Organisational models for Italian branches of foreign companies in accordance with Legislative Decree no. 231/2001

Publication | April 2012


This briefing relates to the application of Italian Legislative Decree no. 231 of 8 June 2001 (the “Decree”) on activities carried out in Italy by Italian branches of foreign companies and in particular to the adoption of internal organisational, management and control procedures to minimize the risk of non-compliance with applicable legal requirements and to prevent the commission of offences in the interests of, or for the benefit of, the company (the “Organisational Model”).

Legal framework

The Decree provides a regulatory framework for corporate accountability, according to which companies may be held liable, fined, subject to restraining orders to prohibit the exercise of the company’s activity and confiscation orders, if expressly provided for by the Decree, in relation to certain offences committed, or attempted, by officers, managers or their subordinates as well as by third parties (suppliers, partners, consultants, etc.). Furthermore, the company itself may be subject, directly and independently, to sanctions in connection with the offences committed by such individuals, unless they have acted exclusively to their own advantage or in the interests of third parties.

The company’s liability is in addition to the liability of the actual offender.

Entities falling within the scope of the Decree: branches of foreign companies

The provisions of the Decree apply to companies and associations with or without legal personality and also, according to consolidated case law and legal doctrine, to companies with a registered office abroad, operating in Italy through a branch.

In a landmark case of 27 April 2004, the Court of Milan held the Italian branch of a German company liable for one of the offences provided for by the Decree, committed by a consultant of the company in the interests of the company itself. In particular, the judge maintained that: “any foreign individual or corporation operating in Italy has the duty to comply with Italian law, and thus also with the provisions of the Italian Legislative Decree no. 231/20011.

The provisions of the Decree also apply to foreign entities operating in Italy, regardless of whether or not the legislation of the country of origin of such entity provides for a set of regulations similar to the provisions of the Decree. For example, in the case referred to above, the judge held that the absence of a rule of German law on organisational models for the prevention of the commission of crimes did not exempt the German company’s Italian branch from having to adopt such an organisational model to escape any liability.

  1. At first instance, the company was fined and a restraining order prohibiting any dealing with the Italian Public Administration for one year was imposed on the company after one of its consultants had been found guilty of bribery. On appeal, the restriction was limited to the operations of a particular division of the company (which stopped that division’s operations in Italy altogether).


Articles 24 to 26 of the Decree provide for the offences in relation to the commission of which the entity concerned can be held liable. Such offences fall into the following categories:

  • crimes against public bodies
  • offences to the detriment of public confidence such as falsification of currency and other generally recognised payment instruments
  • corporate crimes
  • criminal offences related to terrorism and subversion of democratic order
  • market abuses
  • criminal offences against individuals
  • criminal offences against life and personal safety
  • manslaughter and grievous and extremely grievous bodily harm committed in breach of the provisions for the protection of health and safety in the workplace
  • money-laundering related crimes of handling or receiving stolen goods, laundering and use of cash, goods or benefits originating from unlawful activities
  • IT offences and unlawful management of IT data.


The Decree provides for the following sanctions in connection with the aforementioned offences:

  • fines
  • restraining orders
  • confiscation orders
  • publication of sentence.

Restraining orders may have the following nature:

  • prohibition on the exercise of business activity
  • suspension or revocation of authorisations or licences that have proved necessary for the commission of the offence
  • prohibition on dealing with the Public Administration
  • exclusion from Public Administration funding, contributions or financing
  • prohibition on advertising goods or services.

Conviction of the entity for any of the offences provided for in the Decree will always result in the imposition of a fine, set in accordance with the criteria indicated in the Decree. However, restraining orders are imposed only upon occurrence of at least one of the following conditions:

  • the entity has gained a significant profit from the offence, the commission of which has also been caused by a lack of organisational controls within the entity
  • it is a repeated offence.


Pursuant to art. 6 of the Decree, the entity may be able to rely on a defence and be exempted from liability if it can prove that:

  • it has adopted, and effectively implemented, an Organizational Model prior to the commission of the offence of the kind actually committed
  • it has appointed an internal control committee, known as “organismo di vigilanza”, with independent powers of action and control
  • proof is given that the officer, manager or their subordinates that committed or attempted to commit the offence fraudulently eluded the Organizational Model
  • the internal control committee has conducted adequate monitoring.

The adoption of the Organizational Model is optional and not compulsory, but the entity may not be able to rely on any other defence if an Organizational Model has not been adopted.

To ensure its effectiveness, the Organizational Model has to, inter alia:

  • define and highlight the business activities in relation to which crimes may be committed;
  • design and implement a specific set of protocols for specific areas of risk for the commission of offences;
  • define the management of adequate financial resources to prevent the commission of any offence;
  • provide and regulate an adequate flow of information to the internal control committee;
  • introduce an effective sanctioning regime in the event of failure to comply with provisions set out in the Organizational Model;
  • make provisions for adequate training programs for staff and high management.


The implementation of the Organizational Model does not exempt the entity from having to stand criminal trial, but courts may be more lenient in sanctioning entities that have adopted an Organizational Model prior to the commission of one of the offences provided for in the Decree by its officers, managers or their subordinates.

In addition, a decision of the Court of Milan established the principle that failure by an entity to adopt an adequate Organizational Model may constitute ground for a successful lawsuit against members of the company’s board of the directors. In its judgment of 13 February 2008, the Court of Milan held that the chairman of a company’s board of directors and its managing director had to contribute 50 percent of the fine imposed on the company under the Decree, in consideration of their duty to adopt (or to have adopted) an Organizational Model by the company and their failure to do so.

Subscribe and stay up to date with the latest legal news, information and events... Register now