Get support from A&P

Model 231: what it is and when it is mandatory, according to Italian law

The definitive guide on Model 231, including its benefits and the reasons why companies should adopt it.

Table of Contents

Legislative Decree 231/01 has introduced the principle according to which companies can be held liable for committing offences. Although defined as administrative, this liability is in fact criminal in nature.

Model 231 is the main protection available for companies against such liability.

The decree applies to companies, consortia, cooperatives, associations, foundations and other economic public entities.

Model 231: what is it?

Model 231, also referred to as MOG (i.e. Organisation and Management Model), is a document that outlines a series of company procedures aimed at preventing the commission of offences for which the company could be held liable, in the performance of its activities.

Model 231 therefore represents a protection tool for the company, which serves to demonstrate its commitment to protecting employees and avoiding any repercussions in the event of litigation. 

The adoption of Model 231 also requires the company to appoint an SB (Supervisory Board), which is in charge of monitoring the efficiency of the Model and its effective application.

What are the objectives of Model 231?

Model 231 is the ideal solution for preventive risk management, in particular concerning certain elements:

  • Organisational provisions;
  • Procedures;
  • Forms;
  • Codes of conduct.

When is Model 231 mandatory?

The adoption of Model 231 is not mandatory. However, as established in the previous paragraph, it is a tool that allows companies to prevent the perpetration of offences and to limit their liability in terms of sanctions, avoiding the consequences that this would entail.

Indeed, Legislative Decree n. 231/01 establishes:

  • Pecuniary sanctions;
  • Prohibitory sanctions;
  • Seizure;
  • Publication of the judgment.

In other words, although not mandatory for companies, the MOG could constitute the only tool for protection against the risk of being charged with possible penalties.

What are the benefits of adopting Model 231?

Based on what has been said so far, companies should therefore adopt Model 231, because it may be the only way to prove the commitments made against the occurrence of potential risks in the workplace, and to avoid criminal charges.

Predicate offences

There are different offences for which company liability may be recognised.

In particular, those related to employees’ safety must be pointed out:

  • Manslaughter; or
  • Serious or very serious injury, committed in violation of health and safety regulations.

Such possibility must be considered especially in the case of employees working in complex geo-political contexts.

Indeed, employers are required to protect their employees’ safety also in case of assignments abroad.

For more information on the responsibility of companies in terms of safety of workers abroad, read our article on employer duty of care.

Indeed, Legislative Decree n. 231/01 provides for company liability in all cases where also the natural person who has committed an offence abroad must be sanctioned, in accordance with artt. 7, 8, 9 and 10 of the Italian Civil Code.

What are the criteria for imputation?

Company liability applies in the presence of objective criteria for imputation, which are interest and advantage. Indeed, the actions of those who operate on behalf of a company are to be considered as actions made by the company itself. It follows that the company is liable for the offences committed, in its interest or for its benefits, by persons operating in its name or on its behalf,

In addition to objective criteria, there are also subjective criteria for imputation. Legislative Decree n. 231/01 states that the offence must have been committed by top management or by persons subject to the direction/supervision of third parties.

Top management refers to administrators, management board and supervisory board members, general managers, persons to whom have been transferred or delegated functions, persons who manage branch offices with financial and functional autonomy, recipients of workplace health and safety regulations or liquidators.

Model 231: when is the company liable?

If the offence is committed by a person subject to the direction/supervision of third parties, the company is only liable  if the public prosecutor proves that the commission of the offence occurred as a result of failure to comply with management or supervision obligations.

If the offence has been committed by a top management person, the company shall not be liable if it proves that it had effectively adopted a Model 231, and that the top management person committed the offence by fraudulently circumventing such Model.

To be exempt from liability, the company shall also prove that the task of supervising Model 231 had been entrusted to the supervisory body, as well as that no omission/insufficient supervision have been made by that body.

On this basis, going back to the initial question of this section, on the advantages of Model 231, we could conclude that it has the dual purpose of preventing the commission of offences and limiting the liability of the company in terms of sanctions.

Who is in charge of drafting Model 231?

The responsibility to adopt the model lies with the Company’s Governing Body, e.g. the Board of Directors, which is required to appoint a Supervisory Board (SB).

The Supervisory Board is in charge of enacting Model 231 and supervising on its functioning. This means that the Board must ensure that the model is complied with.

The Supervisory Board may be monocratic, i.e. composed of a single person, or collective, i.e. composed of several members. In both cases, the members may be either internal or external to the company.

However, due to the principles of autonomy and independence which must necessarily characterise the Body, companies usually choose to rely on individuals who are not already associated with them through employment relationships. In case of a collective supervisory board, internal subjects may often be present.

