Services: RGPC e Whistleblowing

Type: Articles

General Regime for Prevention of Corruption (RGPC)

Decree-Law No 109-E/2021, which creates the National Anti-Corruption Mechanism (MENAC) and establishes the General Regime for Prevention of Corruption (RGPC) comes into force today, June 7th, 2022.

This Decree-Law follows the approval of the National Anti-Corruption Strategy, with the aim of implementing the priorities established therein, improve institutional practices on transparency, prevent and detect corruption risks in public action and engage the private sector in the prevention and repression of corruption.

To better pursue these objectives, the Decree-Law creates the MENAC, an administrative entity whose purpose is to promote and control the implementation of the RGPC, issue the guidelines and directives to which the adoption and implementation of the compliance programs must obey, supervise the execution of the RGPC, as well as initiate, instruct and decide the proceedings related to the practice of the administrative offences foreseen in the present regime.

This Decree-Law establishes a punitive framework for the non-compliance with the measures foreseen therein.

We highlight below some of the legal aspects foreseen in this new piece of legislation:


  1. To which entities does the RGPC apply?

The RGPC is applicable to legal persons with headquarters or subsidiaries in Portugal and to services and legal persons of the direct and indirect administration of the State, the autonomous regions, the local authorities and the corporate public sector, provided that they employ 50 or more workers.

The RGPC is also applicable to independent administrative entities with economic activity regulation functions in the private, public and cooperative sectors and to the Bank of Portugal.


  1. What measures must be implemented by the entities covered by the RGPC?

To prevent and detect the risks of corruption and related infractions, the entities covered by the RGPC are required to adopt and implement a regulatory compliance program, which must include:

  • A plan for the prevention of risks of corruption and related infractions (PPR);
  • A code of conduct;
  • A training program to make employees and collaborators aware of prevention policies and procedures;
  • An internal channel for complaints.

A system of internal control must also be implemented to ensure the effectiveness of this program and the impartiality of procedures and decisions.

In parallel, a compliance officer should be appointed to ensure and monitor the implementation of the compliance program.

Both the PPR and the code of conduct must be reviewed every three years or whenever there are changes in the attributions or in the organic or corporate structure that justify its revision.

In order to identify possible conflicts of interest within private entities, it is also mandatory the implementation of risk assessment procedures regarding third parties acting on their behalf, suppliers and customers, enabling the identification of the actual beneficiaries.

The entities covered by the RGPC must also have internal reporting channels, in accordance with the provisions of Law No. 93/2021, for their employees to report acts of corruption and related offences.


  1. What must the Risk Prevention Plan (PPR) contemplate?

The PPR shall contain the identification, analysis and classification of risks and situations that may expose the entity to acts of corruption and related infractions, as well as the preventive and corrective measures to reduce the likelihood of their occurrence and the impact of the risks and situations identified.

The PPR shall also i) specify the areas in which the entity considers there is a risk of corruption and related infractions; ii) predict the probability of occurrence and foreseeable impact of each situation, in order to minimize the risks; iii) indicate the preventive and corrective measures to reduce the probability of occurrence and impact of the risks; and, iv) appoint the general person responsible for the execution, control and review of the PPR.


  1. What should be included in the code of conduct?

The code of conduct, which shall be publicized to all workers, shall contain the set of principles, values and rules of conduct of all managers and employees with regard to professional ethics, taking into account the penal rules on corruption and related offences, and shall identify the disciplinary sanctions that may be applied in the event of non-compliance with the rules, as well as the criminal sanctions associated with acts of corruption and related offences.


  1. What shall be considered as “related offences” for the purpose of the application of the RGPC?

Under the RGPC, related offences are understood to be the crimes of corruption, active or passive, undue receipt and offer of advantage, embezzlement, economic participation in business, abuse of power, prevarication, traffic of influence, laundering or fraud in obtaining or diverting a subsidy, grant or credit.


  1. What are the consequences of non-compliance with the law?

The RGPC also foresees, in Article 20, a penalty regime for situations in which the entities do not implement the PPR, the code of conduct or an internal control system or, furthermore, when they adopt or implement the PPR, but one or some of the legally foreseen elements are missing.

In the event of such situations of non-compliance, and without prejudice to any civil, disciplinary or financial liability that may arise, an administrative offence will be committed, punishable by a fine ranging from € 2,000.00 to € 44,891.81, in the case of a legal entity or equivalent, and up to € 3,740.98 in the case of individuals.

Subsidiarily, the members of the Board of Directors or managers of the legal persons or equivalent entities are liable for the payment of the fines, in accordance with Article 22 of the RGPC.

This new preventive approach demands the adoption of effective measures, which are to be determined after an evaluation intended to assess the risks each different entity might face, in order to mitigate them.

It should be noted that chapter IV of the RGPC, which establishes the sanctions and disciplinary responsibility of the leaders of public entities, of the holders of management positions covered by the RGPC and of the employees of any covered entities who fail to report infractions or provide false or erroneous information will only become effective on June 7th, 2023.

Thinking about tomorrow? Let's talk today.