National Mechanism of Anti-Corruption

Articles 30/04/2022

The Law-Decree 109-E/2021, enters into force on June 7 of 2022, and is addressed to companies, whether headquartered in Portugal or branches, with more than 50 employees. It was created as a mechanism to combat and control unfair practices and corruption.

The creation of MENAC, National Mechanism of Anti-Corruption, is a crucial part of the law-decree seeing that it is characterized by an organization aimed at supporting and supervising the new rules.

From the provisions of Law-Decree 109-E/2021, in light of what is applicable to private entities and their corporate structure, we set out the applicable rules below.


PPR – Risk Prevention Plan

The first point to be considered from the present law-decree, is the presentation of a new report, understood as Risk Prevention Plan. It must include the identification and analysis of risk that the company may have in its different sectors and the measures to be implemented to prevent them. Meaning:

  1. The entity’s areas of activity at risk of committing acts of corruption and related infractions;
  2. The probability of occurrence and the foreseeable impact of each situation, in order to allow the grading of risks;
  3. Preventive and corrective measures to reduce the probability of occurrence and the impact of identified risks and situations;
  4. In high or maximum risk situations, the most comprehensive prevention measures, with priority being given to the respective execution;
  5. The designation of the person responsible for the execution, control and review of the PPR, who may be responsible for regulatory compliance.


The company, must assign a senior management, or equivalent, responsible for the adoption and implementation of the programs mentioned below. He must have the human and technical resources necessary for the exercise of his function and will be provided with decision-making autonomy.

The elaboration of the PPR will trigger its respective control. In the month of October, of the year in which the related rules are implemented, an assessment report on the identified high or maximum risk situations must be carried out and, in the month of April of the following year, a report on the corrective measures applied.  The PPR will have to be published on a intranet or other internal platform available to all workers, within 10 days of its implementation. This report will have to be reviewed every 3 years or if there is any substantial change in the company’s structure (eg. merger, division, etc.).

  • Failure to comply with the PPR implementation is subject to an administrative offense with fines ranging from 2000.00 euros to 44,891.81 euros.
  • Failure to publish, review and communicate the PPR is subject to an administrative offense with fines from 1000.00 euros to 25,000.00 euros.


Code of Conduct

In addition to the Internal Regulations, a company covered by this decree-law must also adopt a Code of Conduct that establishes the set of principles, values and rules for the performance of managers and workers in terms of professional ethics. The same must also refer to the disciplinary sanctions corresponding to the respective infractions. For each infraction committed, a report must be made which includes the rules violated, the sanction applied and the measures to be applied. The code of conduct must be published on the company’s intranet platform available to all employees, within 10 days from the date of its implementation. The code of conduct is reviewed every three years.

  • Failure to adopt a code of conduct is subject to an administrative offense with fines ranging from 2000.00 euros to 44,891.81 euros.
  • Failure to review the code of conduct, or failure to publish it, is subject to an administrative offense with fines ranging from 1000.00 euros to 25,000.00 euros.


Internal Control System

Furthermore, the Company must also have an internal reporting channel for reporting acts of corruption and related infractions. As well as an internal control system, proportional to the size and complexity of the entity, covering the organizational plan, policies, methods, procedures and good control practices that contribute to ensuring the development of the activities of the respective system. The system aims to ensure:

  1. Compliance with and legality of the deliberations and decisions of the holders of the respective bodies;
  2. Respect for defined policies and objectives;
  3. Compliance with legal and regulatory provisions;
  4. Adequate risk management and mitigation, taking into account the PPR;
  5. Respect for the principles and values set out in the code of conduct;
  6. The prevention and detection of situations of illegality, corruption, fraud and error;
  7. Safeguarding assets;
  8. The quality, timeliness, integrity and reliability of the information;
  9. The prevention of favoritism or discriminatory practices;
  10. Appropriate mechanisms for planning, executing, reviewing, controlling and approving operations;
  11. Promotion of competition;
  12. The transparency of operations.


Prior Assessment Procedures

In its relations with third parties, whether as suppliers, customers or intermediaries, there must be an assessment by the company of the elements contained in its Effective Beneficiary Records and any other analysis that derives from its image and reputation. This assessment is set forward for the purposes of transparency and security in commercial relations, in order to eliminate conflicts of interest.

The same conflict of interest analysis must be evaluated internally, in efforts to ensure measures to eliminate any similar situation that may occur internally, which could trigger a presumption of favoritism. If any situation applicable to the matter is found, it must be reported to the higher corporate bodies for investigation and resolution. All members of the Company must sign a declaration of non-existence of conflicts of interest with regard to the:

  • Public contracting;
  • Granting of subsidies, grants or benefits;
  • Urban, environmental, commercial and industrial licensing;
  • Sanctioning procedures.

A conflict of interest is considered to be any situation in which it is possible, with reason, to seriously doubt the impartiality of the conduct or decision of the member of the management body, manager or employee.

The failure to adopt an internal control system is subject to an administrative offense with fines ranging from 2000.00 euros to 44,891.81 euros.


Internal Training

For a better understanding of the new law and its application, the company should continue to carry out internal training programs for all its managers and workers, taking into account a greater focus on areas whose risks identified in the PPR are higher. This training counts towards the continuous training plan provided by them.



It results from the provisions of article 24 of this Decree-Law:

”1 – When the infraction constitutes a curable irregularity, and there is no high degree of guilt or previous conviction for an infraction of the same nature, the administrative infraction procedure is suspended, notifying the violator to, within the established period, remedy the irregularity in which incurred…”.
If the regularity is remedied, the process cannot be reopened.

Based on the aforementioned statement, it should also be noted that the first part of the law-decree is focused on the creation of the public sector body MENAC, National Anti-Corruption Mechanism. The organization will, in the future, serve as support to companies in the implementation of the present rules, providing detailed information and an internal body for contact and answering questions resulting from the same.




The content of this information does not constitute any specific legal advice; the latter can only be given when faced with a specific case. Please contact us for any further clarification or information deemed necessary in what concerns the application of the law.


Practice Areas

  • Commercial law
  • Corporate Law