Legal issues in risk management

Scientific Director: Prof. Stefano A. Cerrato

 In the field of the interdisciplinary research project on Risk Management launched by the Department of Management of the University of Turin, the legal approach presents many crucial issues.

Obviously, risk management is a topic of Insurance Law, where the law may provide incentives for careful risk evaluation and prevention through technological, contractual, administrative and procedural tools.

Despite the Italian legislature has paid little attention to risk management in the field of business entities, in recent years many laws and regulations require companies and entrepreneurs to adopt appropriate structures for the governance of risks, providing also for criminal penalties in cases of infringement.

The adoption of adequate organizational structure is also required for obtaining public financing (under Reg. AGCM 14 November 2012) and bank loans (under the Decree of Italian Ministry of Economy and Finance, no. 57 of 20 February 2014) for companies dealing with Public Administration.

Risk management issues involves moreover Tax law, with respect to the Co-operative Compliance procedure and its consequences on the company’s internal structure.


Publication opportunities:

The Scientific Committee might invite selected papers written in Italian to a special issue (book with peer review).

In order to encourage both academic professors and scholars, and practitioners to submit papers addressed to one or more of the abovementioned topics, the Legal issue in risk management track is divided in the following sub-tracks.


Subtrack 1: Prevent, Mitigate, Insure. Legal-economic aspects of legal and insurance tools enhancing prevention and mitigation of entrepreneurial risks

Scientific Responsible: prof. Oreste Calliano

 The working group will focus on the legal-economic modalities by which law can, by gentle nudges, stimulate careful risk evaluation and prevention through not only technologic, but also contractual, administrative and procedural interventions.

A first category is made up of liability limitation terms connected with lacking preventive interventions, or liability exclusion or non-insurability terms connected with excessively risky behaviours (professional activities, excessively risky health practices).

A second category is connected with behavioural standards and prevention procedures imposed in some sectors (health, safety at work, food production) or suggested by diligence standards (state of the art in professional activities), which are stimulated by insurable risk evaluations and possible insurance premium reductions (case of the recent Gelli Act on health structure insurance).

A third category is connected with new risks deriving from the introduction of technologies whose effects are not perfectly known, and there are no reliable historical records about, even on a transnational scale. Among them, certain new cyber risks (digital identity violation, cyber-attacks directed at extortion), use of drones for civil objectives (for which both the European and the Italian legislator have foreseen compulsory insurance, which however is scarcely used), risks connected with package holidays for which the recent Directive 2015/2302/EU requires adequate insurance against lack of conformity and damages caused to travellers.

A last kind of examples is provided by activities of both private and public enterprises which can constitute criminal offence under the Italian Legislative Decree 231/ 2021, aimed at risk prevention and mitigation; on this matter, an interesting tool enhancing prevention and mitigation of such risks is offered by the recent legislation on whistle-blowing, directed at contrasting corruption in public administration.


Subtrack 2: How corporations can face with risk: civil and criminal perspective in corporate risk management

Scientific Responsible: Prof. Stefano A. Cerrato

 Since 2001, the Italian legal system has in fact implemented a mechanism of direct criminal liability of the company for all those offenses attributable to its corporate officers (see Legislative Decree no. 231/2001); the only exemption to such a system is the adoption of an adequate organizational structure in relation to the prevention of offences (i.e. Model 231) that has to be supervised by a special body (i.e. ODV) .

In recent years, both public authorities (i.e. Banca d’Italia, IVASS) and the legislature started to enhance the legal environment of entrepreneurs and companies with new rules on risk management: to prevent risks in banking (circolare Banca d’Italia n. 285/2013) and insurance activities (ISVAP regulation no. 20/2008); to prevent any threats to the independence of statutory auditors (art. 10, legislative decree no. 39/2010); to prevent  workplace illness and injury (legislative decree 81/2008); to protect privacy (EU Regulation no. 2016/679); to ensure the respect of anti-bribery laws (legislative decree no. 231/2007). Bankruptcy law seems to be the next field of risk management rules (see the draft proposals for the new Italian bankruptcy law).

