Doing Business Chile 2026 · Chapter XIII

Criminal and regulatory compliance

Criminal & regulatory compliance Chile no longer treats compliance as a voluntary good practice. Today the company answers criminally, with its assets and its existence, for crimes perpetrated within the scope of its activity when it did not effectively implement an adequate model to prevent them. The 2023 Economic Crimes Law expanded the catalog of acts triggering that liability and raised the penalties, and since September 1, 2024 that reinforced regime applies to legal entities. The crime prevention model went from a shelf document to the main line of defense in a criminal investigation.

Share this reportLinkedInWhatsAppXEmail

TWO LEVELS

Two intersecting compliance levels

Two logics coexist in Chile. Criminal compliance is mandatory insofar as the law attributes criminal liability to the company for certain crimes perpetrated within the scope of its activity, when the act is favored or facilitated by the lack of effective implementation of an adequate prevention model. Sectoral regulatory compliance arises from the antitrust, data protection, consumer, environmental, anti-money laundering and financial markets frameworks.

The two intersect. The same undue payment to an official to speed up a permit can simultaneously trigger a bribery crime implicating the legal entity and a regulatory infringement before the sectoral agency. Compliance is no longer just the lawyer’s domain; it has become a business risk-management variable.

OGC view

Treat compliance as a risk item with impact on assets and operational continuity, governed from the board, not as an appendix to the corporate bylaws.

L AW N O. 2 0 , 3 9 3

Corporate criminal liability

Corporate criminal liability was introduced by Law No. 20,393, published on December 2, 2009, “Establishing the criminal liability of legal entities for the offenses it specifies” (Law 20,393, BCN, idNorma 1008668), to close Chile’s gap against OECD bribery standards, with an original catalog later expanded by subsequent laws.

This liability is autonomous from the individual’s. The company can be convicted even if the specific individual is not identified, or even if that person’s liability lapses, so it cannot hide behind “it was an employee acting on their own.” The line between “for its benefit” and “against it” is proven with internal records, controls and the reaction upon detecting the act, so detecting, reporting and cooperating leaves the company in a better position than concealing it.

L AW N O. 2 1 , 5 9 5

The change brought by the Economic Crimes Law

The 2009 regime was transformed by Law No. 21,595, the “Economic Crimes Law,” enacted on August 7, 2023 and published on August 17, 2023 (Law 21,595, BCN, idNorma 1195119), which did three things. It systematized economic crimes into four categories with their own penalty regime, harsher than the ordinary one. It expanded the catalog of offenses for which the legal entity answers, from a handful of figures to more than 250 base offenses per available counts, a figure that should be checked against the current legal catalog at each update. And it amended Law No. 20,393 itself through its Title IV, revising attribution criteria, demanding more of the models, and introducing new penalties, including submission to a court-appointed supervisor.

The effective date matters decisively. The rules affecting individuals apply from publication, in August 2023, but the amendments to Law No. 20,393 — and thus corporate liability — began to apply on September 1, 2024. The supervisor’s introduction was made subject to Decree 97 of the Ministry of Justice, published on September 26, 2024.

OGC view

A model designed before September 2024 and not reviewed is outdated by definition, because the catalog grew, the evaluation criteria changed and new penalties appeared. The update is not cosmetic; it should be dated and documented.

CATEGORIESOFOFFENSES

The categories of economic offenses

Category Inclusion logic Examples of base offenses

First Always an economic offense, by its nature. Collusion, insider trading, false information to the market or the CMF, bribery, money laundering, disloyal management.

Second Economic only if committed while holding a company position Fraud, tax and customs crimes, cybercrimes, or for its benefit. offenses against intellectual and industrial property.

Third Public official offense involving someone from the company Bribery, incompatible negotiation, illicit or benefiting it. enrichment.

Fourth Receiving stolen goods and laundering assets from economic Receiving stolen goods, money laundering of assets offenses in the other categories. of illicit economic origin.

The category defines criminal treatment and access to alternatives to prison, and lets the company map its exposure. Law No. 21,595 also provides an inapplicability rule for micro and small enterprises regarding certain offenses in the second, third and certain fourth-category scenarios, assessed case by case, considering whether the company belongs to a business group, since group revenue must then be added to determine its size under Law No. 20,416 (Prelafit, BH Compliance).

That logic classifies the offense as economic, but criminal attribution to the legal entity also requires meeting the conditions of Art. 3 of Law No. 20,393. The Economic Crimes Law added an environmental layer to this catalog, with new offenses such as illegal waste disposal, omitting an environmental impact assessment when required, and unauthorized water extraction in scarcity areas. For an industrial, mining, agricultural or waste-management company, this layer is an unavoidable part of the criminal risk map and connects to this report’s environment chapter.

OGC view

What matters is not memorizing the categories, but determining which of these offenses the specific operation can trigger, because exposure varies by business line and the model is built on that map, not a generic template.

PREVENTION MODEL

The crime prevention model

Adopting and effectively implementing the model, prior to the offense, allow the company to be exempted from or have mitigated its criminal liability by showing it fulfilled its direction and supervision duties. It is not an automatic shield and does not stop the Public Prosecutor’s Office from investigating, but to convict, it must prove the perpetration was favored or facilitated by the lack of effective implementation of an adequate model. What decides its value in court is real quality, not mere existence. Article 4 requires a set of minimum elements, and the reform raised the standard above the 2009 one.

Identification of risk activities. Mapping processes at risk of committing the catalog offenses, with a living criminal risk matrix, specific to the business line and updated after the 2023 reform.

Prevention and detection protocols and procedures. Concrete rules to prevent and detect risk conduct, with a secure whistleblowing channel and internal sanctions for breach, communicated to workers and service providers and built into contracts, backed by written policies, operational controls and an enforced disciplinary regime.

