The 231 Risk in Multinational Groups: Towards a Systemic Compliance Approach
The Italian anti-corruption framework is often compared to the UK Bribery Act and the French Sapin II. What are the main differences?
The Italian Legislative Decree 231/2001 is broader in scope. Unlike the Bribery Act 2010 and Sapin II, which focus mainly on corruption, the Italian law covers around 200 offences — including violations of workplace safety, copyright, tax, accounting and environmental laws. Moreover, it introduces a form of administrative liability for companies, judged in criminal court, which is unique in its combination of public and private enforcement mechanisms.
What are the consequences for companies when one of their employees commits an offence listed in Decree 231?
The consequences can be severe. If a company gains an advantage or benefit from the offence, it may face pecuniary or disqualifying sanctions — in serious cases, even judicial administration or forced closure. That’s why prevention systems are crucial.
What tools does the Decree provide to mitigate or exclude corporate liability?
Companies can adopt an Organizational and Management Model (Modello 231) and appoint a Supervisory Body. These act as both prevention mechanisms and as a legal shield. If effectively implemented and enforced, they may exclude the company’s liability even when a crime has occurred.
There has been growing attention to liability within multinational groups. What is the current position of Italian courts?
Recent case law, including Supreme Court ruling no. 14343/2025, confirms that liability can extend to the parent company — even if it is foreign — or to other entities in the group. This happens in what is known as the “ascent of liability”, when the employee of a subsidiary commits a crime that also benefits the parent or when there are tight organizational-functional links.
Is the legislator intervening on this matter?
Yes. A draft law under parliamentary review would formalize the principle by stating that group liability extends to the controlling entity that exercises legal or de facto control over other companies. This would codify what courts are already anticipating.
What practical risks does this entail for multinational structures?
Significant ones. Liability may arise when employees are hired by one company but operate across several, or when directors and consultants hold top roles in multiple group companies. These situations blur the lines of organizational autonomy, increasing compliance risk.
What measures should multinational groups adopt to mitigate these risks?
First, all companies in the group — including foreign subsidiaries — should adopt their own compliance models or internal control systems. Second, overlapping roles (interlocking directorates) should be avoided. Third, group-wide training and information flows must be guaranteed. Lastly, communication among the Supervisory Bodies of the different companies is key to maintaining true independence.
What is the strategic shift companies should embrace in terms of compliance?
A systemic and tailored approach. Models must reflect the real structure and operational dynamics of the group, including overlaps, decision-making flows, and shared governance. The ultimate goal is to anticipate liabilities and build a resilient compliance architecture across jurisdictions.
