relação à responsabilidade penal corporativa, o artigo compara as investigações internas conduzidas pelas empresas com as investigações preliminares do Ministério Público, examinando suas respectivas vantagens, fraquezas e diferenças. Além disso, a pesquisa explora a admissibilidade das investigações internas durante a fase de investigação preliminar e no processo de negociação, especificando as limitações intrínsecas e os desafios práticos diante da ausência de regulamentações específicas sobre esse assunto.
Palavras-chave: Responsabilidade criminal empresarial na Itália, crimes de colarinho branco, investigações internas, investigação preliminar.
Fundamentals of criminal procedure
Internal investigations in the trial of corporations in Italy: the practical implication of their admissibility for trial purposes
Investigações internas no julgamento de empresas na Itália: implicações práticas de sua admissão para fins de julgamento
Received: 19 March 2023
Revised document received: 25 March April May May May June June August 2023
Accepted: 11 August 2023
The introduction of corporate criminal liability, accomplished with Legislative Decree No. 231 of June 8, 2001, “Administrative Responsibility for Crime,” marked a Copernican revolution in the field of Italian criminal law, as it recognized, for the first time, an exception to the principle of “societas delinquere non potest” (a company cannot commit a crime) and established a form of liability applicable to corporate entities for the offenses committed.
One of the most intriguing consequences resulting from this legislative innovation is undoubtedly the spread of so-called “internal investigations,” which are inquiries conducted directly by the corporate entity within its own organization, with the aim of detecting the presence of relevant offenses under the provisions of Legislative Decree No. 231/2001.
The most interesting aspect of internal investigations, as emphasized in this contribution, concerns their nature as a tool for exercising the right of defense recognized to the entity itself, in order to avoid liability for criminal offenses committed by members of its organization. However, internal investigations - which, in recent years, have been conducted in a notably thorough and punctual manner by many entities - still remain unknown to the Italian Legislature. This necessitates significant efforts and not always straightforward interpretative solutions to identify their boundaries, systematic implications, and the possibility of using the results of internal investigations within criminal proceedings. In fact, in the absence of specific legislative regulations, the investigation methods, the scope of the inquiry, and the practical management are left to customary practices, often drawing from established practices in other countries or foreign regulations.
The focus of this contribution is to complete an analysis of so-called “internal corporate investigations” in the context of criminal/administrative liability of entities, which was introduced in the domestic legal system relatively recently after many years of controversy over its admissibility, nature, and operating procedures.
Due to the connection between corporate administrative liability and internal investigations, it is therefore impossible to analyze the latter - including their legal qualification and the open issues on the subject - without first mentioning the introduction of entity liability and understanding the subject’s fundamental topics.
In 2001, the Italian legislature overcame the long-standing difficulties in configuring “crime” liability for corporations2 with Legislative Decree No. 231 of June 8, 2001, “Administrative Responsibility for Crime”.
Indeed, this criminal policy choice, which was self-imposed following Italy’s signing of the 1997 OECD Convention, represents a crucial step in the social control of white-collar crimes3.
Before this historic regulatory intervention, the Italian criminal justice system did not recognize any forms of direct liability for legal entities, as opposed to the strict liability for pecuniary penalties identified by the Article 197 of the Criminal Code, which outlines a shared liability mechanism (still in effect today) in case of the convicted party’s insolvency, if they have acted on behalf of the company4.
First of all, despite the “administrative label”, there have been multiple efforts aimed at identifying the true nature of entity responsibility; the majority doctrine5 believes that the liability model in Legislative Decree No. 231/2001 has a purely criminal nature: it arises from the commission of one of the criminal offenses listed by the law as a prerequisite for corporate liability, is established through the procedure and the formalities of a criminal trial, and incorporates “principles of liability” that are typically criminal6.
Those who argue for the administrative nature of entity responsibility emphasize that the title of the introductory decree and the first chapter explicitly identify this form of responsibility as administrative. Certainly, recognizing the administrative nature of this responsibility allows for the exclusion of the guarantees recognized by the Italian Constitution in the field of criminal law.
On the other hand, a third perspective argues for the “mixed” nature of entity responsibility, placing it within a so-called tertium genus introduced by Legislative Decree No. 231/2001, which includes some typical elements of administrative responsibility and some others that characterize criminal responsibility.