Crime prevention officer. One or more persons responsible for applying the protocols, with autonomy and independence, effective direction and supervision powers and direct access to management, with traceable staffing and budget.

Periodic evaluation and update. Periodic evaluations by independent third parties and improvement mechanisms based on them, with reports, executed plans and traceability of updates.

Added to this is counterparty due diligence, which although Art. 4 does not name it is now part of the standard, because much criminal risk enters through third parties. A distributor, agent or supplier who pays bribes can drag down the company that hired them, so a serious model incorporates integrity screening before contracting, compliance clauses and monitoring. A model that does not look at counterparties sees only half the problem. This layer also connects to M&A due diligence, where hidden liabilities can pass to the acquirer under liability-succession rules in mergers, conversions and spinoffs.

SECTORAL COMPLIANCE

Sectoral regulatory compliance

Criminal compliance coexists with regulatory compliance spread across regimes with their own enforcer and frequent, fast and, in several sectors, substantial administrative sanctions. Most of these matters have their own chapter. This is the cross-cutting map that integrates them into a common matrix.

Antitrust. Collusion is a first-category offense under the Economic Crimes Law, so a price agreement, market allocation or output limitation adds, to the administrative exposure before the Antitrust Tribunal and the National Economic Prosecutor’s Office, criminal exposure for individuals and the company. Its compliance program is both regulatory and criminal defense.

Personal data protection. Practically every company processes personal data and must fulfill lawfulness, information and security duties. In a multinational group this intersects with transfers to the parent or cloud vendors, which require a lawful basis.

Consumer protection. Companies selling to end consumers are subject to Law No. 19,496 and SERNAC, whose infringement generates individual complaints and collective proceedings.

Environmental compliance. The Superintendence of the Environment imposes severe fines for breach of environmental approval resolutions and sectoral rules, and the Economic Crimes Law criminalized serious environmental conduct, so the same act can generate an administrative sanction and criminal liability at once, requiring environmental compliance to be integrated into the model.

Labor compliance. Compliance has centered on preventing workplace harassment, sexual harassment and violence at work, under Law No. 21,643, known as the Karin Law, published on January 15, 2024 and amended by Law No. 21,687, enacted on July 31, 2024 (Law 21,643, BCN, idNorma 1200096; Law 21,687, BCN, idNorma 1205338), which requires the employer to have a prevention protocol and an investigation and sanction procedure. Added to this are subcontracting rules, with joint-and-several or subsidiary liability for the principal. Public procurement. Disqualifications, supplier registries and ChileCompra rules define who can bid. The connection is direct, because the prohibition from contracting with the State is a penalty for the legal entity, and a conviction can close it out of the public market.

MONEY LAUNDERING

Anti-money laundering prevention and the UAF

The anti-money laundering and counter-terrorism financing regime is cross-cutting and affects a broad universe of obligated entities. Law No. 19,913 created the Financial Analysis Unit (UAF) and established the preventive system, and was one of the statutes originally amended by Law No. 20,393, showing the link between anti-moneylaundering prevention and corporate criminal liability (Law 20,393, Art. Third, BCN, idNorma 1008668). Obligated entities are numerous and include banks and financial institutions, factoring and leasing companies, fund managers, exchange houses, insurance companies, casinos, customs agents, real estate brokers, notaries and real estate registrars, among others. Their main obligations are three.

Report suspicious transactions to the UAF: those lacking apparent economic or legal justification, regardless of amount and with confidentiality never serving as an excuse.

Keep records for five years of cash transactions exceeding ten thousand dollars, available to the UAF.

Comply with the instructions the UAF issues through circulars, such as Circular 62, of March 19, 2025, addressed to the obligated entities under Art. 3 (UAF Circular 62, BCN, idNorma 1212282).

Added to this is declaring to the National Customs Service the carrying of cash or bearer negotiable instruments exceeding ten thousand dollars when entering or leaving the country. A good-faith report releases the obligated entity from liability; non-compliance is punished with fines depending on the infringement, and can reach directors and legal representatives who voluntarily took part in the conduct.

OGC view

If the company is an obligated entity, UAF compliance leaves no room for improvisation: it needs an internal officer, a know-your-customer policy, a system for detecting suspicious transactions and records that withstand a request. And treat regulatory compliance not as isolated programs, but as a single matrix showing, for each front, what obligation exists, who enforces it and what evidence can be produced.

GOVERNANCE

Governance, evidence and program audit

A compliance program is worth what its evidence is worth. In an investigation or inspection, the company does not defend itself by asserting it “had a program,” but with the documents proving it operated. Governance starts at the board, because the reform reinforced that compliance is senior management’s responsibility and not a task simply delegable to a subordinate position. The board must know the risk map, approve the model, resource it and review its operation, and evidence of that oversight, in minutes and reports, is part of the model itself. Periodic legal audit by independent third parties closes the cycle Article 4 requires.

OGC view

When implementing a model at a Chilean subsidiary, copying the group’s and translating it is not enough. It must respond to the Chilean catalog, the local business line and the chain of counterparties in Chile, and leave evidence that it operates; a model imported without adaptation is, before a Chilean court, nearly as weak as having none. Is your crime prevention model

SCHEDULE A MEETING

updated to Law No. 21,595?

Free download

Download the full report

Get the full 175-page PDF, in Spanish or English, with the comparison tables and the detail of every chapter.

This content is for informational purposes only and does not constitute legal advice. Before making investment decisions, we recommend obtaining advice on your specific situation.

Want to bring this to your specific case?

Talk to a Cubillos Lama partner about how the Chilean legal framework applies to your operation.

Response within 24 business hours.