Tolerancia cero a los delitos y apetito de riesgo en Compliance.
Con frecuencia, la regulación en materia de Compliance exige un documento de la organización, de difusión y conocimiento general, que explicite su tolerancia cero a las conductas que puedan suponer incumplimientos. Lo vemos especialmente en el ámbito de la prevención del soborno, donde se espera, además, la traducción de dicho documento a las lenguas habladas donde opera la organización, para que nadie pueda alegar ignorancia. En algunas normas de alto nivel, como los Códigos Éticos o de Conducta, suelen incluirse directrices generales al respecto, susceptibles de desarrollo mediante otras normas o políticas internas más detalladas. En este sentido, el estándar ISO19600 (CMS) se refiere a la Política de Compliance, del mismo modo que el próximo estándar ISO37001 (ABMS) hará referencia la Política Anti-Soborno y también la próxima norma UNE 307101 sobre Sistemas de Gestión de Compliance Penal exigirá una Política de Compliance penal. Desarrollar las labores de prevención, detección y reacción propias de un sistema de Compliance precisa hacer públicos los valores y principios que rigen en la organización en dicha materia. Las Políticas de Compliance, tanto generales como específicas (en materia de prevención penal, por ejemplo), constituyen una pieza clave en todo sistema de gestión y, por eso, han dejado de ser un simple elemento diluido en el magma de sus recomendaciones o requisitos para convertirse en protagonistas indiscutibles. De ahí la importancia creciente en disponer de este elemento perfectamente identificado.
La regulación comparada anti-soborno así como los estándares internacionales modernos sobre Compliance suelen exigir que dicho documento manifieste tolerancia cero a las conductas contrarias a los objetivos pretendidos (las que conducen al soborno, por ejemplo, en las Políticas anti-soborno, o las que llevan a la comisión de delitos imputables a la persona jurídica, en el caso de la prevención penal). Es lógico que las organizaciones manifiesten así su oposición frontal e incondicionadaa las conductas que, precisamente, se quieren prevenir, detectar o frente a las cuales se reaccionará contundentemente. Bajo este condicionante, hay quien se pregunta si tiene sentido hablar de apetito de riesgo en la prevención penal.
Si entendemos que el apetito de riesgo guarda relación con asumir voluntariamente que algún un evento contrario a los objetivos de Compliance llegue a producirse, tal voluntad parecería contradictoria con el principio de tolerancia cero. Sin embargo, si el apetito de riesgo se vincula con la exposición al riesgo (de soborno o penal, por ejemplo) y no con la tolerancia a ciertas conductas que lo pueden materializar, entonces uno y otro concepto no son incompatibles en un modelo de Compliance. Veamos algunos ejemplos.
Ninguna organización que manifieste tolerancia cero a los delitos puede, al mismo tiempo, admitir ni de forma residual conductas que entrañen su comisión, por el contrasentido que ello supone: “aunque no toleramos la comisión de delitos, estamos dispuestos a aceptar que se cometan algunos de vez en cuando”. Si entre los objetivos de la empresa no figura devenir organización criminal, es claro que no puede aceptar ninguna cantidad de riesgo penal en el sentido que estoy describiendo.
Sin embargo, una organización sí puede asumir voluntariamente cierto grado de exposición al riesgo penal, lo que no supone tolerarlo: “aunque no toleramos la comisión de delitos, estamos dispuestos a operar en determinados ámbitos donde pueden producirse, porque disponemos de medios para prevenirlos, detectarlos y reaccionar frente a ellos”. Bajo esta perspectiva, el apetito de riesgo se correlaciona con la capacidad de limitar la exposición al riesgo –penal en este caso- conforme al objetivo de tolerancia cero, pero no en asumirlo como un mal necesario.
La distinción entre “asumir una cantidad de riesgo” o “asumir la exposición al riesgo” tal vez sea intrascendente en otros modelos de gestión, pero no en los de Compliance, donde el apetito de riesgo no puede jamás interpretarse como la libertad de admitir ciertas conductas potencialmente ilícitas, sino rechazarlas, fijando precisamente las cautelas para prevenirlas, detectarlas y actuar siempre conforme a la legalidad.
Often the rules governing the Compliance requires a document of the organization, dissemination and general knowledge, that explains its zero tolerance for behavior that may involve violations. We see this especially in the field of prevention of bribery, which is also expected the translation of the document to the languages spoken where the organization operates, so no one can claim ignorance. In some high standards, as the Ethics or Codes of Conduct, usually included general guidelines on the matter, capable of development by other rules or more detailed internal policies. In this sense, the ISO 19600 standard on Compliance Management Systems (CMS) refers to the Policy Compliance, just as the next standard ISO 37001 on Anti-Bribery Management Systems (ABMS) will refer the Anti-Bribery and the next UNE 307101 on Compliance Management Systems will require a criminal criminal Compliance Policy. Develop the work of prevention, detection and own a system of Compliance required to make public the values and principles governing the organization in that area reaction. Policy Compliance, both general and specific (in criminal prevention, for example), are a key element in any system of management and, therefore, no longer a simple diluted in the magma of its recommendations or requirements element to become undisputed protagonists. Hence the growing importance of this element have perfectly identified.