However, unlike the regulatory frameworks of many other European countries7, such as Ireland, France, Belgium, and the Netherlands, Italy has consistently refused to classify corporate responsibility as full criminal liability8.
The controversial nature of the liability outlined by the Italian lawmaker seems to derive its “hybrid” character from the international origin9 of the domestic regulatory framework: the international acts referred to in Law no. 300 of September 29, 2000, not only prompted the national legislature to adopt a form of liability of legal persons, but also to define it by breaking away from traditional categories.
The basic premise of the “231-liability model” is to overcome the traditional postulate of societas delinquere non potest and pave the way for the development of new criteria for attributing liability to compensate for the company’s inability to act compared to individuals.
Historically, the reason why a company’s criminal liability was considered impossible was based on Article 27 of the Italian Constitution, which states that this liability is “personal.”
Two critical issues arose from this interpretation:
personal liability is primarily an individual responsibility, not a group responsibility; it is a liability for the act of an individual, not of a group;
personal also means blameworthy, and the accountability of a multi-person entity is incompatible10.
In spite of these critical issues, the urgency of ensuring also to Italy a liability of legal persons has led to softening the constitutional limit, interpreting it in coherence with the demand of the experience of reality: indeed, it can be assumed that despite of the formal qualification, the legislature introduced this form of liability to address the criminogenic nature of business activity. Thus, it represents a “new” form of criminal law, modeled on the peculiarities of business crime, in which the entity is liable for a crime committed and the regulation of liability is informed by the principle of legality and non-retroactivity, which are typical for criminal law.
This undoubtedly places it closer to the criminal category than to the administrative one. However, Italian case law11 has opted for the middle ground solution, tailoring the aforementioned tertium genus of liability, that allows the issue of etiquette to be resolved on the theoretical level, without affecting the practical regulation, which - in the opinion of the writer - remains fundamentally criminal in nature.
Furthermore, there seems to be support for this perspective in international law. This support for this perspective is evident in international law and, in particular, in specific articles of the European Convention on Human Rights (ECHR), namely Articles 34 and 41, which imply that the Convention applies to legal persons, including corporations.12 These articles recognize the right of individual petition and provide for the jurisdiction of the European Court of Human Rights (ECtHR) over not only states but also any person, non-governmental organization, or group of individuals claiming to be a victim of a human rights violation by a state party to the Convention. This inclusion of “any person” in the articles can be interpreted as encompassing both natural and legal persons, thereby affirming the applicability of the Convention to corporations.
In alignment with this interpretation, the overarching objective of the Convention is to ensure that every person, regardless of their legal status, can enjoy the rights and freedoms safeguarded by the ECHR; among the general principles, the principle of the correct qualification of the sanction must be included without fail, in order to avoid the so-called ‘labeling fraud’.13
To properly apply this principle, the European Court of Human Rights requires considering the so-called ‘Engel criteria’14, which establish that, for the proper classification of a sanction, one must not solely rely on the classification provided by domestic law, but, on the contrary, also evaluate the nature of the applied sanction, its severity, and its gravity. If companies are considered fully subject to the Convention, then by applying Engels criteria, the sanctions imposed on corporations under Decree 231 allow for the entire liability framework to be included in the criminal sphere.
The purpose of the paper is to frame the phenomenology of internal investigations and its usability in the prosecution of entities, so it is deemed necessary to proceed with an initial analysis of the prerequisites of the liability of legal persons in Italy, with some brief mentions of comparison with other European systems and the Anglo-American system. Specifically, the legal framework outlines two levels of liability: one strictly objective, like actus reus, and one subjective, similar to mens rea.
Regarding objective liability, it is important to note that a corporation can be held liable if one of the so-called predicate crimes is committed15 and provided that the crime is committed by an individual linked to the company by a qualified relationship.
In essence, there must be a functional link between the perpetrator and the corporation, which can be described in the dual capacity outlined in Article 5, letter a) and letter b): «the entity is liable if the crime is committed by a) persons who hold positions of representation, administration, or management of the entity or one of its organizational units with financial and functional autonomy, as well as by persons who exercise, even de facto, the management and control of the same; b) by persons subject to the management or supervision of one of the individuals referred to in letter a)»16.
