{"id":29686,"date":"2025-10-13T15:03:59","date_gmt":"2025-10-13T13:03:59","guid":{"rendered":"https:\/\/it.andersen.com\/?p=29686"},"modified":"2025-10-14T15:10:29","modified_gmt":"2025-10-14T13:10:29","slug":"compliance-risk-management-compliance-in-corporate-groups","status":"publish","type":"post","link":"https:\/\/it.andersen.com\/en\/compliance-risk-management-compliance-in-corporate-groups\/","title":{"rendered":"Compliance &amp; Risk Management &#8211; Compliance in corporate groups"},"content":{"rendered":"<p>In this second edition of the <strong>Compliance &amp; Risk Management<\/strong> Newsletter, professionals of Andersen&#8217;s <strong>231\/Privacy<\/strong> Service Line have explored the topic of <strong>compliance in corporate groups<\/strong> in the areas of 231, Privacy &amp; Risk Management in order to highlight the increasingly importance for companies to adopt appropriate measures to reduce risks, thereby improving their <strong>governance<\/strong>.<\/p>\n<h2>231 Liability in Corporate Groups: who is responsible for what?<\/h2>\n<p>The issue of <strong>liability under Legislative Decree 231\/2001<\/strong> <strong>in corporate groups<\/strong> raises a central question: liability is always individual and falls on the single company, not on the group.<\/p>\n<p>However, in practice, group dynamics can make the assessment of liability more complex. In cases of <strong>direction and coordination<\/strong>, for example, guidelines from the parent company may affect the operational decisions of subsidiaries, with possible implications for the attribution of liability.<\/p>\n<p>For this reason, it is essential that each company\u2014both parent and subsidiaries\u2014adopts its own 231 Compliance Model, tailored to its specific operations and actual risks, while ensuring coordination with group policies. Only in this way is it possible to guarantee effective governance and limit exposure to criminal and reputational risks.<\/p>\n<h2>The transfer of personal data outside the EU: the importance of monitoring third parties<\/h2>\n<p>In the field of data protection, the presence of transnational corporate groups translates into the daily transfer of personal data, also to countries outside the European Union. If not GDPR compliant, the transfer of data outside the EU can pose <strong>significant risks in terms of regulatory compliance, corporate reputation and stakeholder trust<\/strong>.<\/p>\n<p>In particular, the involvement of <strong>third parties<\/strong> in data transfers, especially cloud providers, requires <strong>constant monitoring of the supply chain,<\/strong> also to avoid penalties.<\/p>\n<p>This translates operationally into identifying third parties and conducting periodic <strong>audits<\/strong> to verify the adoption of appropriate technical and organizational measures and compliance with contractual obligations<\/p>\n<h2>The importance of the Tax Control Framework as a tool for mitigating tax risks<\/h2>\n<p>In a context of regulatory uncertainty and increasing organisational complexity, the <strong>Tax Control Framework<\/strong> (TCF) represents a valuable tool for mitigating <strong>tax risk<\/strong> within corporate groups, while at the same time enabling the establishment of a preventive and transparent dialogue with the tax authorities.<\/p>\n<p>The advantages of a control system that combines the 231\/2001 Organisation and Management Model with the TCF are not to be overlooked. An <strong>integrated system<\/strong> of internal controls and procedures makes it possible to monitor not only tax issues but also compliance in a broad sense.<\/p>\n<p>The TCF is thus not merely a regulatory requirement but a governance tool that builds risk awareness, identifies strengths and weaknesses and helps mitigate financial and reputational impacts, <strong>reinforcing tax sustainability and business profitability<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this second edition of the Compliance &amp; Risk Management Newsletter, professionals of Andersen&#8217;s 231\/Privacy Service Line have explored the topic of compliance in corporate groups in the areas of 231, Privacy &amp; Risk Management in order to highlight the increasingly importance for companies to adopt appropriate measures to reduce risks, thereby improving their governance. [&hellip;]<\/p>\n","protected":false},"author":125,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"_links":{"self":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/29686"}],"collection":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/users\/125"}],"replies":[{"embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/comments?post=29686"}],"version-history":[{"count":1,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/29686\/revisions"}],"predecessor-version":[{"id":29687,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/29686\/revisions\/29687"}],"wp:attachment":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/media?parent=29686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/categories?post=29686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/tags?post=29686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}