Costa Rica | Compliance programs to reduce the criminal liability of legal persons for acts of corruption

2 Jun, 2023 | Noticias-en

According to the “Law on the Liability of Legal Entities on Domestic Bribery, Transnational Bribery and other Crimes” (“Law”), legal entities (domestic or foreign), and other commercial figures (such as trusts, associations and foundations), they will be criminally responsible for their acts of corruption. Similarly, the parent companies for actions of their subsidiaries and affiliates. The foregoing, without prejudice to the individual criminal responsibility of individuals for the commission of said crimes.

The Law imposes criminal sanctions such as: (i) Fines between 1,000 and up to 10,000 base salaries (approximately between US$715,000.00 and US$7,150,000.00); (ii) Loss or suspension of state benefits or subsidies for a period of 3 to 10 years; (iii) Disqualification from participating in contests or public tenders for a period of 3 to 10 years; (iv) Total or partial cancellation of the operating or operating permit, the concessions or contracts obtained as a result of the crime; and (iv) Dissolution of the legal entity.

Among the Law’s innovations, there is an incentive for companies to implement an “Optional Organization, Crime Prevention, Management and Control Model” (“ Model ”); which will serve as a mitigation of their sanctions up to 40%.

For this reason, on August 26, 2021, the Regulations to the Law were published in the Official Gazette, with the aim of regulating and guiding the minimum content required for the Model -and thus opt for the benefits of the Law- (“ Regulations ”). The Model is optional to adopt, and can work both independently or as part of other models and local or global programs of the companies.

Some aspects to note about the Model, according to the requirements of the Regulation:

  • Risk Assessment:  The first stage for the implementation of the Model should be the assessment of risks derived from the geographic and business context of the company. The Regulation includes the parameters and methodology that must be followed for risk assessment (and its subsequent management). The risk assessment tool must contain the deadlines for its update.
  • Due Diligence:  The Model must include a due diligence mechanism for business partners that present a medium or high level of risk or exposure. The Regulations indicate the minimum items to be considered during the due diligence process. There is an obligation to maintain updated information on said business partners. The review can be done internally or with external resources.
  • Communication:  The Model and the tools that make up the prevention policy must be made available to all levels of the hierarchical structure of the company, its relational entities, and, if possible, its counterparts.
  • Compliance Agent:  The company must designate a person or entity, internal or external, that has sufficient means and powers to perform their duties, which will be in charge of supervising the operation and compliance with the Model. The person in charge must have functional autonomy from senior management.
  • Monitoring:  The adoption of the Model must be verifiable and of sustained application over time. Its operation must be monitored and evaluated in order to detect failures, weaknesses, opportunities for improvement, or any other element that may add to its proper functioning.
  • Audit:  The company must carry out an external audit of the Financial Statements maximum every three years. Likewise, you must carry out an internal audit as a crime prevention method, at least once a year.
  • Complaint Mechanisms : The company must have clear complaint channels, well-established investigation procedures, and guarantees of protection for whistleblowers.

In Chapter IV of the Regulation, the minimum requirements for the SMEs Model are expressed, in a differentiated way – which are more accessible to comply with.

In general terms, the company must develop the necessary regulatory tools, internal control systems, programs and/or management models – always considering its own characteristics, its line of business, size, complexity, nature and particularities of action. Among the behaviors to regulate, there is the granting of gifts, hospitality, entertainment, representation expenses, client trips, entertainment, political contributions, donations for charitable purposes and sponsorships; as well as the risks of committing crimes of corruption.

For more information you can contact:




Juan Carlos Tristan | BLP Partner |

Janelle Christie | BLP Associate |


You might be interested