Italy: A White-Collar Crime Overview

The Cornerstone of Italy’s White-Collar Enforcement Architecture

In the broader context of white-collar crime enforcement, corporate criminal compliance has become a central element of risk prevention and prosecutorial strategy in Italy. Legislative Decree 231/2001 has progressively become the cornerstone of Italy’s overall approach to white-collar crime enforcement, providing the structural foundation upon which corporate liability, compliance expectations, and prosecutorial action are built. In fact, when the decree was first introduced, its primary objective was to disrupt collusive relationships between companies and public authorities. Over time, however, the scope of corporate liability has expanded considerably, and the practical implications of this regulatory evolution are now fully evident.

Today, the assessment of organisational responsibility extends across a broad range of interconnected compliance areas, including:

• market abuse;
• workplace safety;
• tax risk governance;
• whistleblowing systems;
• anti-money laundering controls;
• digital transaction monitoring;
• labour outsourcing oversight; and
• emerging integrity expectations linked to ESG standards.

As a direct consequence of this expansion, Decree 231 now operates within an increasingly complex regulatory ecosystem in which internal controls, supplier governance and operational supervision play a decisive role in evaluating corporate diligence.

From Discretion to Obligation: The New Enforcement Paradigm

At the same time, significant jurisprudential developments have recently reshaped the enforcement landscape. Foremost among them is the affirmation by Italian courts of a mandatory duty for prosecutors to initiate proceedings under Decree 231 whenever the factual and legal prerequisites for corporate liability are satisfied - a principle that, while conceptually straightforward, represents a profound shift in practice. Action against the company is therefore no longer viewed as discretionary, but as a structurally necessary component of criminal enforcement. This interpretation marks a clear departure from past practice, where the application of Decree 231 was often uneven and fragmented, and the involvement of legal entities was sometimes treated as merely ancillary to proceedings against individuals.

The mandatory nature of such action does not stem from the constitutional principle governing criminal prosecution, but from the intrinsic normative structure of Decree 231 itself, which requires a full, consistent application without room for selective or opportunistic enforcement. This approach strengthens the preventive function of compliance programmes, promotes more uniform protection of business legality, and reinforces the central role of corporate liability as a key instrument in Italy’s fight against economic crime.

The Evolving Concept of Organisational Fault

A particularly relevant trend concerns the evolving judicial interpretation of “organisational fault” (colpa di organizzazione). Italian courts have progressively abandoned the assumption that the mere occurrence of a predicate offence automatically demonstrates the inadequacy of a compliance model adopted pursuant to Legislative Decree 231/2001. This shift carries significant practical consequences. Companies are increasingly required to show that preventive safeguards were not only formally adopted, but also effectively implemented, clearly allocated to identifiable and accountable roles, consistently documented, and supported by genuine procedural discipline.

Building on this evolution, enforcement authorities are now adopting a more granular and fact-sensitive approach to corporate compliance. The key question is no longer simply whether a 231 model existed, but whether specific controls were realistically capable of operating effectively at the time of the alleged misconduct. In line with this perspective, enforcement priorities have shifted toward assessing the actual operability of compliance programmes, with particular emphasis on traceability, decision-making accountability and the ability to react promptly when irregularities arise.

This execution-focused philosophy is now evident across multiple regulatory domains. In detail, whistleblowing frameworks are expected to ensure genuine accessibility and confidentiality, as well as the capacity to activate swift, independent escalation processes, rather than functioning merely as formal reporting channels.

Likewise, workplace safety supervision is increasingly scrutinised within 231 assessments, particularly in contractor-intensive operations where oversight responsibilities appear fragmented or insufficiently documented. In a similar vein, tax-risk governance in supply chains is moving away from retrospective liability reconstruction toward:

• early anomaly detection;
• structured escalation mechanisms; and
• auditable ownership of control.

More broadly, in a business environment characterised by long, interconnected operational chains, corporate integrity is no longer examined solely within the confines of individual entities. Judicial and regulatory scrutiny now extends across broader execution networks that:

• deliver services;
• transfer funds;
• manage labour; and
• support outsourced activities.

