Compliance Risk

This article was originally published in the October 2025 edition of Compliance & Ethics Professional (CEP) Magazine, a Society of Corporate Compliance and Ethics (SCCE) publication.

Imagine navigating the treacherous slopes of the Andes, where skill and vigilance are paramount. In much the same way, today’s global business environment demands a robust corporate compliance program to steer through the complexities of legal and ethical standards. With the advent of Law 21.595, known as the “Economic and Environmental Crimes Law,” Chile has significantly reshaped its criminal justice system concerning economic crimes. This law, which went into effect on September 1, establishes a parallel system to the country’s penal code, imposing stricter penalties on individuals who commit crimes for the benefit of a company or who engage in illegal conduct due to their role, function or position within the company. Companies must adeptly maneuver this intricate landscape to avoid the pitfalls of corruption and noncompliance.

This article delves into the best practices for crafting an effective corporate compliance program, explores the latest regulatory changes in Chile, and outlines the steps companies need to take to ensure compliance. Just as seasoned skiers rely on their expertise to tackle challenging terrain, corporate leaders must harness their strategic acumen to build a culture of integrity and accountability.

 

New Regulations in Chile

The recent enactment of Law No. 21.595, known as the “Economic and Environmental Crimes Law,” represents a significant shift in Chile’s regulatory framework. This legislation introduces stricter penalties for economic crimes, including corruption, and expands the liability of legal entities and individuals within a company.

In this regard, the new legislation has emphasized the role played by board members and management positions within a company, which can even lead to prison sentences in some instances. It also establishes a primary role for those responsible for compliance and ethics, as they are key actors in identifying risks applicable to the company, implementing controls and fostering a culture based on ethics and integrity.

 

Key Changes Introduced by the Law

• Expansion of Criminal Offenses
  The law substantially increases the number of crimes for which companies can be held liable, from around 30 to more than 200. These include irregular financing of political campaigns and embezzlement of public funds. The law also places special emphasis on crimes related to the impact on the environment and natural resources.
• Stricter Penalties
  Those in decision-making positions may face harsher penalties for committing crimes within the scope of their corporate duties, including imprisonment in certain cases and significant monetary penalties. Conversely, those acting under orders may see their penalties reduced, incorporating the idea that those in positions of greater responsibility should face greater punishment if they facilitate illegal conduct.
• Calculation of Fines
  Fines for economic crimes are now proportional to the economic situation of the offender and the seriousness of the crime, with significant financial implications for both individuals and companies. One of the most innovative reforms has been implementing penalty-days, which calculate the fines payable in the event of criminal conduct based on a company’s daily profits.
• Confiscation of Profits
  The new law incorporates the idea that the authorities must confiscate all illicitly obtained economic benefits, and the offender cannot profit from this situation. In this sense, the idea is to prevent the offender from calculating whether it is worth breaking the law.
• Enhanced Requirements for Legal Entities
  The law establishes a new system that promotes implementing compliance programs. In this regard, and to avoid and exempt companies from criminal liability, the companies must implement robust and effective crime prevention models. This includes establishing mechanisms to identify risks, implement controls, assign responsibility and maintain ongoing oversight by independent third parties.

 

Best Practices for an Effective Corporate Compliance Program

Building a robust corporate compliance program is essential for navigating the complexities of today’s legal and ethical standards. Chilean companies, in particular, must adapt to the stringent requirements set forth by Law 21.595 to avoid the pitfalls of corruption and noncompliance. To aid in this endeavor, we have identified seven best practices that form the backbone of an effective compliance program. From leadership and commitment to continuous improvement, these strategies will help corporate leaders establish a culture of integrity that not only fulfills regulatory demands but also fosters long-term success and accountability within their organizations.

1. Leadership and Commitment

It’s no secret that a successful compliance program begins with strong commitment from senior management. No effort will be worthwhile if senior executives and board members fail to demonstrate their dedication to ethical conduct and regulatory compliance through concrete actions and adherence to policies and procedures. This leadership sets the tone for the entire organization, emphasizing the importance of integrity and accountability.

Similar to how a skilled skier navigates the challenging terrain of the Andes, corporate leaders must be adept at steering their organization through the complexities of compliance. Just as skiers rely on their experience and judgment to avoid hazards, executives must rely on their ethical compass and strategic vision to foster a culture of compliance.

