Open navigation
Search
Search

Civil Liability of Directors of a Corporation due to Compliance Program Failure

13 Jul 2026 International 8 min read

Introduction

This article examines the potential civil liability of directors of a stock corporation arising from the defective design or implementation of a Crime Prevention Model (CPM). Under Chilean law, directors’ fiduciary duties are governed by Article 41 of Law No. 18,046 on Stock Corporations and are traditionally grouped into two obligations: duty of care and duty of loyalty. 

Duty of care requires directors to apply the diligence that persons ordinarily employ in managing their own affairs. Its scope has expanded significantly in recent years. What was once a purely commercial concern now encompasses compliance with integrity standards, most notably those embedded in Law No. 20,393 on Criminal Liability of Legal Entities (CLLEA), as reformed by Law No. 21,595 on Economic Crimes, in force since 1 September 2024. 

The gap that criminal law cannot fill

To begin with, one must understand why civil liability matters here. In the corporate sphere, governing bodies do not typically carry out criminal conduct themselves. There is a structural split between decision-making power and execution. Chilean criminal law was designed for simple, small-scale criminality and offers no authorship rule capable of capturing the offence of a director who, by abusing their position at the top of a hierarchical structure, enables criminal conduct by subordinates.  Under the traditional approach, such a director may, at most, face liability as an instigator. That form of participation is unavailable where instructions pass through intermediaries and carries no sanction for attempted instigation.

This structural limitation is compounded by the analysis offered by Frisch, who argues from a criminal law perspective that governing bodies occupy a special guarantor position. On that view, anyone exercising organisational power on a lasting basis bears a special responsibility to ensure that its exercise does not endanger third parties, and the delegation of supervisory functions does not fully discharge that obligation. 

Where criminal law fails to give adequate expression to this responsibility, civil liability steps in as a complementary mechanism to impose patrimonial consequences on directors whose neglect of compliance obligations enabled the company's criminal liability.

The reformed CLLEA and the CPM requirement

Under the reformed Article 3 of the CLLEA, a legal entity is criminally liable for offences committed within the scope of its activities by persons holding positions within it, “provided that the commission of the offence is favoured or facilitated by the lack of effective implementation of an adequate crime prevention model.” This replaces the prior reference to “duties of direction and supervision”, which was eliminated by the 2024 reform. Liability now turns on a concrete factual question – whether an effectively implemented CPM was in place.

The reformed Article 4 specifies that an adequate CPM must – proportionately to the entity's size, complexity and activities – address the following elements: identification of criminal risk processes; protocols and procedures including secure whistleblowing channels and internal sanctions; staff training; and periodic independent evaluations. Doctrine is clear that a purely formal or cosmetic programme does not suffice,  and Chilean case law has confirmed this. For example, in the Corpesca Case, the Third Oral Criminal Court of Santiago held that the adequacy of the CPM must be assessed by reference to its actual efficacy for prevention, not its mere existence, and further held that compliance culture must be set from the top of the corporate pyramid.  In the EDUCER Case, the Oral Criminal Court of Talca convicted the legal entity on the basis of the “organisational defect” model, finding that the offence was a direct consequence of the complete absence of any internal prevention measures.

Director's duty of the care and the CPM

The obligation to implement a CPM rests with the legal entity, not directly with the individual director. The central question is therefore whether oversight of that obligation falls within the director's duty of care. The answer, in our opinion, is affirmative. The director's role in setting company policy and overseeing management includes an obligation to be informed about all factors that could materially affect the company, including its legal and regulatory exposure.   A director who ignores the criminal risk dimension of the company's activities does not fulfill that obligation.

Frisch's guarantor analysis applies directly to the civil law context. A director who settles for a CPM that is formal rather than genuine, or who receives assurances of its existence without enquiring into its actual operation, fails to exercise the oversight function that defines their role. Just as delegation does not extinguish the duty to verify the delegate's performance, a director cannot discharge the duty of care by passively accepting management representations about the state of the compliance programme.

This does not mean the director must personally manage compliance operations. Their obligation is to provide oversight and policy-setting and consists of ensuring that: an adequate CPM exists; a Compliance Officer is appointed and able to perform the role effectively; the CPM is implemented and periodically reviewed; and corrective action is taken if it is not. A director who satisfies this standard will have fulfilled the duty of care for compliance. One who does not can face civil liability if the company's resulting criminal liability causes quantifiable harm to shareholders or third parties.

Conclusion

The fiduciary duties of directors of a stock corporation extend to the compliance sphere. The reformed CLLEA ties corporate criminal liability to the absence of an effectively implemented CPM, a standard that Chilean case law treats as one of practical effectiveness rather than mere existence. Given the structural limitations of criminal law discussed above, civil liability for breaches of the duty of care imposes additional personal accountability on directors who neglect their CPM oversight obligations. 

The stakes are high. Corporate criminal sanctions under the CLLEA include closure of the legal entity, prohibition on public contracting, loss of tax benefits, and fines calculated on a day-fine basis (with each day-fine valued between 5 and 5,000 Monthly Tax Units, multiplied by the number of day-fines set by law for the offence in question, an amount that can reach more than USD 100 million in the most serious cases),   which may give rise to recoverable damages for shareholders and other affected parties. 

previous page

4. German court ruling grants validity to call options for management stock ownership

next page

6. Emergency relief in shareholder disputes


Back to top Back to top
Opens in new window