Peru: Prevention model guidelines - practical recommendations

In brief

On 31 March 2021, Resolution SMV No. 06-2021-SMV/01 was published in the newspaper El Peruano, through which the Superintendency of the Stock Market (SMV in Spanish) approved the 'Guidelines for the Implementation and Operation of the Prevention Model' (hereon, "Guidelines").

The Guidelines establish the rules that, voluntarily and referentially, legal persons may follow for the design, implementation and operation of their prevention models, in line with the provisions of Law No. 30424, which regulates the administrative responsibility of legal persons (hereon, "Law") and its regulations[1]. Let us recall that, in accordance with the provisions of the Law, legal persons who employ an appropriate prevention model may be exempted from liability in the event a crime is committed for their benefit.


The Guidelines are approved after two preliminary versions (projects) issued in 2019 and 2020, which were brought to the attention of the citizens for their comments. While those preliminary documents provided guidelines on how to implement prevention models, we would like to emphasize that the Guidelines have a more practical approach, providing examples of what actions to take. In this alert, we include the Guidelines' main points.

As a presupposition of an ideal prevention model, the Guidelines refer to the commitment, leadership and firm support of the governing body, stating that it might manifest itself in: (i) the adoption of the zero tolerance policy regarding corruption; (ii) the active participation (as participants or speakers) in training; (iii) the allocation of budgetary funds for the purchase of technological equipment and/or materials to ensure the operation of the prevention model; and (iii) the creation of incentives to ensure compliance with the above model.

As for the minimum elements that a prevention model must have to be considered adequate, the Guidelines contain a reference list of actions for implementation, the main ones being the following:

Minimum elements


Identification, assessment and mitigation of risks

Preliminary stage: Designate a person (employee or external advisor) who will be in charge of the implementation (support: employment contract or service provision); identify processes/areas whose management through the prevention model is necessary, approve road map or risk identification and management policy.

Risk identification:

  • Identify internal and external factors that impact risk identification: business model, economic sector, and regulatory environment, as well as interaction with public officials (frequency and modality).
  • Establish appropriate methodology (brainstorming, surveys and interviews).
  • Identify activities, operations, processes, and/or areas with greater exposure to risks (use of petty cash, gifts and attention, donations, payment of commissions).

Risk assessment:

  • Establish methodologies that allow the analysis of the causes of risk generators and consequences of their materialization.
  • Develop a database or catalog of crime risks.
  • Make estimates (qualitative or quantitative) of the magnitude of risks, based on the knowledge and experience of experts and industry experiences.
  • Develop risk matrix, risk map or heat map.

Risk mitigation:

  • For each prioritized risk, establish control (s) to apply. Ensure that the risk is reduced to a tolerable level.
  • Establish preventive, detection and corrective controls. These may be financial (prohibition of use of cash) or non-financial (due diligence).
  • Evaluate effectiveness of controls: execute periodic self-evaluations, compliance audits and improvement of controls.

Prevention officer

  • Knowledge of the organization: critical and/or key processes, of the economic sector, of business partners and stakeholders
  • Experience: academic background, work experience and leadership
  • Economic and moral solvency (not having a judicial or police record, not exercising office in a public entity, state company or political party that could generate conflicts of interest, not being on the OFAC sanctions list or similar)

Complaints procedure

Complaints channel:

  • Implement complaints channel (virtual or face-to-face) that allows proper numbering, registration and classification.
  • Designate a person (employee or external) or internal body responsible for the complaints channel and for conducting internal investigations.
  • Ensure the proper handling of the complainant's personal data.

Policies or incentive scheme: economic (promotions, bonuses, training, etc.) or dissuasive (publication of disciplinary measures or sanctions)

Internal investigation procedures:

  • Establish methods for conducting internal investigations, including mechanisms for collecting evidence (statements, interviews).
  • Be cautious about the impartiality of the person in charge of the investigation (conduct due diligence to rule out possible conflicts of interest).
  • Implement a security system of the information collected (use software with licenses or secured physical spaces).

Application of disciplinary measures:

  • Appoint a disciplinary officer.
  • Establish a catalog of violations, disciplinary measures and applicable sanctions, as well as mechanisms for recording and monitoring compliance with rules.

Dissemination and regular training


  • Conduct trainings for all staff and for those areas or collaborators exposed to risks, including business partners, as appropriate.
  • Monitor the media (number of accesses to available resources) and training plans (continuous monitoring).
  • Evaluate the effectiveness of dissemination and training policies (evaluations, interviews, surveys).
  • Provide a guidance and consultation channel on the prevention model.

Continuous evaluation and monitoring

  • Conduct monitoring and/or periodic supervision of the effectiveness of the model (internal or external audits, formation of monitoring committees).
  • Evaluate staff in relation to compliance with the prevention model (establish performance indicators).
  • Oversee improvements derived from the analysis of experiences (updating and/or incorporation of controls) and communication to the rest of the company (feedback meetings, publications).


In addition to referring to the minimum elements, the Guidelines emphasize the importance of carrying out due diligence processes, specifying that this must not only be done before the contractual relationship, but whenever necessary (e.g., if an event or piece of news that involves such persons arises). Likewise, this must be done if a legal person wishes to develop new activities, introduce new products or services to the market and make use of new technologies, among others.

Finally ,the Guidelines, like the regulation, highlight the importance of keeping evidence (mainly documentary) of the actions carried out in order to prove to the SMV that the prevention model is adequate and can be used to mitigate risks faced by the legal person.

You can find the full text of the Guidelines here.

We trust that this information is relevant to you and your company. If you require a deeper understanding of the topic, do not hesitate to contact us.

LOGO_Peru Estudio Echecopar_Lima

Estudio Echecopar is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner or equivalent in such a law firm. Similarly, reference to an "office", means an office of any such law firm. 

Before you send e-mail to Estudio Echecopar, please be aware that your communications with us through this message will not create a lawyer-client relationship with us. Do not send us any information that you or anyone else considers to be confidential or secret unless we have first agreed to be your lawyer in the matter. Any information you send us before we agree to be your lawyers cannot be protected from disclosure.

@2021 Estudio Echecopar
All rights reserved.

No part of this publication may be reproduced in any form or by any means without the written permission of Estudio Echecopar.

Copyright © 2022 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.