Business against corruption International review

Brazil: New mandatory compliance programs between companies and Rio de Janeiro State

Aerial view of Christ the Redeemer and Rio de Janeiro city, Brazil. Source: Global Compliance News.

This material belongs to: Global Compliance News.

Companies who wish to enter into contracts with the public administration of the state of Rio de Janeiro will be mandated to implement an Integrity Program.

The Rio de Janeiro State Government published Law nº 7753/17, determining that companies entering into contracts with the public administration of the state of Rio de Janeiro, directly or indirectly, will be mandated to have an Integrity Program (or “compliance program”) implemented.

Unlike the Brazilian Anti-Bribery Law (Law 12.846/13), which establishes the existence of a compliance program only as a factor to be considered when applying sanctions, the state law makes it mandatory for companies that contract with the State Government of Rio de Janeiro. It also establishes a fine for companies which enter into contracts with the state and do not have an implemented compliance program.

The law sets forth that its goal is to protect the public administration from irregularities, guarantee that the contracts are executed in compliance with the applicable laws, minimize risks, bring more transparency to contracts and improve the quality of contractual relations.

The Law’s Main Provisions

Who is subject to the law

The law mandates the existence of a compliance program in companies which enter into contracts, partnerships, concessions, or public-private partnerships, with the public administration of the state of Rio de Janeiro, in amounts higher than the legal threshold for the public tender category of competitive tender: R$ 1,500,000.00 (one million and five hundred thousand Reais) for construction and engineering services and R$ 650,000.00 (six hundred and fifty thousand Reais) for purchases and services, even in the electronic reverse auction category, and for contract terms equal to or over 180 days.

Following the Brazilian Anti-Bribery Law, the State Law sets forth that it is applicable to:

  • Business organizations and sole proprietorships, incorporated or not, regardless of the type of organization or the corporate model adopted.
  • Foundations, associations of entities or persons.
  • Foreign companies with headquarters, branch or representation in the Brazilian territory,incorporated legally or not, even if temporarily.

The State Law also establishes the liability of the legal entity in the event of amendments to the articles of association, transformations, merger, acquisition or a spin-off of the company. Successor companies will also be subject to the law and to the penalties set forth in it.

Implementation of the Compliance Program

The State Law sets forth that companies must implement their compliance program within 180 days from the day the company entered into a contract with the Public Administration. Companies which already have a compliance program in place must present a certification of its existence at the time of the contract’s execution.

Compliance Program Parameters

The law establishes that the compliance program has to be structured according to the characteristics of each legal entity, taking into consideration the risks related to its activities – that is, merely having a compliance program will not be enough, as it must meet the needs and realities of each company.

The Article 4 of the law has sixteen items which sets forth the evaluation parameters for the compliance programs, including almost all of the parameters already established on Decree n.8.420/15, which regulates the Brazilian Anti-Bribery Law.

Whilst the Decree establishes as a parameter the company’s transparency when making political donations, in a context in which political donations by companies were still permitted, the State Law excluded this and included as an evaluation parameters any actions from companies that promote its compliance culture.

The parameters for the evaluation of compliance programs are:

I. commitment of the legal entity’s senior management, includ ing board members, demonstrated by clear and unequivocal support for the program;

II. standards of conduct, code of ethics, policies, and integrity procedures that are applied to all employees and administrators, regardless of their position or role;

III. standards of conduct, code of ethics and integrity policies that are extended, when necessary, to third parties, such as suppliers, service providers, intermediaries, and other associates;

IV. periodic training on the integrity program;

V. periodic analysis of risks in order to implement necessary adjustments to the integrity program;

VI. accounting records that precisely and completely reflect the transactions of the legal entity;

VII. internal controls that assure that reports and financial statements of the legal entity are readily prepared and trustworthy;

VIII. specific procedures to prevent frauds and illicit acts within tender processes, in the execution of administrative contracts or in any interaction with the public sector, even if intermediated by third parties, such as the payment of taxes, subjection to inspections, or obtainment of authorizations, licenses, permits and certificates;

IX. independence, in structure and authority, of the internal department that is responsible for enforcing the integrity program and monitoring its compliance;

X. channels to report irregularities openly and broadly disseminated among employees and third parties, and mechanisms to protect good faith whistleblowers;

XI. disciplinary measures enforced against those found to have violated the integrity program;

XII. procedures that assure the immediate suspension of irregularities or detected infractions and the timely remediation of the damages caused;

XIII. proper due diligence conducted prior to engage, and depending on the circumstances, to monitor third parties, such as suppliers, service providers, intermediaries, and other associates;

XIV. verification, during a merger, acquisition, or other corporate restructuring, of the occurrence of irregularities or illicit acts, or the existence of vulnerabilities in the legal entities involved;

XV. continuous monitoring of the integrity program to ensure it remains effective at preventing, detecting and otherwise addressing the wrongful acts set forth in article 5 of the Anticorruption Law; and

XVI. proven actions which promotes ethical and integrity culture through lectures, seminars, workshops, debates and events of similar nature.


Companies that enter into contracts with Rio de Janeiro’s State Government and do not have a compliance program will be subject to a fine of 0,02% on the amount of their contract per day, being limited to 10% on the amount of the contract.

The implementation of a compliance program interrupts the incidence of fines, but fines that were already imposed will not be refunded.

The non-existence of a compliance program during the term of the contract will entail the prohibition of the company to enter into contracts with the State of Rio de Janeiro until a compliance program is implemented.

How to prepare

When the Brazilian Anti-Corruption Law (E-Alert) and Decree 8.420/15 (E-Alert) were approved, we published Legal Alerts suggesting measures to be taken by companies to be prepared.

The new law makes it mandatory for companies that wish to enter into contracts with the Government of the State of Rio de Janeiro to have a compliance program in place. Compliance programs are essential for companies to prevent and detect potential misconducts (also allowing the company to decide on the convenience of making a voluntary report to the authorities), as well as to mitigate possible sanctions, based on the Brazilian Anti-Bribery Law.

Compliance programs must be created and reviewed regularly, based on the main areas of risks that companies can be subject to, which will vary depending on the size of the company, the amount and nature of the business transactions, the place where the company conducts its activities and business and risk perception. However, it is not enough to merely have a compliance program and review it. It is very important that the compliance program is “tailor-made” so that it is adequate to prevent and mitigate risks considering the company’s day to day.

Additionally, under the law it is important to note that even companies with a robust compliance program must re-evaluate it and update it, when necessary, considering the parameters set by the law. Such parameters were mostly already listed in the Decree that regulates the Brazilian Anti-Bribery Law, and they bring some specific points which are not always part of previously established compliance programs.