Compliance
Compliance is not an expense, it's an investment in reputation and sustainability that has become a competitive advantage. We support the design, implementation and administration of compliance programs.
How we approach Compliance
- →We lead the design and implementation process with expert consultants
- →We manage compliance programs, acting as your company's Compliance Officers
- →Permanent monitoring and updates upon regulatory changes
- →Ongoing and company-specific training
Need advice on Compliance?
Schedule a free strategic consultation with our partners. No commitment.
Schedule a consultation →What our Compliance advisory includes
Key services of our Compliance practice
Design and implementation of crime prevention models (Law 20.393)
Chilean Law 20.393 establishes the criminal liability of legal entities for offenses such as bribery, money laundering, terrorism financing, receiving stolen goods, breach of fiduciary duty and, after Law 21.595 came into force, a broad catalog of economic crimes. The only effective defense against the attribution of corporate criminal liability is to have a reasonably designed and implemented Crime Prevention Model (CPM, locally known as MPD).
We design tailored CPMs based on the specific risk matrix of your industry, considering size, operations, geography and exposure to public or regulated counterparties. The process includes risk mapping, internal control design, appointment of the Crime Prevention Officer (CPO), whistleblower channel setup, internal investigation protocols and a training plan. Implementation is accompanied by effectiveness metrics so your CPM is not just a formal compliance document but an operational tool that your board can prove as due diligence in any future criminal investigation.
Updating your CPM under Law 21.595 on economic crimes
Law 21.595, effective since September 2024, dramatically expanded the catalog of crimes that can be attributed to legal entities and introduced an economic-crime regime with harsher penalties and new compliance standards. This requires updating every CPM designed under the original Law 20.393 framework.
We review your existing CPM, identify gaps against the new catalog (crimes against the socio-economic order, environmental, tax, accounting and securities-market offenses), adjust the risk matrix, redesign controls, update insider-information and conflict-of-interest policies, and rewrite the internal investigation procedure. We deliver a CPM 2.0 ready for certification and auditable by the Financial Intelligence Unit (UAF), the Financial Market Commission (CMF) or the Public Prosecutor in the event of formal charges. The process also includes a periodic maintenance roadmap to keep your model current as future reforms come into force.
Whistleblower channel and internal investigation procedures
An effective whistleblower channel is one of the elements most heavily audited by prosecutors when assessing the effectiveness of a CPM. We design channels that meet the standards of confidentiality, anonymity and whistleblower indemnity required by Law 20.393 and by the Chilean National Antitrust Authority (FNE) guidelines.
We deploy external or internal platforms depending on your company profile, with triage, escalation and documentation protocols. For internal investigations, we define the team in charge (internal, external or mixed), confidentiality clauses, interview protocols, evidence chain of custody and the final report to the board. The entire process is traceable and reproducible, which is critical if the report leads to a criminal investigation, a regulatory sanction or a labor lawsuit for retaliation against the whistleblower.
Counterparty due diligence to reduce Law 20.393 exposure
One of the main sources of corporate criminal liability is acting through counterparties (suppliers, distributors, agents, intermediaries) who commit crimes for the benefit of your company. Third-party due diligence is therefore a critical control of the CPM.
We design tiered due diligence processes by risk level: basic for routine suppliers, intermediate for counterparties with public exposure, and enhanced for strategic partners, commercial agents and acquisitions. We include OFAC, UN and local sanctions screening, ultimate beneficial owner (UBO) verification, criminal and regulatory background analysis, evaluation of the counterparty's own CPM, and contractual clauses on audit rights, annual certification and termination for breach. Each due diligence is documented so it can serve as evidence of reasonable diligence before the Public Prosecutor if the counterparty is involved in unlawful conduct.
Mandatory training for the board and senior management
Law 20.393 requires periodic training of board members, senior management and any personnel making decisions sensitive to the CPM's risk matrix. Law 21.595 reinforced this duty by including economic crimes whose prevention requires specialized technical knowledge in accounting, securities markets, tax law and antitrust.
