National Anti-Corruption Mechanism and general corruption prevention regime

On June 7, 2022, Decree-Law No. 109-E/2021, which created the National Anti-Corruption Mechanism (MENAC) and established the General Regime for the Prevention of Corruption (RGPC), came into force.

The said Decree-Law was created with the aim of improving institutional practices in terms of anti-corruption strategies and transparency and created the MENAC (National Anti-Corruption Mechanism). This assumes the nature of an independent administrative entity, with legal personality under public law and powers of authority, endowed with administrative and financial autonomy. Its mission is to promote transparency and integrity in public action and ensure the effectiveness of policies to prevent corruption and related offenses. The creation of a mechanism with this type of functions is also foreseen in article 6 of the United Nations Convention against Corruption, of 31 October 2003, ratified by Decree of the President of the Republic n. º 97/2007, from September 21st.

The GDPR is applicable to a company or entity that processes personal data within the scope of the activities of one of its branches established in the EU, regardless of where the data is processed; or to a company incorporated outside the EU that offers goods/services (paid or free) or monitors the behaviour of people in the EU.

In general, these obligations relate to companies headquartered in Portugal and branches present in the national territory of legal persons headquartered abroad that employ 50 or more workers.

Among the various obligations, it is worth noting the creation of a risk prevention plan for corruption and related offenses (PPR), a code of conduct, a training program and a reporting channel, as well as the implementation of monitoring and evaluation of the program established to achieve regulatory compliance. In this regard, a responsible person should also be designated for this purpose.

The main objective is for companies to implement measures in order to prevent and detect the risks of corruption and other related infractions: crimes of corruption, undue receipt and offer of advantage, embezzlement, economic participation in business, concussion, abuse of power, prevarication, and influence peddling, money laundering or fraud in obtaining or diverting a subsidy, subsidy or credit, provided for in the Penal Code and separate criminal legislation.

For non-adoption or poor or incomplete adoption of regulatory compliance programs, sanctions are foreseen, namely administrative offences, applicable both to the public and private sectors, determining, furthermore, that very serious administrative offenses are punished with a fine of € 2,000.00 to € 44,891.81, in the case of a company or equivalent entity, or up to € 3,740.98, in the case of individuals; serious offenses are punishable with a fine of €1,000.00 to €25,000.00, in the case of companies or equivalent entity, or up to €2,500.00, in the case of individuals.

Individuals and companies or equivalent entities are responsible for the commission of administrative offences, when the facts have been committed by the holders of their bodies, agents, representatives or workers in the exercise of their respective functions or in their name and on their behalf.

On the other hand, the responsibility also falls on the holders of the management bodies or leaders of companies or similar entities, the person responsible for regulatory compliance, as well as those responsible for managing or supervising areas of activity in which an offense is committed, when practice the facts or when, knowing or having to know about their practice, they have not adopted the appropriate measures to put an immediate end to them. In the event that several persons are responsible, their responsibility is joint and solidary.

Chapter IV of the RGPC, which establishes the sanctioning regime and the disciplinary responsibility of the directors of public entities, of the holders of management positions covered by the RGPC and of the employees of any entities covered who fail to report infractions or provide false or erroneous information will only produce effects from June 7, 2023. Regarding medium-sized companies, this production of effects will only take place on June 7, 2024.