The second objective condition requires that the offense be committed in the interest or for the benefit of the entity. The assessment of the existence of the interest requires an ex-ante judgment, which takes place at the time of the criminal conduct and ascertains that the offender acted with the intent to benefit the entity, regardless of whether the entity was then actually favored. On the other hand, the assessment of the existence of the entity’s advantage takes place ex-post and notes any positive economic or other results that the entity gained or could have gained from the commission of the crime.17.
In this context, the Italian structure of corporations’ liability is partially different from that provided in Anglo-American systems.
In the United States, a simpler model of ascertainment has been adopted which holds the company liable in all cases where an individual has acted within the scope of their employment. The only case in which corporate liability can be excluded is when the individual has acted against the interest of the company, such as by harming or defrauding it18. In contrast, regulations in European that govern the criminal liability of corporations tend to provide for a system like the Italian one: for example, Article 31-bis of the Spanish Criminal Code provides that the company is liable in the case of an offense committed «in its name or on its behalf or for its benefit» and Article 3 paragraph 1 no. 1 of the Austrian VbVG recognizes liability only in the case of an offense committed for the benefit of the corporations, requiring more than the mere “occasion of employment” to which the U.S. regulations attach relevance19.
On a subjective level, corporate liability is further subject to a criterion of a sort of mens rea, which can be identified in the so-called “organizational fault.”
Italy does not allow for strict liability in criminal law, which is understood as a liability imposed in the absence of intent or negligence in the act.
In contrast, Anglo-American systems have historically adopted standards traceable to strict liability, regardless of whether there was an actual possibility of reproaching the corporation.
In summary, in the Italian system, corporate liability is attributed to the failure to adopt or comply with appropriate standards regarding the organization and conduct of business activities.
From this perspective, a corporation can only be charged for the commission of a crime if it failed to establish an effective organizational system aimed at preventing and managing the risk of the offense, regardless of whether the crime was committed in its interest or to its advantage.
However, a company can defend itself if it adopted and effectively implemented an organizational and management model before the commission of the crime, that is suitable for preventing the commission of similar crimes.
To exclude culpability, the management body must have adopted and effectively implemented organizational models, the Supervisory Body must supervise and update them, and there must have been no failure or insufficient supervision of their functioning and observance20.
Thus, the corporate compliance model operates as a cause of exclusion of culpability both when the predicate offense is committed by a top person and when a subordinate person commits the same.
Legislative Decree 231/2001 compliance models, or “Compliance Company Programs,” were partly derived from Anglo-American legislation and aim to align individual conduct with the law and activate effective internal control systems to ensure lawful and fair business operations.
However, unlike in Italy, compliance with programs and the correctness of choices cannot lead to complete impunity for the entity, which can only get a reduction of up to 80 percent of the penalty.
One of the most notable aspects of the 231-liability system is that it has established a model of liability that is direct and autonomous to the entity, meaning that it does not necessarily require the establishment of the liability of a specific natural person (Art. 8)21.
This choice was dictated by the real and pragmatic need to deal with the current medium-large organization of companies, which presents a horizontal division of competencies and a fragmentation of decision-making and operational centers that would have made it extremely difficult to identify the perpetrator, thus inhibiting the effectiveness of the “criminal” response against collective entities.
Before delving into the issue of internal investigations, it is necessary to briefly consider the type of offense for which the defendant corporation is liable.
Two hypotheses have been proposed in the literature:
the corporation is liable for aiding and abetting the crime committed by the perpetrator;
the corporation is liable for an independent and separate offense.
In the first scenario, there is only one crime with two accomplices with different mens rea criteria22. In the second case, the two offenses would be distinct and therefore could not be reduced to a single charge23.
Indeed, it is argued that [1.] negligent facilitation in another’s intentional offense is not generally permitted in our criminal system, unless it is expressly provided for; [2.] if the corporation is liable for the predicate offense, the alternative lawful conduct should be the prevention of the predicate offense, according to the guarantee model (commission by omission). However, the company has no guarantor role in preventing its employees from committing crimes24.