We design training programs segmented by audience: board (fiduciary duty and oversight), committees (function-specific risks), senior management (decision-making and red flags), middle management (operational controls) and general staff (expected conduct and whistleblower channel). Each session is documented with attendance, materials, assessment and certificate, providing key evidence of effective CPM implementation in any external audit or criminal or regulatory investigation.
Frequently asked questions on corporate criminal compliance
Which companies need a Crime Prevention Model?
Every legal entity incorporated in Chile —corporations, SpAs, SRLs, foundations and non-profits— is subject to Law 20.393 and can be criminally charged if it cannot demonstrate a reasonably implemented Crime Prevention Model (CPM). Although the law does not impose formal mandatory adoption, the CPM is the only effective defense against attribution of corporate criminal liability. In practice, it is needed by companies that contract with the State, export or import, operate in regulated industries (financial, healthcare, food, mining), have counterparties with public exposure, or have grown to a point where the board cannot directly oversee every operational decision. It is also typically required by banks, insurers, multinational counterparties and M&A due diligence processes.
How much does it cost to implement a CPM?
The cost depends on the size of the company, complexity of operations, geographies and maturity of existing controls. For an SME with simple domestic operations, an initial implementation typically starts at 200 to 400 UF, including diagnosis, risk matrix, drafting of policies, whistleblower channel design and initial training. For mid-sized companies or those operating in regulated sectors, the range is between 500 and 1,200 UF. Large companies or those with regional presence can exceed 2,000 UF. On top of this is the annual operating cost: Crime Prevention Officer, channel maintenance, regulatory updates and training. Under our OGC model these costs are distributed into a predictable monthly fee.
What changes with Law 21.595?
Law 21.595, effective since September 2024, transformed the criminal regime applicable to legal entities. First, it expanded the catalog of attributable crimes to include economic offenses: accounting, tax, securities, antitrust, environmental and consumer-protection crimes. Second, it introduced harsher penalties and specific aggravating factors for legal entities. Third, it reinforced the effectiveness standard of the CPM: a paper document is no longer enough — companies must prove effective implementation, monitoring and updates. Fourth, it redefined the role of the Crime Prevention Officer, demanding independence and adequate resources. Every company with a CPM dating from before 2024 must review and update its model to incorporate the new catalog and comply with the strengthened standards.
What risks arise without a CPM?
Without a reasonably implemented CPM, the company is directly exposed to criminal liability for offenses committed by its directors, executives, employees or counterparties for its benefit. Sanctions include fines of up to 30,000 UTM (higher under economic-crime offenses), temporary or permanent bans on contracting with the State, prohibition of receiving fiscal benefits, suspension of legal personality and, in serious cases, dissolution. There are also collateral risks: loss of public tenders, exclusion from M&A processes, termination of contracts with multinational counterparties that require anti-bribery clauses, reputational damage, talent flight and personal exposure of directors for breach of their oversight duty. Prosecutors are actively investigating these cases today.
What compliance evidence must the company keep?
CPM effectiveness is proven with verifiable documentary evidence. At a minimum, the company must keep: a current risk matrix and minutes of its periodic review, signed and version-dated policies and procedures, board minutes approving the CPM and its updates, formal appointment of the Crime Prevention Officer and the reports they have delivered, log of whistleblower reports with triage, investigation and resolution, training records with attendance and evaluation, archived counterparty due diligence files, internal or external audits of the CPM, and traceability of approved exceptions. This evidence must be accessible, organized and reproducible: if the Public Prosecutor requests documentation, you must be able to deliver it in days, not weeks.
Self-assessment
Not sure where to start?
Take your company’s legal self-assessment in 3 minutes and identify the priority risks of your operation.
Need advice on Compliance?
We design legal coverage that fits your growth stage. Let’s talk.
Respuesta en menos de 24 horas hábiles.