Establishing mechanisms under which those responsible for compliance programs report directly and periodically to the board of directors on their activities, concerns, challenges and commitments is essential. Board members must, for their part, provide the necessary tools for executing these activities, ensuring compliance officers have the necessary resources and qualified personnel to perform their duties.

2. Comprehensive Risk Assessment

Conducting a thorough risk assessment is essential to identify potential areas of vulnerability within the organization. This process involves evaluating business operations, market conditions and industry-specific risks. By understanding where the risks lie, companies can tailor their compliance programs to address specific challenges and implement appropriate safeguards.

Implementing a compliance program based on risk management is vital to its success. Enabling areas such as risk, audit and compliance to work together allows the company to manage better, and with a more holistic view, the complex landscape of risk management and controls necessary to prevent the commission of any illicit activity.

In the same way that skiers assess the slopes, weather conditions and potential avalanche risks before embarking on their descent, companies must conduct comprehensive risk assessments to identify and mitigate potential threats. This proactive approach ensures that they are prepared to handle any challenges that may arise, allowing the company to deliver a message of reassurance, with greater prospects for the future of its activities.

3. Clear Policies and Procedures

Establishing clear and comprehensive policies and procedures is fundamental to a robust compliance program. These should outline acceptable behaviors, regulatory requirements and the consequences of noncompliance. Policies must be communicated effectively to all employees and stakeholders, ensuring everyone understands their responsibilities.

A policy or procedure that is not known, understood and accepted, will unlikely be applied and followed. Communication in this regard is key, and providing a clear regulatory framework will align the company’s efforts to achieve its objectives.

Much like the clear guidelines and rules that govern safe skiing practices, corporate policies and procedures provide a framework for ethical conduct. By establishing and enforcing these guidelines, organizations can ensure that all employees are aware of their roles and responsibilities, reducing the risk of noncompliance.

4. Training and Education

Continuous education and training are vital to ensure employees are well-informed about compliance requirements and best practices. Training programs should be regular, role-specific and include real-world scenarios to enhance understanding. This approach not only fosters a culture of compliance but also empowers employees to identify and report potential risks.

These activities also allow compliance departments to reach out to different employee groups, understand their concerns and behaviors, and thus gain a more comprehensive understanding of the company’s many challenges and activities. Maintaining continuous training and ongoing communication is the best way to connect with the organization and its needs.

Just as skiers undergo training to improve their skills and stay updated on safety protocols, employees must receive ongoing education to stay informed about compliance regulations and best practices. This continuous learning process helps them navigate the complexities of the regulatory landscape and make informed decisions.

5. Monitoring and Auditing

Regular monitoring and auditing are crucial to assessing the effectiveness of the compliance program. This involves reviewing internal processes, conducting periodic audits and utilizing technology to track compliance metrics. Monitoring helps detect potential issues early, enabling corrective actions before they escalate.

In the same way that skiers regularly check their equipment and monitor snow conditions, companies must continuously evaluate their compliance programs to ensure they are effective. By conducting regular audits and utilizing technology to track compliance metrics, organizations can identify and address potential issues before they become significant problems.

6. Confidential Reporting Mechanisms

Implementing confidential reporting mechanisms, such as whistleblower hotlines, is essential for employees to report suspicious activities without fear of retaliation. These channels encourage transparency and accountability, allowing the organization to address concerns promptly and discreetly.

Establishing mechanisms for investigating and reviewing reported incidents is increasingly important to provide certainty regarding the matters reported, encourage the use of these tools and enable a beneficial exchange of information between employees and the company.

Just as skiers rely on communication devices to report hazards and ensure safety on the slopes, employees must have access to confidential reporting mechanisms to report any suspicious activities. These channels promote a culture of transparency and accountability, enabling organizations to address concerns promptly and effectively.

7. Continuous Improvement

Compliance programs should be dynamic and evolve with changing regulations and business environments. Regularly reviewing and updating policies, procedures and training programs ensures the organization remains compliant and responsive to new challenges.

In the same way that skiers continuously refine their skills and adapt to changing conditions, companies must regularly update their compliance programs to stay ahead of evolving regulations and business environments. This dynamic approach ensures that organizations remain compliant and responsive to new challenges.