However, the two hypotheses addressed in the literature do not shift the focus of this work from the topic of internal investigations: in both cases it is taken to appreciate that internal investigations assume a strictly defensive function in the prosecution of the corporations.
From a procedural point of view, indeed, it is necessary to emphasize that the liability process of both the corporation and the perpetrator follows the rules of a criminal trial, which are designed to determine liability for individual defendants;25 this aspect is decidedly relevant in order to qualify and regulate internal corporate investigations.
If the two proceedings are initially separate, Article 38 of Legislative Decree No. 231/2001 provides that the proceedings to establish corporate liability must be consolidated with the criminal proceedings involving the perpetrator (so-called simultaneus processus).
This unified approach to two different legal issues raises questions about the actual procedural safeguards for the company26. In examining legal cases, there appears to be a certain speed in the reasoning when addressing the - almost always secondary and residual - issue of corporate liability.
What is argued to exclude or establish the liability of the perpetrator automatically becomes relevant for the liability of the company when the evidence bundle does not include evidence of a compliance model or a finding of its timely updating.
In essence, prosecuting the perpetrator is evidence of organizational dysfunction in terms of compliance, which is sufficient for not excluding the liability of the corporation.
It is worth noting that, in this way, Article 8 loses its relevance: even if the perpetrator is not identified, it is sufficient for the judge to verify only the objective elements of the crime – which are necessarily the only ones - for the corporation to be included in the proceedings. Whether there is a human defendant or not, if a predicate offense is ascertained, at least in its objective elements, the proceedings can move forward.27
This sort of “relative presumption” that is formed against the company involved in such a proceeding is not the only issue that seems to raise concerns about the procedural rights of the individuals involved: from another perspective, the natural person also suffers from the weakness of procedural guarantees.
Indeed, the decision of the Italian legislature to structure the de societate process in the same way as that of an individual was made without considering at least two other factors:
the particularity of companies, which do not have a personality distinct from that of the individual representing them in the trial, who is often equally involved in the same offense;
the different parameters used to establish the liability of corporations, compared to those used to determine criminal culpability for individuals, which can affect the latter’s position in the same trial context.
Regarding the first point, a critical issue arises if we analyze Article 44 of Legislative Decree 231/2001, which requires the legal representative who did not hold office at the time of the offense to testify in the trial against the corporation. It has been rightly pointed out that this is detrimental to the right of defense, as it forces the person representing the company to testify and speak on its behalf in the trial.28.
Moreover, the choice of the Italian legal system is not unique, as other European legal systems have adopted models that tend to sacrifice the right to defense traditionally recognized for all parties involved in a criminal proceeding.
For instance, French legislation is even less protective than the Italian one, allowing the corporation to participate in the trial through the person who holds the functions of legal representation at the time of the prosecution and forcing them to testify as a witness29.
In the second respect, it has been pointed out that the proceedings against the company aggravate, or at the very least, do not facilitate the position of the individual offender30.
This issue has been extensively analyzed in comparative experiences31, as it appears to be a common thread in de societate trials in other jurisdictions as well, closely tied with the admissibility of internal investigations, which will be examined below.
It is worth noting that in Italy, the law regarding the incompatibility of the defense mandate (Article 106 of the criminal procedure code) requires the positions of the “defendants” to be “incompatible” with each other for its application. However, the entity is only called to answer for an administrative offense, and its liability is formally administrative, which would lead to its exclusion as a defendant32. It is difficult to determine the parameter of incompatibility in the context of the relationship between corporations and human defendants. Often, the incompatibility emerges after the joint mandate has been assumed by the defender, with detrimental consequences for the confidentiality of the communications that have already taken place between the defender and the assisted human person33.
The expression internal investigations34 refers to the investigative activities conducted by a corporation within its organization to verify information regarding possible violations of the law or company policies and to ascertain facts involving the company or its employees that could result in civil, administrative, or criminal liability.
Their primary function is aimed at internal audits of the maintenance and implementation of the company’s organization and risk management model, monitoring the application of policies to identify any procedural and organizational deficiencies that need to be promptly remedied, and any disciplinary proceedings.
Investigation activities generally begin with reports triggered through whistleblowing35 channels or from the dissemination of press reports involving profiles of responsibility of the entity’s management or may be requested by independent bodies responsible for internal compliance control.