Who are the recipients of the Organisation, Management and Control Model?

As has already been pointed out, all companies that choose to adopt a Model 231 are required to comply with it.

Within companies, the recipients of the model are mainly the subjects who have greater autonomy and power within the organisation, and thus could act in a more uncontrolled manner and engage in fraudulent behaviour. 

How is the Organisational Model 231 composed?

The fundamental elements of Model 231 are as follows:

  1. A general section outlining the contents of Law n. 231, an explanation regarding the composition of the company, the Supervisory Board and the drafting of the document;
  2. A special section illustrating the specific protocols related to any sensitive activities to be undertaken by the company;
  3. An analysis of the processes, activities and persons involved, with a special focus on sensitive activities that could be considered at risk of offences;
  4. A Risk Assessment and Gap Analysis section, i.e. an assessment of the individual risks applied to each sensitive activity;
  5. A code of ethics of all the values and rules of conduct governing the conduct of company activities;
  6. A document describing the sanctions that those who violate the model could face.

Special Section on Travel Security, for activities performed abroad

The processes related to foreign assignments may not be clearly defined or included in Model 231. Therefore, the special section on travel security aims to add introductory considerations to Model 231, followed by specific analysis of the work activity carried out abroad.

Thanks to this analysis, the company can define the scope of the risk to which workers will be exposed.

Studio A&P, together with its legal partners, provides a consulting service for the drafting of Model 231, in its general and special parts, in accordance with the directives of Legislative Decree 231/01.  In particular, Studio A&P can provide assistance in drafting the special section for travel security.

Does the Organisation, Management and Control Model need to be updated? 

Once drafted, Model 231 will still need to be updated if the company’s processes are expanded, or if there are changes in the internal or external context (e.g. the addition of new products or services), including the assignment of new responsibilities.

Moreover, updates may be necessary if the model proves to be invalid following audits. It may also need to be updated in the event of regulatory changes.

If not updated, the model may no longer be considered valid. 

The appropriate checks must be carried out by the Supervisory Board, which, as already indicated, is obliged to monitor the adequacy of the model over time.

However, the responsibility for updating, as well as for adopting Model 231, lies with management.

What risks do those who violate the provisions of Model 231 face?

The consequences that individuals may face in case of violation of the provisions of the organisational and management model, pursuant to Legislative Decree n. 231/01, are sanctions aimed to damage the company’s assets, undermining the company’s image on the market, as well as affecting the company’s structure/organisation.

It is worth noting that, where the conditions exist for the application of a prohibitory sanction ordering the interruption of the company’s activity, the court, in lieu of the application of such sanction, may order the continuation of the activity by a court-appointed administrator, for a period equal to the duration of the prohibitory sanction that would have been applied.

Furthermore, the aforementioned sanctions may also be applied as a precautionary measure, i.e. prior to the conviction. The decree also provides for the applicability of real precautionary measures. The court, in fact, may order the preventive seizure of the assets that may be confiscated, or the precautionary seizure of the movable and immovable assets of the company or of the sums or things owed to it.

Sanctions and special cases: changes to the corporate structure, mergers, de-mergers and transfers

What mentioned so far applies also in case of changes to the corporate structure. Indeed, in case of transformation, the company’s liability for the offences committed prior to such transformation persist.

In case of a merger, instead, the resulting company is liable for the offences for which the companies participating in the merger were liable. In the event of a de-merger, the de-merged company remains liable for the offences committed prior to the date in which the operation has become effective.

Also in the case of a company transfer, the joint and several liability of the transferee company persists for pecuniary sanctions, where the offence has been committed in the performance of the transferee company’s activity.

In light of the above, although it is not mandatory, the adoption of Model 231 is crucial to protecting the company from liabilities that may have similar effects on a sanctionary level.

Who sanctions non-compliance with Model 231?

Failure to comply with Model 231 must always be detected by the Supervisory Board.

In the event of any infringement, the Supervisory Board will ask the subjects concerned to justify their conduct in writing.

The Supervisory Board will then assess the validity of this communication, and if it does not consider it sufficient, it will inform the Office in charge of sanctions, (usually the HR Department) which will draw up a report and notify the General Management.

Contact Studio A&P

Regulatory Framework

Legislative Decree n. 231/2001

Reference (Italian only)

Book a free demo of our Software

Learn how to plan safe business trips and minimize corporate liability with a live demo of A&P Software on Travel Risk Management.

Don't miss out on the latest updates

Get free updates from our Experts on Immigration, Posting Workers, International Taxation and more.