In June 2013 Brazil erupted in protests that gathered vast crowds in several cities across the country, with claims that varied in scope. One claim, however, was widely heard in unison: 'stop corruption!' was a mantra insistently repeated by protesters, putting politicians from across the political spectrum under an uncomfortable spotlight.

It was a surprising wake-up call. The matter was subject to heated debates for months during presidential elections in 2014 and climaxed with the Lava Jato operation of the Federal Police, which uncovered a large corruption scandal involving civil construction companies and politicians at the heart of a company which once made Brazilians proud: Petrobras. .

The public desire for ethics and compliance loudly voiced in the streets is certainly not to be understood as confined to politics and public servants. Corporations must hear the call and act accordingly. As senior politicians face jail sentences, detection mechanisms become more sophisticated and legislation becomes more effective and enforceable, a culture of compliance is starting to replace the long-standing perception of impunity that has contaminated the business environment.

One reason in particular must drive this new mindset: it always takes two to tango. If someone was bribed, someone had to pay.

Compliance programmes are not designed to make regulators happy. They make sure people follow the legal rules of a certain jurisdiction while they preserve the company's culture and values no matter where they are doing business. Effective risk management is highly dependent on the company's success in doing both.

A strong compliance programme allows people to identify when boundaries are crossed, alert management and respond to breaches appropriately. This is certainly a challenge in every jurisdiction and no less in a changing environment such as Brazil. Brazilian laws and case law have not provided much guidance so far with respect to the satisfactory content of compliance and ethics programmes.

Antitrust regulators tried unsuccessfully to introduce a certified compliance programme in 2004. More recently, compliance programmes have gained a lot of attention in light of the recent Anti-Bribery Law, enacted in the midst of the protests of 2013 and which came into force on 29 January 2014.

The new Anti-Bribery Law establishes that an effective compliance programme will be taken into account for the purpose of the reducing penalties in the case of convictions. The minimum standards for the compliance programme to be considered eligible for the penalty reduction are subject to further regulation. A draft of the bill regulation is under the analysis in the President's Executive Office and is expected to be enacted soon. The new regulation should establish, pursuant to a public statement made by the Head of the Office of the Comptroller General (CGU), relate both to the structure of the compliance programme and to the effectiveness of its implementation.

With respect to the structure of the programme, the minimum requirements are likely to include, according to the statement of the Head of the CGU: (i) commitment and support of the senior management of the company; (ii) standard policies of behaviour and ethics; (iii) periodic training sessions of employees and executives; (iv) periodic risk assessment; (v) creation of hotlines for reporting breaches; (vi) monitoring and enforcement of internal controls and compliance policies; (vii) enforcement of disciplinary measures in case of breach; (viii) analysis and monitoring of third-party reputation; and (ix) transparency of donations to candidates and political parties.

In regard to the effectiveness of the programme, the minimum requirements are likely to include, according to the statement of the Head of the CGU: (i) prompt and spontaneous communication of the violation to the public administration; (ii) dismissal of the involved employees in the violation before the notification of the public authority; and (iii) evidence of no involvement, awareness or tolerance of the senior management of the violation.

The Head of the CGU reported that the size of the company and number of employees will also be taken into consideration when analysing the compliance programme. The draft bill is reported to include a reduction of two-thirds of the administrative fine.

Until further guidance is provided, companies are left on their own to design, implement and enforce effective compliance programmes in Brazil.

There are several elements that contribute to the success of an effective compliance programme. The first and more important is the commitment and full cooperation of the senior management of the company in its design, implementation, supervising and maintenance.

Another key element is the appointment of the right person or group of people to be accountable for the implementation and monitoring of the compliance programme. It is highly advisable that this job is handed to a senior executive or group of executives (in this case, the compliance committee), with total independence and authority, full access to the senior management and deep knowledge about the internal structure of the company. The executive or group of executives must be in a position to hold confidentiality of the suspicious activities reported to them.

Compliance programmes must be tailored to the specific needs of each company and their business activity. This is particularly true for antitrust compliance programmes, which have to take into account the market structure and, most importantly, common business practices of the industry.

Compliance programmes must, above all, be simple and understandable, to employees across all areas and hierarchy levels of the company.

An effective compliance programme must be capable of educating and training executives and employees about risks that they and the company are exposed to. For that purpose, the programme must rely on presentations and seminars that must include real-life situations instead of only theoretical examples. The materials may include videos, online training sessions, workshops and other activities that trigger the interest of people in the subject matter. Commonly, employees are tested after trainings and grades are considered in their professional evaluations.

Mechanisms of internal communications also must be established to allow the immediate reporting of suspicious activities to the compliance officer or committee. Confidentiality and anonymity is absolutely crucial for the success of the instrument. Disciplinary mechanisms must be created and duly implemented across the entire company, irrespective of the hierarchy level of the individuals involved.

A regular and periodic monitoring of the compliance programme is of vital importance to the programme's success. Identified violations must be immediately fixed. Periodical external audits are helpful for that purpose. The programme must be periodically revised and updated in accordance with the authorities' latest findings.

An effective programme must also establish a document retention policy, which takes into account obligations provided by tax and commercial laws and clearly instructs people not to destroy them.

Last but not least, a strong compliance programme must cover all areas to which the company is exposed, ranging from corporate governance to environmental laws, from tax regulations to money laundering, from bribery and corruption to antitrust.

Compliance and ethical behaviour may be the only adequate response to the local demand for a revised way of doing business in Brazil. When boundaries are crossed, companies have a lot at stake: reputation, brand, stock. But also their values. Compliance programmes can be an alarm bell and give senior management the opportunity to respond properly before things get worse. Companies should be attentive to the message that the regulation is sending and act accordingly.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.