Regulation compared anti-bribery and modern international standards Compliance generally require that the document revealed zero tolerance for conduct contrary to the intended objectives (which lead to bribery, for example, in the Policies anti-bribery, or that They lead to the commission of crimes attributed to the legal person, in the case of criminal prevention). It is logical that organizations and express their frontal opposition and incondicionadaa behaviors that precisely want to prevent, detect or against which it will react strongly. Under this constraint, there are those who question whether it makes sense to speak of risk appetite in the criminal prevention.
If we understand that risk appetite related to voluntarily assume that any contrary to the objectives of Compliance event will happen, that will seem contradictory to the principle of zero tolerance. However, if risk appetite is associated with exposure to risk (of bribery or criminal, for example) and not with tolerance to certain behaviors that can materialize, then two concepts are not incompatible in a model of Compliance . Here are some examples.
No organization expressing zero tolerance to crime may, at the same time admitting or residually conduct involving the commission, the contradiction that entails, «though not tolerate the commission of crimes, we are willing to accept that committed some occasionally». If the objectives of the company not figure becoming criminal organization, it is clear that it can not accept any amount of criminal risk in the sense I am describing.
However, an organization may itself voluntarily assume some degree of exposure to criminal risk, which does not mean tolerating «though not tolerate the commission of crimes, we are willing to operate in certain areas where they can occur, because we have the means to prevent them, detect and react to them. » In this perspective, risk appetite is correlated with the ability to limit exposure to risk in this case -penal accordance with the objective of zero tolerance, but not accept it as a necessary evil.
The distinction between «assume a lot of risk» or «take the risk exposure» may be inconsequential in other management models, but not in Compliance, where risk appetite can never be interpreted as freedom to admit certain potentially illicit behavior, but reject, setting precisely the precautionary measures to prevent, detect and act always in accordance with the law. In the Kit Deployment Compliance published this month, precisely, it provides a number of tools to investigate and report incidents of Compliance, such as forensic investigations and reports operational, very useful to keep constant the target tolerance zero to crimes.
01. 09. 2016 written by Alain Casanovas – Tags: risk appetite, codes of ethics, crime, ISO, Compliance Kit deployment, Policy Compliance, Prevention of Bribery
Often the rules governing the Compliance requires a document of the organization, dissemination and general knowledge, that explains its zero tolerance for behavior that may involve violations. We see this especially in the field of prevention of bribery, which is also expected the translation of the document to the languages spoken where the organization operates, so no one can claim ignorance. In some high standards, as the Ethics or Codes of Conduct, usually included general guidelines on the matter, capable of development by other rules or more detailed internal policies. In this sense, the ISO 19600 standard on Compliance Management Systems (CMS) refers to the Policy Compliance, just as the next standard ISO 37001 on Anti-Bribery Management Systems (ABMS) will refer the Anti-Bribery and the next UNE 307101 on Compliance Management Systems will require a criminal criminal Compliance Policy. Develop the work of prevention, detection and own a system of Compliance required to make public the values and principles governing the organization in that area reaction. Policy Compliance, both general and specific (in criminal prevention, for example), are a key element in any system of management and, therefore, no longer a simple diluted in the magma of its recommendations or requirements element to become undisputed protagonists. Hence the growing importance of this element have perfectly identified.
Regulation compared anti-bribery and modern international standards Compliance generally require that the document revealed zero tolerance for conduct contrary to the intended objectives (which lead to bribery, for example, in the Policies anti-bribery, or that They lead to the commission of crimes attributed to the legal person, in the case of criminal prevention). It is logical that organizations and express their frontal opposition and incondicionadaa behaviors that precisely want to prevent, detect or against which it will react strongly. Under this constraint, there are those who question whether it makes sense to speak of risk appetite in the criminal prevention.
If we understand that risk appetite related to voluntarily assume that any contrary to the objectives of Compliance event will happen, that will seem contradictory to the principle of zero tolerance. However, if risk appetite is associated with exposure to risk (of bribery or criminal, for example) and not with tolerance to certain behaviors that can materialize, then two concepts are not incompatible in a model of Compliance . Here are some examples.
No organization expressing zero tolerance to crime may, at the same time admitting or residually conduct involving the commission, the contradiction that entails, «though not tolerate the commission of crimes, we are willing to accept that committed some occasionally». If the objectives of the company not figure becoming criminal organization, it is clear that it can not accept any amount of criminal risk in the sense I am describing.
However, an organization may itself voluntarily assume some degree of exposure to criminal risk, which does not mean tolerating «though not tolerate the commission of crimes, we are willing to operate in certain areas where they can occur, because we have the means to prevent them, detect and react to them. » In this perspective, risk appetite is correlated with the ability to limit exposure to risk in this case -penal accordance with the objective of zero tolerance, but not accept it as a necessary evil.
The distinction between «assume a lot of risk» or «take the risk exposure» may be inconsequential in other management models, but not in Compliance, where risk appetite can never be interpreted as freedom to admit certain potentially illicit behavior, but reject, setting precisely the precautionary measures to prevent, detect and act always in accordance with the law.[:]