Next month will be the fourth anniversary of the adoption of the General Corruption Prevention Regime (RGPC) in our country. According to the aforementioned regime (Decree-Law No. 109-E/2021, of December 9), which also includes the General Protection Regime for Whistleblowers of Infractions (Law No. 93/2021, of December 20), entities, public or private, that have 500 or more employees must adopt a set of care and protection measures and instruments regarding the risks of being victims of fraud and corruption.
These measures translate into the adoption of:
i) Codes of Conduct (CC), which identify the ethical values that best fit your activity, and behavioral references to be taken into consideration by everyone who performs functions therein;
ii) Plans for the Prevention of Corruption Risks and Related Offenses (PPR), which, in advance and in an internal critical analysis process, participated by the most experienced managers and workers in each functional area, identify the weaknesses or risks of corruption in each department, and adopt preventive measures that, reasonably, allow the reduction of the probability of them occurring;
iii) Reporting Channels (CD), which make it possible to uncover occurrences of fraud and corruption (mismanagement in a generic sense) that persist, in the sense that, with legally valid evidence, the appropriate punishments are applied to their perpetrators;
iv) Communication and Training Programs (PCF), which must be attended by everyone who works in the entity, including top managers, with the purpose of involving them regarding the importance of issues of ethics, integrity, fraud and corruption, as well as the knowledge of the content and compliance with the measures contained in the instruments indicated above;
v) An Internal Control System (ICS), through which the entity identifies, systematizes and articulates the various instruments defining its organization and management, including those that respect the RGPC that we indicate here;
vi) Responsible for Regulatory Compliance (RCN), a role of great relevance and responsibility, which must constantly check and ensure that all RGPC instruments exist in the organization, that everyone who performs functions there knows them and adequately complies with the measures contained in them. The RCN must also ensure the timely and adequate production of annual PPR execution reports, as well as updates to the CC and PPR every three years.
Under the terms of the same diplomas, failure to comply with this framework of measures is likely to lead to the application of financial sanctions provided for in article 20 of the Annex to Decree-Law no. 109-E/2021, of December 9, and in article 7 of Law no. 93/2021, of December 20.
Due to its nature, the RGPC’s framework of instruments and measures is recognized as adequate to strengthen organizations in defending ethics and integrity problems. They include measures that promote integrity (the CC), risk prevention (the PPR), incident detection (the CD), worker involvement (the PFC), and ongoing monitoring (the RCN), as well as simple systematization of the entity’s entire organization, management and control architecture (the SCI).
However, in order for them to more adequately achieve this strengthening, they will need to be properly operationalized. Let them get off the ground, as is often said. That there is leadership in their dynamism, and that they are effectively brought to the attention and reflection of all those who carry out activities in the entity.
And for there to be leadership, it will be necessary for top management to be directly involved, in a permanent, enthusiastic, clear and unequivocal way, in the entire process of elaboration, articulation and dynamization of instruments within the organization, including participation in Training and Communication Programs, as well as in the exemplary role that must be taken in fully complying with the planned measures, in the logic that the example comes from above.
For academic, training and professional reasons, I have had the opportunity to closely monitor the way in which many entities in Portugal seem to be complying with the RGPC.
And what I have witnessed, in this context, also shows me a concern on the part of the top management of organizations focused mainly on complying with the formalities of adopting instruments, in some cases, purchased on the market, to avoid the application of sanctions, and less on the leadership involved in the process of dynamizing the RGPC, that is, on making more effective use of its potential for protective utility of the entity.
In practice, these signs have mainly resulted from two pieces of evidence:
a) top managers of organizations practically do not attend training sessions (the PCF), neither preparation nor dissemination. of the RGPC of their entities, thus not participating in debates or reflections, with the aggravating factor of transmitting signals to managers and workers that all this work is relatively important;
b) many middle managers and the majority of the entities’ workers do not know, have never read, or do not know that their organization has a set of instruments that promote integrity and prevent corruption risks, even when these instruments have been available on their entities’ websites, sometimes for some years.
The leadership and involvement of all employees of organizations in the preparation, dynamization, knowledge and compliance with the RGPC instruments is a fundamental component to enhance their effectiveness, as well as to improve the quality of the service they provide, and also to reinforce trust among citizens in general.