Within this context, internal investigations serve as an internal response to signals of potential wrongdoing or mismanagement, acting to restore confidence in the company’s ability to manage risks for markets, regulators, and civil society36.
It is useful to note that the supervisory body plays a crucial role in initiating and overseeing internal investigations, as they are typically responsible for intercepting and managing information flows regarding potential violations of corporate compliance or 231 offenses, often with the aid of independent resources37.
However, it’s important to remember that internal investigations differ from ordinary internal control activities conducted by compliance and risk management bodies due to their procedural character.
This includes the possibility of being subject to cross-examination by the parties involved, and the fact that the findings could have a direct impact on the court’s attention 38.
The activity carried out by the investigation team typically involves the acquisition and analysis of documents kept in the company’s archives.
Regarding the documentary research, if the company does not have access to the places of cataloging, it may resort to requesting delivery from third parties in the form of defensive investigations under Article 391-bis et seq. c.p.p.
In the generality of cases, the documentation to be analyzed is of an administrative-accounting or commercial nature, such as purchase orders, invoices, transfers, payments, accounting records, contracts, or organizational documentation such as policies, proxies, and minutes. However, it can also include entire email accounts, project documentation, and employee, customer, and supplier master records39.
A second important activity of internal investigations is conducting interviews. The purpose of these interviews is to gather useful information or to discuss the results of the document review. Interviews are an efficient way to obtain general information about business processes, clarify information that emerged during the document review, or obtain an explanation of the links between various documents that may indicate procedural discrepancies (known as a walk-through)40.
It is important to note that the interviews conducted during internal investigations are distinct from those shown during disciplinary proceedings: during internal investigations, the interviews should not formalize any contestation of responsibility or truthfulness of statements previously made by interviewee41.
After acquiring the necessary documents and developing a follow-up of the interview results, data analysis is carried out. This analysis can take various forms, depending on the nature of the investigation, such as analyzing accounting or billing reports, identifying trends in incidences of management anomalies or discontinuities, and examining internal communications and emails.
Internal company investigations are conducted in a very similar manner in other countries that have adopted a similar model of corporate criminal liability. This is because detailed descriptions of investigative models are often part of shared company-wide best practices, which are disseminated to all workers. As a result of international labor mobility and the existence of ad hoc models, the European and non-European landscape has become more uniform; this fact emerges, as already mentioned, from the structure as well as the methods used for conducting internal investigations, which exhibit significant similarities across Europe42.
In light of the highlighted features, it is possible to see the internal investigations as a valid tool for avoiding criminal risk for the corporation, or at least for inhibiting excessive sanctioning.
However, at the same time, it is equally easy to perceive a significant risk of harmful effects for the individual involved in internal investigations.
As will be seen later, the internal investigation system is focused on promoting the cooperation of the parties involved with the judicial authority to reconstruct criminal responsibilities, to find a party to assign guilt for what happened and to reach a final agreement capable of satisfying the parties involved.
The legal classification of internal investigations is a complex issue.
With the increased autonomy of legal entities in criminal trials, it has been necessary to overcome the “legislative silence” regarding the regulation and qualification of internal investigations in order to develop a “trial right” suitable for allowing corporations to defend themselves in court.
In Italy, this need has resulted in the search for a kind of procedural “typicality” in the forms of defensive investigations under Article 391-bis of the Code of Criminal Procedure and subsequent regulations43.
It should be noted that internal investigation activities are not only carried out in case of criminal proceedings initiated by the Public Prosecutor’s Office. Sometimes, the internal control dynamic is triggered in the “physiology” of the corporation when, for example, the head of the company’s internal audit function or the head of legal affairs initiates an investigation for a reported irregularity, which does not necessarily constitute a criminal offense relevant to Legislative Decree 231.
This is why the provision in Article 327-bis of the criminal procedure code, which extends the timeframe in which defense investigation can legitimately be carried out, has been seen as an indication of the legal classification of internal investigations within the scope of the activity described by Title VI-bis of Book Five of the criminal procedure code.
If the code allows the defense counsel, with the appropriate mandate, to conduct investigative activities before the formal opening of criminal proceedings, then all internal control activities, even those carried out on that “physiological” basis, can be used for trial purposes when needed44.
