In the current context of fighting corruption and strengthening a culture of ethics and corporate governance, there may be uncertainty about the role and duties of compliance officers and the insurance coverage for the risks incurred by them.

According to articles 153 to 157 of Law No. 6,404, of December 15, 1976, as amended (the Corporations Law), the main duties of directors and officers include: (i) the duty of diligence; (ii) the duty of loyalty; (iii) the duty of confidentiality; (iv) the duty not to act in conflict of interest; and (v) the duty to inform.

From this list, we highlight the general duty of vigilance that, although not explicit in the Corporations Law, is a corollary of the duty of diligence and may be deduced from paragraphs 1 and 4 of article 158 of the Corporations Law.

This obligation includes, inter alia, the relationship between bodies and the delegation of tasks and attributions. On the one hand, business owners or officers/directors cannot exempt themselves from responsibility if they delivered the management to third parties (professional officers) and did not supervise them properly. Even if an officer did not participate in the illegal act, if she fails to act or remains inert in view of an illegal act of another officer, she may be jointly liable. It is not expected, however, that officers serve as “auditors" of the work of others. The vigilance is expected to be carried out reasonably, based on the information available on which the officer may rely.

Directors and officers will not be personally liable for their business decisions when they act diligently, in a well informed, reflected, and disinterested manner, without deviation of conduct or omission in the exercise of their activities, because their obligation is to act reasonably, not to guarantee a result (the “business judgment rule” principle). However, directors and officers are liable for damages that they cause to third parties when they act within their duties under fault or intent or, also, in violation of the law or the articles of association/bylaws of the company.

The discussion of managerial accountability adds further complexity in the era of compliance. In a few words, compliance in the corporate world is the set of efforts and systems to act in accordance with laws and rules applicable to the company's activities, and following corporate values, ethical principles, and governance practices, taking into account the impacts caused to different stakeholders. In the midst of corruption scandals, companies in Brazil feel increasingly compelled to implement policies consistent with compliance, embodied in internal codes of conduct capable of ensuring compliance with legal norms and avoiding the practice of illegal activities.

In this sense, the compliance department will have the function of mapping the risks related to the company's actions and developing policies, mechanisms, and tools to deal with them. The role of compliance officers generally encompasses three main functions: (i) creation and implementation of the compliance program, in which the compliance officer develops, based on a risk assessment, the internal control measures to be adopted by the entity; (ii) operationalization of the compliance program, in which the compliance officer implements the integrity measures planned, disseminates the compliance program, and performs the training of the company's other employees; and (iii) management and improvement of the compliance program, in which the compliance officer periodically monitors and reviews the integrity structure of the legal entity, investigates any irregularities, and reports to their superiors.

In order to analyze the responsibility of compliance officers, it is necessary first to verify the conformity of their function and their powers, which, due to organizational differences, may yield possibly different answers, with a greater or lesser degree of accountability.

In most organizations, compliance officers are at a lower hierarchical level than the board of directors and the board of executive officers. They are tasked with implementing a system of prevention and detection, training employees, monitoring compliance with legal norms and internal company rules, investigating irregularities, and transmitting information to company management, with or without advice on how to proceed. A figure, therefore, devoid of final decision-making or disciplinary power.

A delegation of tasks that does not involve the transfer of powers to avoid the result would by itself exclude the delegation of the position of guarantor. Thus, the responsibility for avoiding the result caused by illegal acts committed by members of the company against third parties would remain in the hands of the original guarantor, that is, the officer appointed in the bylaws who delegates the power/competence.

If, in the specific case, the compliance officer is only entrusted with supervising compliance with legal norms and internal company rules (directly and through receiving complaints of irregularities), investigating irregularities, and transmitting the information to the company's management, we are faced with a case of partial delegation of the duties of guarantor, since the decision-making powers to intervene and directly avoid the result were not delegated to her. In these terms, the compliance officer would not be required to prevent the outcome from occurring, but only to take all possible steps to prevent it.

Often, the compliance officer's power in response to a misconduct is limited to reporting to her superiors. Thus, compliance officers who reported to their superiors the existence or threat of unlawful acts within under the company’s purview would be free of criminal liability, even if no action was subsequently taken by management to cease or avoid the criminal practice, because compliance officers in general do not have executive power to do so, nor do they have the duty to report to public authorities.

As a result of recent anti-corruption operations in Brazil, executives have turned their attention to protecting their assets. In this scenario, civil liability insurance for directors and officers (in English terminology, D&O insurance or Directors and Officers Insurance) gained prominence in Brazil, and the increase in demand called for changes in legislation.

On May 23, 2017, the Superintendence of Private Insurance (Susep) issued Circular No. 553 to establish general guidelines specifically applicable to civil liability insurance for officers and directors of legal entities. Until then, these rules were generally subject to the provisions of the Civil Code and the administrative rules issued by Susep and applicable to civil liability insurance.