In this context, the call for papers is open to professors and scholars who desire to contribute to the study – including from a comparative perspective – of such above matters, that are still problematic.


Subtrack 3: Risk management and tax consequences: from “Enhanced relationship” to “co-operative compliance”

Scientific Responsible: Prof. Giuseppe Vanz

The research field will include the consequences, in terms of “risk management”, of the tax regimes under the “Co-operative compliance”, regarding the possibility of reaching an agreement with the Tax Administration regarding the treatment of facts which could lead to a potential tax risk. This would require prior and continuous communication, including the possibility of advancing the tax audit.

Since the 2013 OECD recommendation (“Co-operative Compliance: a Framework”), many countries have introduced a specific legislation on this topic. In Italy, for example, the Legislative Decree n. 128/2015, concerning the so-called “adempimento collaborativo”, has entered into force.

Within this panel we encourage the submission of contributions addressing the following subjects:

  • Co-operative compliance models and their implementation in EU countries;
  • The Italian implementation of the so-called “adempimento collaborativo”. Analysis of the Legislative Decree n. 128/2015.


Subtrack 4: Public sector integrity risk management: public procurement sector

Scientific Responsible: Prof. Gabriella M. Racca

Risk assessment and management remains as an important risk-treatment tool in the public sector. Although the public risk-treatment procedures have traditionally been used in providing inputs for public decision making; the increasing struggle for efficiency and the call for reducing wastes and expenses have pushed the public regulators to re-think and enhance the use of these procedures. Resultantly, the public risk-management now appears to be one of the fundamental ways by which the Government meets the citizens’ expectations of balancing various interests while pursuing the public interest with efficiency and integrity.

The risk-treatment process is an essential element in the promotion of public interest. It is as one of the requisites for a legitimate public action/decision; hence, an adequate and innovative forms of public risk-management that is designed to specifically address the pending risks in the public administrations is an urgent need.

The panel aims at including an integrity risk-assessment in public procurement since it is one of the most affected areas by corruption in the public sector. Public procurement involves a relevant amount of resources involved, albeit, a very limited opportunity for professionalism within contracting authorities. The fight against corruption in public procurement requires the use of preventing mechanisms such as the risk-assessment and management. The panel covers the integrity risk-assessment review in the four main pillars of public procurement fabric, i.e. legal framework, both the institutional and operational capacity, and the integrity mechanisms.

A sound legal framework addresses the issues on fragmentation and incoherence, weak enforceability, and the lack of legal certainty on the part of prospective bidders. Integrity risk-assessment is used to simplify the legal framework, thereby, stimulate efficiency by reducing burdensome, uncertain and obscure legal provisions. This process also allows for a comparison of the institutional capacities among contracting authorities in performing public procurement, and the possible introduction of joint purchasing arrangements and framework agreements.

The goal for integrity public sector management is to improve both the integrity and the best value for money. Since best value for money is a predictable outcome of an efficient, sound and coherent public procurement system, any risk-treatment process should aim at submitting all the main components of the public procurement system to analysis and integrity-check. Indeed, by following this path, the integrity in public procurement may be guaranteed through a regular conduct of risk assessment with analysis of the symptoms of corruption within public tenders (a.k.a. “risk-assessment process”), while installing a better safeguard mechanism for public procurement integrity through the development of “time tools” and tender documents (a.k.a. “risk-management process”). These tools may likewise include risk-indicator systems such as red-flags. This process (“risk assessment and management”) must be carried on throughout the entire public procurement cycle. It must address the risk to integrity in the execution phase by developing contractual tools – such as integrity pacts; and, for purposes of fighting corruption, it must also be implemented in the later stage of the public contracts with the engagement of the citizens, losing bidders and public authorities. These areas, among others, are some of the opportunities for further study to elevate the discussion of the outcomes of any research on this sector.