In this case, the activity of internal investigation must comply with the forms of the Code.
The defender, as is known, may carry out the investigative acts only within the rites and guarantees imposed by the law, such as conducting interviews, receiving statements, gathering information, requesting documents, acquiring expert opinions, and accessing places even if they are not open to the public.
On the other hand, if one does not wish to agree with this normative classification, internal investigation activities are exempt from codified formalities. They may be presented in the trial like any other documentary evidence.
However, by being outside the scope of Article 391-bis of the Code of Criminal Procedure, corporations may lose not only the “parity of arms” concerning the investigative activities of the Public Prosecutor but also the guarantee of defensive secrecy.45.
It should be noted that defense counsel with a mandate (even if only for the conduct of preventive defense investigations under Article 391-nonies of the Code of Criminal Procedure) can invoke the guarantees under Article 103 of the Code of Criminal Procedure against investigative intrusions conducted through inspections in law firms, seizures of defense materials, or wiretaps.
The professional who acquires the acts of investigations operates as such and is bound only to professional secrecy46.
On a procedural level, the defense counsel has the right to refuse to give testimony on the facts they have learned in the exercise of their professional mandate under Article 200 of the Code of Criminal Procedure and to hand over acts or documents that they has acquired for professional reasons.
However, in the absence of a formal objection such as when the documentation is found elsewhere, nothing prevents the judicial authority from proceeding with the seizure of the same material47.
The issue becomes even more complex when considering the scenario in which the internal investigations are carried out by the “in-house” counsel, who is deprived of any privilege coverage due to the absence of independence requirements.
While Common Law jurisdictions explicitly recognize this issue through the institution of the U.S. “attorney-client privilege”48 or the British “legal advice privilege,” 49 in the Italian system, instead, it has been classified under the general “professional secrecy”50 applicable to other types of professions and job positions51. Essentially, the legal privilege represents a manifestation of the corporation’s right not to self-incriminate, as a corollary of the right of defense to be exploited especially in self-reporting procedures, i.e., cooperation between the prosecutor and defendant. In fact, legal privilege is not a privilege of the lawyer but rather represents a guarantee of the fiduciary nature of the relationship between defense counsel and the client and a protection of the confidential information that inevitably emerges during defense investigations. The gaps in Italian regulations regarding the management of defense investigations also result in a gap in the protection of legal privilege, which can prevent the dissemination of sensitive information concerning the companies subject to the investigations, there is no form of protection for the information and contents that in-house counsel must manage in the context of internal investigations under Italian law.
The theoretical difficulty of qualifying internal investigations52 and the lack of detailed legislation has created quite a few problems in terms of their acquisition in the criminal process from the investigation stage53.
The point is that internal investigations could be extremely useful where they enable the exclusion of an entity’s compliance defect; but they can be also counterproductive because – if the Prosecutor has reason to believe that the internal investigation has uncovered evidence relevant to the alleged offense – they may have it added to the case file: this means that conducting an internal investigation can become a self-defeating tool for the defense strategy, as it directly conveys management issues and process anomalies to the prosecutor that can be construed as indications of criminal activity. This situation creates a disadvantage for companies that proactively conduct follow-up audits when they detect internal dysfunction, as it leads to their internal investigations losing any appeal based on good practices54. Even though companies are responsible for initiating and financing these investigations, they should still be able to identify benefits from conducting them. To illustrate this point in the context of the Italian jurisdiction, let’s consider a hypothetical scenario where a report triggers an internal audit, which subsequently leads to the Public Prosecutor charging the company with one of the predicate offenses of 231 liability. Alternatively, the internal investigative activity could be a result of the first act of investigation by the Public Prosecutor55.
Potentially, the internal investigation activities, at the first recording of conduct with criminal relevance, led the company to appoint a defense counsel and grant a defense mandate: the results of the internal investigation activities may be qualified under Article 391-bis of the Criminal Code.
Article 58 of Legislative Decree 231/2001 establishes that the Public Prosecutor may issue a reasoned decree of dismissal if he considers that the conditions for the administrative offense are not met.
