We invite you to read the opinion column by our partner Rodrigo Albagli, where he addressed the implications and challenges that the Economic Crimes Law has brought one year after its entry into force.
One year after the Economic Crimes Law came into force, we can say that this regulation had an immediate effect: it elevated compliance to high-level discussions in boardrooms and motivated a large number of companies in Chile to develop crime prevention models.
This initial change was key because many organizations understood that crime prevention is not just a legal issue, but a strategic factor that protects business continuity and reputation.
However, we must also recognize that many companies, after checking off the box of developing a crime prevention model, have left it as a static, almost decorative piece. A document that, without updating or follow-up, loses much of its value.
The law and best practices require that compliance be treated like any other critical area or function of the business, with clear objectives, assigned responsibilities, and measurable management tools.
In this regard, KPIs are essential. Simply measuring how many people have been trained is not enough; it is necessary to evaluate the real impact of these training sessions on employee behavior. The same applies to reporting channels: it is not enough to have them in place and measure the number of reports. It is necessary to know whether the channels are reliable and used, whether complaints receive a response, and whether they have prevented or corrected misconduct.
With regard to policies and procedures, it is essential to understand whether they are accessible, consulted, and useful. In short, a model without evaluation is merely a list of good intentions.
Another critical aspect is third-party risk management. The main cases of corruption globally occurred through the facilitation of third parties or intermediaries.
Today, in many companies, this management is limited to signing a declaration or clause at the beginning of the relationship with suppliers, contractors, or agents. This is insufficient; active and regular monitoring is required.
A supplier also has its own subcontractors, exponentially increasing exposure to risk. Although a breach by a third party does not always imply direct criminal liability for the company, it can cause reputational damage that is difficult to repair.
The inherent risk arises from the operation itself, and controls are implemented to mitigate it. But residual risk—the risk that persists even after controls are applied—also requires attention and must be consistent with the company’s risk appetite.
It may never be completely eliminated, but it can be understood and managed in a way that provides peace of mind, starting with the board of directors. Ignoring it is like quietly opening the door to serious contingencies.
The Economic Crimes Law is not a regulation to be complied with “out of obligation,” but rather an opportunity to strengthen compliance and corporate governance.
The main lesson learned from this first year of the regulation is that the measures adopted must have a real impact, mitigate risks, and build an ethical culture and trust among employees, customers, investors, and the community.
Column written by:
Rodrigo Albagli | Partner | ralbagli@az.cl