 

Implications for Companies in Chile

The new regulations pose a new challenge for companies operating in Chile, as they underscore the importance of establishing comprehensive compliance programs. Compliance with Law No. 21.595 requires a proactive approach to corruption risk management and compliance with rigorous regulatory standards.

In this regard, it is essential to note that the new law has established two elements that must be present to incur company liability for the commission of a crime: first, the crime must be committed by, or with the intervention of, an employee holding a position or function in the company or by a third-party intermediary acting on their behalf; and second, the commission of the crime must be facilitated or abetted by the failure to implement an adequate crime prevention model.

Considering the above, the existence of a crime prevention model takes radical importance: its proper implementation can exempt the company from liability with the following parameters: (i) the existence of secure complaints channels within the company, (ii) ongoing employee training (iii) adequate periodic evaluations by independent third parties.

Thus, to avoid criminal liability, a crime prevention model effectively implemented by the company is essential.

 

Key Requirements for Compliance

Adopt Crime Prevention Models

While many companies have already developed crime prevention models, this point now takes on even greater importance and significance. Companies must design their prevention models based on identifying and managing risks associated with their activities.

In this regard, companies must develop and implement effective crime prevention models that comply with new legal requirements and prevent the commission of illegal acts within the organization.

Furthermore, these models cannot take the role of simple policies or documents that no one knows or reviews; instead, they must turn into real, concrete and auditable actions that guarantee that their proper implementation will avoid criminal liability for the company.

These models must include detailed procedures for identifying, managing and mitigating risks.

Regular Training and Education

Ongoing training programs are essential to ensure employees understand new regulations and their role in regulatory compliance. It includes educating staff about noncompliance penalties and the importance of ethical conduct.

Detailed training plans are essential to achieving this objective. Understanding the various employee groups that make up the company and the challenges each faces in this new regulatory environment is key. A sales employee does not face the same risks as a production employee, and making this distinction is key to effectively training company members.

Robust Monitoring and Auditing

It is impossible to manage what is not measured, and therefore, it is essential to implement regular monitoring and auditing processes by third parties outside the company, who provide an impartial and objective view of the findings identified. This helps companies anticipate potential compliance issues. These activities ensure knowledge of the effectiveness of internal controls, their application and understanding and the prompt resolution of any deviations.

Confidential Reporting Mechanisms

Establishing secure and anonymous reporting channels encourages employees to report suspicious activity without fear of retaliation. This is essential for detecting and addressing potential corruption risks.

Properly managing internal investigations and disclosing the results of such processes helps build trust between the company and its employees, encouraging the proper use of these channels.

 

Questions for Compliance Officers to Consider

In today’s intricate regulatory landscape, companies operating in Chile face the formidable challenge of adhering to Law No. 21.595. This legislation mandates the establishment of comprehensive compliance programs to prevent criminal liability. To navigate these complexities successfully, it is crucial for businesses to implement robust crime prevention models, provide continuous training and education, conduct regular monitoring and auditing, and maintain secure reporting mechanisms. By staying ahead of the curve, companies can ensure a fair and transparent business environment, fostering long-term success and integrity. Some key questions compliance officers should ask themselves include:

• Are our crime prevention models robust and effective?
  Compliance officers should evaluate whether their crime prevention models are comprehensive, up-to-date and capable of identifying and mitigating risks effectively considering the risks the company faces.
• Do we have continuous training programs?
  Ensuring that all employees are regularly trained on the new regulations and the importance of compliance is crucial. Are there scheduled training sessions and resources available for staff?
• Is our monitoring and auditing process thorough?
  Regular monitoring and auditing are essential to maintain compliance. Are our internal controls effective, and do we have processes in place to address deviations promptly?
• Do we periodically evaluate our prevention model with third parties?
  It’s essential to have an external, impartial and objective view of how we’re implementing our prevention model.
• Do we have secure reporting mechanisms?
  Establishing confidential and anonymous reporting channels can encourage employees to report suspicious activities without fear of retaliation. Are these mechanisms in place and functioning well?
• Are we aware of the implications of noncompliance?
  Compliance officers must understand the legal and financial consequences of noncompliance. Are these communicated clearly to all employees?
• How do we stay updated on regulatory changes?
  Regulatory landscapes can change rapidly. What processes do we have in place to stay informed about new laws and amendments?
• Are we fostering a culture of integrity and accountability?
  Compliance is not just about adhering to regulations but also promoting ethical conduct. How are we ensuring that our corporate culture aligns with these values?
• Does the compliance department have the necessary independence to execute its activities?
  Independence allows compliance to act objectively. Without it, decisions risk being influenced or compromised.
• Does the compliance department have the necessary resources?
  Adequate resources—such as staffing, technology, training and budget—are essential for the department to effectively monitor, detect and respond to compliance risks.
• What is the role of leaders in executing the compliance program?
  It is vital to the program’s success that senior executives and board members are involved.