This means that, except for the obligation to notify the Attorney General’s Office at the Court of Appeals, which evaluates any challenge in place of the filing prosecutor, the dismissal in that kind of process does not go through the judicial review but follows the procedure provided for “non-crime news” in Register mod. 4556.
This makes the confrontation with the Prosecutor at this stage of the investigation a crucial moment.
Two scenarios can be envisaged57.
The first is that the internal investigations were triggered because of an alert generated by the correct application of the preventive safeguards developed and implemented in the Management and Organization Model adopted by the company.
In this case, the production of the results of the internal investigations in the form of a possible memorandum under Article 415-bis of the Code of Criminal Procedure to the Public Prosecutor ensures exoneration of liability for the integration of the conditions outlined in Article 6 of Legislative Decree No. 231/2001. The documentary evidence of the control activity activated by an internal warning system makes it possible to prove the company’s absolute extraneousness to the criminal affair58.
In the second scenario, the internal investigations revealed that the crime was committed with the tacit endorsement of an outdated, inadequately implemented, and supervisory-deficient compliance system.
In this case, even if dismissal is not possible, timely internal investigation activities can still be a valuable tool for trial cooperation59.
It should be noted that Legislative Decree 231/2001 was intended to promote prevention and remediation through post-factum activities aimed at repairing control system flaws60.
The critical issues highlighted in the company’s internal audit system, as a form of self-reporting and risk self-management, become indications of virtuous behavior that can be used to mitigate the penalty treatment under Art. 12 and to sterilize the interdiction tool under Art. 17 of Legislative Decree 231/200161.
While a post-factum model may not perform the preventive function of an ante-factum model, it is still important to consider the organizational deficiencies that led to the crime. This means that internal investigations become strategic tools for repair and must be enhanced in a rewarding manner62: the proactive behavior of the company can serve as a clear discontinuity line with the internal organizational disorder that allowed the violation to occur63.
Article 12 of Legislative Decree No. 231 allows for a reduction of the pecuniary penalty from one-third to one-half if, before the beginning of the trial, the company has fully compensated for the damage, eliminated the harmful or dangerous consequences of the crime or has taken effective steps to do so.
Moreover, an organizational model suitable for preventing crimes of the same kind as the one that occurred has been adopted or made operational.
Article 17 of Legislative Decree No. 231 excludes the application of interdictory sanctions if – before the beginning of the trial – the company has complied with the conditions specified in Article 12 and has made available the profit made for confiscation.
This complex system of having the entity self-reporting to the judicial authority at the end of internal investigations originates from the U.S. system, in which self-reporting has assumed decisive importance64. The practice allows companies to prevent any form of “aggressive prosecution” and to decide when and how to confess65.
It has been chosen to consider the issue of the usability of internal investigations also in the negotiation rite, because - in the view of the author - the topic is closely related to their output in the course of the preliminary investigation and in developing the relationship with the Prosecutor.
The admissibility of evidence obtained through internal investigations in the negotiation process is a complex issue that requires careful consideration.
While internal investigations can be a useful tool for companies to identify and address potential criminal or regulatory violations, there are concerns, as already mentioned, about the reliability and credibility of information gathered in such investigations, as well as the potential for conflicts of interest when companies investigate themselves.
When conducted properly, internal investigations can demonstrate a company’s commitment to compliance and may be admissible as evidence in the negotiation rite.
In criminal proceedings against entities, the primary goal for the company is often to avoid disqualification sanctions, which have a more far-reaching and long-lasting impact on future investments, market credibility, and reliability than pecuniary sanctions, which may fall under a calculated and accepted enterprise risk 6667.
The legislature’s intention to promote “restorative justice” through Article 17 can only be achieved if the entity demonstrates a level of maturity in its compliance system that can prevent the commission of future offenses under Legislative Decree 23168.
Internal investigations play a crucial role in this assessment, as the Supreme Court has repeatedly emphasized that the 231 system is intended to be preventive, and that the entity’s autonomy is subject to judicial scrutiny69. Therefore, the voluntary nature of internal investigations makes them easy to associate with this restorative approach, as they complement the preventive policy by highlighting the organization’s weaknesses and reconstructing the facts to identify and control the flaws that have hindered proper business process management70.