D&O insurance is fairly common in large companies, many of them multinationals, and is purchased as a protection against the risk of damages caused to third parties by management acts by officers, directors, and managers who have acted under fault in their professional activity.

This kind of insurance preserves not only the individual assets of those who hold positions of management (insured), which encourages innovative corporate practices, but also the assets of the company purchasing the insurance and its shareholders, since in the end the company may be called to reimburse its officers and directors for any personal damages.

This insurance coverage does not, however, cover fraudulent acts, especially if committed to personally favor an officer or director to the detriment of the assets of the company. Regarding the subject, in a Special Appeal,^[1] the 3rd Panel of the Superior Court of Justice (STJ), in examining the limits and application of D&O insurance in Brazil, was as follows:

"In order to avoid a strong reduction in diligence or excessive risk-taking by the manager, which would compromise both the company's compliance activity and good corporate governance practices, the D&O insurance policy cannot cover intentional acts, especially if committed to personally favor an officer or director. In fact, the insurance risk guarantee cannot induce irresponsibility. (...) This means that the D&O insurance policy can never cover cases of fraud or willful misconduct, as well as acts by the director or officer motivated by mere personal interests, deteriorating the company’s assets. In fact, the commission of criminal offenses or fraudulent acts, especially against the capital markets, should not be encouraged." (emphasis added)

In the insurance market, insurers tend to expressly exclude from insurance policies coverage for fraudulent acts or corruption of public or private agents. Evidence from government investigations or leniency agreements that do not contain the prior approval of the insurers may cancel D&O insurance coverage. In cases of corruption, those who admit their willful participation by turning state's evidence or those who are convicted by the courts for willful acts will lose insurance coverage and will have to reimburse the insurer if it has advanced the costs of the legal defense.

In a recent appeal,^[2] the 1st Chamber Reserved for Business Law of São Paulo decided that the D&O insurance policy purchased by a contractor involved in Operation Car Wash does not protect officers and directors in cases of unlawful acts confessed through state's evidence turned, let alone intentional acts. If the criminal conviction or confession of crimes is proven through state's evidence turned, the insurance coverage will not apply and the Courts will not protect the officer or director who commits the illegal act.

In the same vein, on September 25, 2018, the Brazilian Securities and Exchange Commission (CVM) issued Guidance Opinion No. 38, with recommendations regarding indemnity agreements entered into between publicly-held companies and their officers and directors. This type of contract aims to ensure payment, reimbursement, or advance of expenses arising from any arbitral, civil, or administrative proceedings initiated to investigate acts carried out in the exercise of the functions of the officers and directors. While recognizing the value of indemnity agreements as legitimate instruments for attracting and retaining qualified professionals, the CVM recommends the adoption of rules and procedures aimed at ensuring that directors and officers comply with their fiduciary duties in order to guarantee balance between, on the one hand, the company's interest in protecting its officers and directors against financial risks arising from the exercise of their functions, in the context of administrative, arbitral, or judicial proceedings and, on the other hand, the company's interest in protecting its assets and in ensuring that its directors and officers act in accordance with the standards of conduct expected of them and required by law.

The guidance opinion establishes that expenses arising from acts of the officers and directors carried out are not subject to indemnification, among others: (i) those that are outside the scope of their duties (ultra vires acts); (ii) acts in bad faith, fraud, gross negligence, or willful misconduct; or (iii) acts in one’s own interests of the interests of a third party to the detriment of the company's corporate interests, including amounts related to indemnities arising from actions for liability or offered under the terms of a settlement. For more information on CVM Guidance Opinion No. 38, click here.

In a time of fight against corruption, accountability of officers and directors tends to gain new contours for compliance officers, considering their role in assessing business risks, developing internal controls, implementing effective compliance programs, and identifying and obstructing unlawful acts or fraud in bidding procedures. Thus, compliance officers’ accountability should be assessed on a case-by-case basis and will depend on their roles and attributions, resources and tools available, and powers of internal intervention, interruption, and disciplinary sanctions. In any case, D&O insurance policies will likely not cover intentional or grossly willful acts, especially if committed to favor an officer or director, to the detriment of the assets of the company.

^[1] REsp 1601555 SP 2015/0231541-7. Adjudicatory Body - 3th PANEL. Published in the Electronic Gazette of the Judiciary on February 20, 2017. Decided on: February 14, 2017. Opinion drafted by Justice Ricardo Villas Bôas Cueva.

^[2] Appeal No. 1011986-32.2017.8.26.0100, São Paulo State Court of Appeals (TJSP ), 1st Chamber Reserved for Business Law. Majority opinion drafted by Appellate Judge Cesar Ciampolini.