In this Compliance Newsletter, you will find:
- CGU updates the Corporate Liability Manual
- CGU Releases new Leniency Guide and reinforces regulatory agenda
- PCC and CV designated as terrorist organizations by the U.S. Government: what changes for compliance in brazilian companies?
CGU updates the Corporate Liability Manual: greater predictability in the application of the Anti-Corruption Law
On June 30, the Office of the Comptroller General (“CGU”) released the 3rd edition of the Corporate Liability Manual (“Manual”), a technical document prepared by the Department of Private Integrity (SIPRI). The Manual provides guidance to investigative committees, adjudicating authorities, and legal practitioners on the application of Law No. 12,846/2013 (Brazilian Anti-Corruption Law). This new edition updates and supersedes the previous version, published in 2022.
From a practical standpoint, the most relevant changes concern the calculation of penalties. The Manual now establishes clearer parameters for determining aggravating and mitigating circumstances, calculating illicit advantages, and estimating the revenue of companies that fail to provide accounting information— a gap that has historically generated created considerable uncertainty in Administrative Liability Proceedings (“PAR”).
Also noteworthy is the incorporation of the Commitment Term, an instrument regulated by CGU Normative Ordinance No. 155/2024. This mechanism allows companies to acknowledge responsibility and cooperate with the public administration without waiting for the conclusion of the PAR, serving as an intermediate alternative between negotiating a formal leniency agreement and pursuing full administrative litigation.
The new edition also incorporates CGU Administrative Statements published in 2025, offering readers with with insight into how CGU has interpreted certain issues. Among these is SIPRI/CGU Statement No. 2/2025, which broadens the concept of undue advantage to include benefits of any nature — material, intangible, moral, political, or sexual — regardless of economic value. This interpretive expansion has direct implications for risk mapping in corporate Integrity Programs, particularly for companies that frequently interact with public authorities.
Finally, the Manual has been aligned with Decree No. 11,129/2022 and the New Public Procurement Law (Law No. 14,133/2021), ensuring consistency between the administrative liability regime applicable to legal entities and the current regulatory framework. For companies operating within public procurement chains, reviewing the updated Manual is essential to the continuous improvement of their Integrity Programs.
Integrity Day: CGU launches new Leniency Guide and reinforces regulatory agenda
On the same occasion as the Manual’s release, CGU held another edition of Corporate Integrity Day — an event that gathered government authorities, private sector representatives, academics, and specialists to discuss issues related to Brazil’s anti-corruption agenda.
The highlight of the event was the launch of the updated Anti-Corruption Leniency Program Guide. The new guide incorporates changes introduced by Interministerial Normative Ordinance CGU/AGU No. 1/2025 and consolidates—into a single technical reference—the rules and steps applicable to leniency agreements under the Anti-Corruption Law. Notable improvements include the adoption of more objective criteria for determining penalties and strengthening coordination mechanisms between institutions, aiming to prevent double jeopardy for the same conduct (a longstanding criticism of the Brazilian leniency model) and to provide greater legal certainty.
CGU also introduced the Anti-Corruption Law and Private Integrity Data Dashboard, a public transparency tool consolidating information on Pró-Ética, Pacto Brasil, PARs, and leniency agreements in a centralized platform. This initiative provides an overview of anti-corruption enforcement in Brazil and offers valuable data for both corporate risk management and benchmarking of Integrity Programs.
The event concluded with the award ceremony for the Pro-Integrity Company Program 2025–2026, recognizing organizations with effective Integrity Programs, and the announcement of a public consultation on proposed regulations regarding the disregard of legal entity personality in administrative liability proceedings — a highly relevant issue for enterprise groups with complex corporate structures.
Overall, these initiatives signal that CGU continues to move toward institutional consolidation: more tools, greater objectivity in sanctions, and increasing transparency in enforcement. For compliance professionals, the message is clear — Brazilian authorities are enhancing their enforcement capacity, and Integrity Programs that fail to keep pace will become progressively more vulnerable.
PCC and CV designated as Terrorist Organizations by the U.S. Government: What Changes for Brazilian Companies’ Compliance?
In May 2026, the United States Government (“U.S.”) designated the First Capital Command (Primeiro Comando da Capital, “PCC”) and Red Command (Comando Vermelho, “CV”) as Foreign Terrorist Organizations (FTOs) and as Specially Designated Global Terrorists (SDGTs), including both groups in the Specially Designated Nationals and Blocked Persons (SDN) list administered by the Office of Foreign Assets Control (OFAC). This unilateral measure does not alter Brazilian law, but its implications for companies with international exposure are immediate and significant.
The designation triggers two distinct legal regimes. The first involves economic sanctions, enforced through Executive Order 13224, which prohibits U.S. persons (i.e., entities incorporated under U.S. law, U.S. citizens and residents, and any individual located in U.S. territory) from engaging in transactions with SDGTs or with entities owned 50% or more, directly or indirectly, by one or more SDGTs. The second is criminal enforcement under the Anti-Terrorism and Effective Death Penalty Act (AEDPA), which criminalizes the knowing provision of “material support” to an FTO, with explicit extraterritorial reach. A landmark example is Lafarge S.A., which in 2022 agreed to pay approximately USD 780 million to the U.S. Department of Justice for repeatedly providing resources to an FTO to maintain operations in a conflict zone in Syria.
For Brazilian companies, exposure does not require operations within the U.S. Payments processed through U.S. correspondent banks, the use of U.S.-based technology or services, or the involvement of U.S. persons in local transactions are sufficient to trigger AEDPA enforcement—provided that the company had knowledge, even inferred from circumstantial evidence, that the beneficiary was an FTO or an entity owned, controlled, or associated with an FTO.
From a compliance perspective, appropriate responses include revising third-party due diligence policies (and internal sanctions compliance policies, where applicable), including contractual clauses protecting against ties to designated organizations, reinforcing whistleblowing channels, and reclassifying risk profiles of certain supplier categories. For example, experience in Mexico revealed significant exposure in security and maintenance service providers. This is an emerging issue, enforcement trends are evolving, and proper calibration of these controls requires case-by-case analysis.