In that way, the timely contribution of internal investigations can lead to the negotiated settlement of proceedings with the application of Article 17 at an earlier stage than a possible indictment. This allows the entity to avoid negative repercussions on its reputation and to use its resources efficiently, allocating them to the implementation of a more effective compliance model71.
It can be argued that the more quickly and convincingly internal investigations are done, the quicker the corporation “comes out” of the process charged against it: this explains why in Italy in most cases, regardless of what happens to the indictment of the individual, legal representatives of companies tend to negotiate the monetary penalty alone, taking advantage of Article 17 to avoid the interdictory penalty.
However, this dynamic could lead to a risk of overlap between preliminary investigations and internal investigations.
The increasing reliance on negotiation in 231 proceedings carry a risk of privatization of investigative activity, leading to private negotiation of judicial activity72.
The perception that the more resources a company has to conduct thorough internal investigations and convince the prosecutor to request dismissal or a lenient plea bargain, the lower the criminal risk, could neutralize the deterrent effect of the criminal instrument. Even if there is this risk and the instrument of internal investigations is still too little exploited in Italy, it could be an important starting point for fostering greater cooperation between the State and the companies, especially in the phase following the commission of a crime: it could give the corporation the opportunity to demonstrate that it is (or has become) compliant with the law and that it wants to ensure the successful outcome of the Prosecutor’s investigation, by making its internal structures of control available.
In conclusion, the significance of internal investigations has grown considerably. Firstly, their primary purpose is to provide an avenue for whistleblowing reports, which often run the risk of being overlooked.
The lack of trust on the part of the whistleblower regarding the response to the reported issues is common. The whistleblower does not always believe that their report will lead to a proper follow-up, such as targeted investigations to verify the reported conduct and provide evidence to support potential legal, disciplinary, or other corrective actions. Often, the organization’s own leadership raises these doubts, leading the whistleblower to believe that reporting is probably futile, rather than promoting a “culture of transparency.
Through internal investigations, a company can internally address potential wrongdoing by conducting necessary assessments.
It’s worth noting that internal investigations carried out by companies in countries with a corporate criminal liability model similar to Italy’s exhibit significant similarities.
This is because of the best practices initially developed by major companies and subsequently adopted across all European organizations.
Internal investigations have gained importance as a method to mitigate the risk of corporate criminal liability, demonstrating the company’s commitment to addressing misconduct within its ranks.
However, internal investigations present delicate issues that pose challenges for resolution. One of the key matters addressed in this discussion is the classification of internal investigations based on criminal procedure rules.
Generally, internal investigations are associated with information gathering by the defense, even in preventive stages, requiring compliance with penal procedure rules during execution. This ensures a distinct probative regime for the collected evidence, along with all the guarantees provided by the code of criminal procedure.
These guarantees include, among others, the prohibition of seizing correspondence and relevant defense documentation and the prohibition of intercepting communications and conversations.
Nevertheless, the absence of precise regulation inevitably leads to a weakening of legal privilege and a high risk of internal conflicts of interest within the company.
Another relevant issue is the possibility for the Public Prosecutor to access the content of internal investigations during the preliminary investigation stage, potentially infringing upon the principle of “nemo tenetur se detegere” (the right not to self-incriminate).
Despite this risk, such investigations could be used as evidence to mitigate any penalties imposed on the company.
Although internal investigations’ usefulness is acknowledged, the lack of adequate regulation in Italian law gives rise to numerous risks that companies intending to conduct internal investigations must carefully evaluate.
The implementation of ad hoc legislation would be desirable to maintain this possibility, as it undoubtedly facilitates the work of the Public Prosecutor and demonstrates the company’s willingness to cooperate with law enforcement authorities. However, if not properly regulated, such legislation risks clumsily interfering with criminal procedures and violating the general principles recognized by the legal system.
a) ministers of religious denominations whose statutes do not conflict with the Italian legal system;
b) lawyers, authorized private investigators, technical consultants, and notaries;
c) doctors, surgeons, pharmacists, midwives, and anyone else practicing a health profession;
d) those exercising other offices or professions to which the law recognizes the right to refrain from testifying, due to professional secrecy»
editor-in-chief: 1 (VgV)
Associated-editor: 1 (AMNP)
reviewers: 3
marcoalessandro.bartolucci@unito.it
