Compliance & Risk Management – Compliance in corporate groups

In this second edition of the Compliance & Risk Management Newsletter, professionals of Andersen’s 231/Privacy Service Line have explored the topic of compliance in corporate groups in the areas of 231, Privacy & Risk Management in order to highlight the increasingly importance for companies to adopt appropriate measures to reduce risks, thereby improving their governance.

231 Liability in Corporate Groups: who is responsible for what?

The issue of liability under Legislative Decree 231/2001 in corporate groups raises a central question: liability is always individual and falls on the single company, not on the group.

However, in practice, group dynamics can make the assessment of liability more complex. In cases of direction and coordination, for example, guidelines from the parent company may affect the operational decisions of subsidiaries, with possible implications for the attribution of liability.

For this reason, it is essential that each company—both parent and subsidiaries—adopts its own 231 Compliance Model, tailored to its specific operations and actual risks, while ensuring coordination with group policies. Only in this way is it possible to guarantee effective governance and limit exposure to criminal and reputational risks.

The transfer of personal data outside the EU: the importance of monitoring third parties

In the field of data protection, the presence of transnational corporate groups translates into the daily transfer of personal data, also to countries outside the European Union. If not GDPR compliant, the transfer of data outside the EU can pose significant risks in terms of regulatory compliance, corporate reputation and stakeholder trust.

In particular, the involvement of third parties in data transfers, especially cloud providers, requires constant monitoring of the supply chain, also to avoid penalties.

This translates operationally into identifying third parties and conducting periodic audits to verify the adoption of appropriate technical and organizational measures and compliance with contractual obligations

The importance of the Tax Control Framework as a tool for mitigating tax risks

In a context of regulatory uncertainty and increasing organisational complexity, the Tax Control Framework (TCF) represents a valuable tool for mitigating tax risk within corporate groups, while at the same time enabling the establishment of a preventive and transparent dialogue with the tax authorities.

The advantages of a control system that combines the 231/2001 Organisation and Management Model with the TCF are not to be overlooked. An integrated system of internal controls and procedures makes it possible to monitor not only tax issues but also compliance in a broad sense.

The TCF is thus not merely a regulatory requirement but a governance tool that builds risk awareness, identifies strengths and weaknesses and helps mitigate financial and reputational impacts, reinforcing tax sustainability and business profitability.