 

Staying Ahead of the Curve

Compliance with Law No. 21.595 is essential for companies operating in Chile to foster a fair and transparent business environment. As regulatory landscapes evolve, it’s crucial for businesses to adopt best practices, leverage technology, engage with experts and proactively manage risks. By enhancing communication and monitoring external developments, companies can maintain robust and effective compliance programs, ensuring they navigate the complexities of the law successfully.

• Adopt Best Practices
  Continuously research and implement industry best practices for compliance and risk management. Stay informed about successful strategies used by other companies.
• Leverage Technology
  Utilize advanced technologies and software to streamline compliance processes, monitor activities and detect potential risks more effectively.
• Engage With Experts
  Regularly consult with legal and compliance experts to gain insights and advice on navigating complex regulations. Participate in industry forums and networks to learn from peers.
• Proactive Risk Management
  Develop a proactive approach to identifying and mitigating risks before they become significant issues. Regularly assess and update risk management strategies.
• Enhance Communication
  Foster open and transparent communication within the organization regarding compliance expectations and procedures. Ensure that all employees are aware of their roles and responsibilities.
• Monitor External Developments
  Keep a close watch on external factors such as changes in regulations, industry trends and geopolitical events that may impact compliance requirements.
• Know the Company
  When implementing a compliance program, it is vital to understand the company’s unique risks and challenges, its history, weaknesses, and strengths in order to work synchronously with all areas.
• Collaborative Work
  No one can do everything alone. For the compliance program to be successful and effective, it is essential to coordinate the necessary activities with the company’s various units.

 

The Importance of Compliance

Adhering to these regulations is not just a legal obligation but a critical business priority. Effective compliance programs protect companies from severe financial penalties and reputational damage. They also foster a culture of integrity and accountability, which is essential for long-term success. By proactively managing risks, companies can maintain stakeholder trust, ensure business continuity and contribute to a fair and transparent business environment.

The comparison to skiing in the Chilean Andes is particularly apt. Just as a skilled skier must be aware of the terrain, weather conditions and potential hazards, companies must be vigilant in identifying and mitigating corruption risks. Skiers rely on their training, experience and judgment to navigate safely down the slopes; similarly, companies must rely on their compliance programs, continuous training and proactive risk management to navigate the complex regulatory landscape.

In conclusion, the implementation of stringent compliance programs is essential for companies in Chile to navigate the new regulatory landscape effectively. By adopting best practices and adhering to the requirements of Law No. 21.595, businesses can mitigate corruption risks, enhance their corporate governance and promote ethical conduct across their operations. Much like skiing in the Andes, where preparation, skill, and vigilance are key to a safe and enjoyable experience, companies must be equally prepared and diligent in their compliance efforts to ensure a successful and ethical business environment.

 

Takeaways

• Law No. 21.595 redefines corporate liability in Chile, requiring strong compliance programs to prevent criminal penalties, including imprisonment, for offenses committed within organizations.
• Effective compliance programs must include crime prevention models, ongoing employee training, and independent evaluations to shield companies from liability under Chile’s updated corporate criminal responsibility framework.
• Confidential reporting channels promote transparency by enabling employees to safely report misconduct, strengthening ethical behavior and reducing the risk of corruption within corporate environments.
• Independent third-party monitoring and audits validate compliance controls, ensuring they function effectively and enabling early identification and resolution of potential legal or ethical violations.
• Leadership is essential in building a culture of integrity, with executives visibly supporting compliance initiatives and aligning organizational policies with ethical and legal standards.

 

Reference
Government of Chile. (2024, August 21). 5 key points of the law against economic and environmental crimes [Article in Spanish]. Government of Chile. Retrieved June 4, 2025, from https://www.gob.cl/noticias/claves-ley-delitos-economicos-medioambientales-cuello-corbata-penas/
Copyright © 2025 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA).