A Crime Prevention Model (CPM) cannot be understood as a simple supporting document. Its value lies in its concrete operability within the organization. A technically elaborated model is useless if it is not disseminated, the team is not trained, compliance is not monitored or corrections are not made when controls fail.
The effectiveness of the model does not require infallibility, but it does require evidence of serious and sustained efforts in risk management. In this sense, having clear procedures, a functional whistleblower channel and an objective and timely internal investigation of possible non-compliance is decisive.
The new law also introduces an additional requirement: periodic evaluation of the model by an independent third party. It is no longer enough to implement; it is now mandatory to submit the Crime Prevention Model (CPM) to an external review to assess its compliance with the legal standard and its adaptation to the company’s reality.
This poses new challenges for organizations:
Guarantee the independence and objectivity of the evaluator.
To have a review methodology aligned with legal requirements.
Include top management in the analysis and verify their real commitment to compliance.
In short, the Crime Prevention Model (CPM) must be a living, dynamic tool, aligned with the organizational culture and structure. What is at stake is not only the criminal liability of the legal entity, but also its ability to demonstrate ethical, preventive and reactive management of legal risks.
Effective implementation of the Crime Prevention Model: from formal compliance to actual risk management
With the entry into force of Law No. 21,595 on economic crimes, all companies face the challenge of adjusting their Crime Prevention Models (CPM) to the new legal standard. This regulation reinforces the need to have a model not only in force, but also effectively implemented.