Procurement structures, digital payment channels, subcontractor oversight and supply-chain processes are often considered integral components of the compliance assessment.

From Punitive Enforcement to Preventive Partnership

These developments signal a broader transformation in Italy’s approach to white-collar crime. The traditional focus on post-factum sanctioning is gradually giving way to a model centred on prevention, early intervention, and responsible corporate governance. Authorities are increasingly encouraging companies to act as active partners in identifying and addressing risks, rather than viewing enforcement solely as a retrospective punitive exercise.

In this environment, the publication of the report prepared by the Ministerial Commission for the reform of Legislative Decree No. 231/2001 has introduced a wide range of proposed amendments aimed at modernising the system and strengthening its preventive function. Among the most significant innovations is the envisaged introduction of a mechanism for the extinction of the offence based on a model similar to probation, designed to operate as an alternative to instruments such as non-prosecution or deferred prosecution agreements. These proposals reflect a growing emphasis on remediation, cooperation and structured compliance improvements as key responses to corporate misconduct.

Supply Chains Under Scrutiny, with a Spotlight on the Fashion Industry

Alongside liability under Decree 231, the use of preventive judicial measures under Legislative Decree 159/2011 (the Antimafia Code) is becoming increasingly prominent in corporate contexts. The most consequential instrument remains judicial administration under Article 34 of the Antimafia Code, which allows a court-appointed administrator to temporarily assume management powers over a company when organisational weaknesses are deemed to have negligently facilitated external criminal conduct.

These measures operate on a different conceptual basis from corporate liability under Decree 231/2001. While organisational fault under Decree 231 presupposes that a predicate offence has been committed by individuals belonging to the company’s own organisational structure, the preventive regime under Legislative Decree 159/2011 can be triggered even when the underlying offences are committed by third parties external to the company, such as suppliers, subcontractors, or other participants in the supply chain. In this context, the relevant assessment is not whether the company enabled an internal offence, but whether its control and governance systems were inadequate to prevent or promptly address risks generated by external counterparties.

The market increasingly views the application of these measures not as proof of guilt, but as an indicator of structural governance deficiencies, given their immediate operational and reputational consequences even in the absence of a criminal conviction. Authorities tend to resort to such measures when companies are perceived to:

• have failed to detect anomalies;
• escalate concerns rapidly and confidentially;
• preserve evidence; or
• remediate issues independently and promptly, even where the underlying misconduct was entirely attributable to external partners.

The impact of this approach is particularly evident in sectors heavily reliant on outsourced labour and extended supply chains, such as:

• logistics;
• industrial cleaning;
• manufacturing support;
• facility management;
• field services; and
• the fashion industry.

In these contexts, misconduct committed by subcontractors or upstream suppliers, such as irregular labour practices, underpayment of social contributions, undeclared work, VAT irregularities, or serious safety violations, is increasingly analysed to determine whether the client company maintained credible anomaly-detection and escalation mechanisms. This scrutiny is especially intense in the fashion sector, where multi-tier production networks, frequent subcontracting, and tight cost pressures heighten the risk of labour and compliance failures along the supply chain. Formal contractual clauses or generic monitoring provisions are no longer sufficient; authorities expect operational systems capable of identifying and addressing irregularities in practice.

Current Enforcement Priorities

Against this backdrop, investigative activity in Italy’s white-collar arena continues to intensify around a set of recurring priority areas that reflect the same execution-focused approach. Tax fraud and false invoicing schemes in supply chains remain a central concern, particularly when contractual and invoicing structures obscure the actual execution of services or the allocation of labour and financial flows. Money laundering and self-laundering offences are increasingly pursued in contexts characterised by fragmented payment channels, weak transaction ownership or insufficiently documented decision-making processes. Corruption and bribery risks are subject to heightened scrutiny in indirect procurement, licensing, and multi-layer contract execution, especially when high-risk activities are delegated to intermediaries without robust oversight mechanisms. Workplace safety violations are likewise examined as potential indicators of organisational fault whenever supervision records, contractor controls, or escalation procedures appear sporadic, inconsistent or merely formalistic.