Effectively managing Caporalato-related supply chain risk: Senior management priorities to contain risk and liability

Part 2 of a two-part series on effectively managing Caporalato-related supply chain risk

Italy’s fight against labour exploitation in supply chains – commonly referred to as Caporalato (for an overview, see link) – is increasingly being waged in the boardroom.

What began as a focus on abusive practices at the level of farms, factories and other direct suppliers has evolved into a broader examination of corporate governance. Prosecutors are no longer looking only at what happens “on the ground”; they are now asking who, at the top of the chain, knew or should have known, and what they did about it. This shift brings senior management squarely into the spotlight. Authorities are scrutinising whether C‑suites have:

• established appropriate policies and controls  to prevent labour exploitation in their supply chains;
• ensured effective implementation and monitoring of those measures; and
• reacted adequately when red flags or indications of risk emerged.

In other words, supply-chain integrity is no longer treated as a purely operational or compliance issue. It is rapidly becoming a core governance question – and a central theme in Italian investigations into Caporalato.

This article builds on Part 1, which focused on immediate crisis response. Here, the perspective shifts to prevention and defensibility.

We explore the standards against which leadership conduct is now assessed, set out the core responsibilities required to underpin a robust governance framework, and identify the concrete steps senior leadership should take to mitigate both corporate and personal liability – through visible top-level engagement and genuinely effective delegation.

Enforcement expectations: how prosecutors assess leadership conduct

In practice, this shift in prosecutorial focus means that leadership conduct is now assessed against a much sharper set of criteria. Investigators no longer look only at what happened at the level of suppliers. They examine whether labour exploitation risks were reasonably foreseeable in light of the company’s sector, sourcing model and geographic footprint; whether governance and control systems were robust before any issues surfaced; and whether leadership acted promptly and decisively once concerns were raised.

While personal liability is not automatic, the decisions and omissions of senior management now sit at the heart of the analysis. Prosecutors and courts will, in particular, consider whether:

• Preventive systems were in place: Senior management approved, resourced and maintained systems capable of preventing and detecting labour exploitation in the supply chain.
• Systems were actively used: Those systems were not merely “on paper”, but actually used – through targeted information requests, meaningful challenge of the business and concrete action on red flags.
• Risk appetite matched compliance obligations: The organisation’s commercial strategy, pricing and sourcing decisions were genuinely compatible with its legal and ethical commitments.

Where significant gaps are identified, personal exposure becomes a real possibility. This includes liability for failure to supervise and for organisational shortcomings under Legislative Decree 231/2001. A particular risk factor is a “tick-the-box” approach to delegation: formal assignment of responsibility without visible, sustained engagement from the top. Far from offering protection, such an approach can be used to support the case that leadership failed to exercise the oversight the law expects.

Core duties for supply chain risk governance

To build a defensible position against regulatory scrutiny, senior management are responsible for embedding five core duties into the organisation’s governance framework:

1. Strategic direction: Senior management must define and formalise the organisation’s risk appetite for labour-related supply chain issues. This involves setting clear boundaries for subcontracting, establishing conditions for sourcing from high-risk jurisdictions, and defining mandatory safeguards to ensure compliance prevails over cost or speed. These principles must be embedded in governance documents, strategic planning, and incentive structures. For example, if sourcing from a region with known exploitation risks, leadership must require enhanced audits and specific contractual clauses as a condition for approval.
2. Governance architecture: They must approve and maintain a governance framework that clearly allocates responsibilities across the board, its committees, and key functions such as procurement, compliance, and audit. Policies for supplier onboarding, risk classification, due diligence, whistleblowing, and remediation must be explicitly endorsed at the highest level. The mandate and reporting lines for the Model 231 supervisory body must also be clearly defined and periodically reviewed to ensure their effectiveness.
3. Active oversight and decision-making: Senior management must actively use the governance framework by reviewing significant incident reports, challenging optimistic narratives, and ensuring that serious concerns are escalated and addressed. Decisions with significant legal or reputational impact – such as retaining or terminating high-risk suppliers, altering sourcing models, or issuing public statements – must be made or ratified at the senior level. Every such decision must be documented, outlining the options considered, the risk assessments performed, and the final rationale.
4. Effective delegation and operational controls: While operational tasks can be delegated, leadership is responsible for ensuring the systems being delegated to are robust and consistently monitored. They must verify the implementation of risk-based supplier management, clear escalation protocols, and consolidated reporting across functions. Furthermore, leadership must ensure supplier contracts provide effective leverage through enforceable clauses on labour compliance, transparency into subcontracting, and mandatory cooperation with audits.
5. Documentation and defensibility: Comprehensive documentation is essential for demonstrating compliance under scrutiny. Senior management must ensure the company maintains systematic records of risk assessments, supplier audits, and key decisions, integrating these processes directly into its Model 231 compliance programme. Commissioning independent reviews of both the design and the operational effectiveness of these systems can further strengthen the company’s credibility and create a more defensible position.
6. Executive self assessment: Senior management can test the defensibility of their current governance by asking the following questions. The goal is not just to answer “yes”, but to be able to point to specific documents, meeting minutes, and records that provide the evidence:

• Risk visibility: Do we have a clear, documented view of the parts of our supply chain with the highest labour exploitation risk, and is this view regularly reviewed at the most senior levels?
• Risk appetite in practice: Can we identify specific decisions where our stated risk appetite led us to reject or reshape a sourcing opportunity, even at a commercial disadvantage?
• Active oversight: Is there a recent, documented example of a serious supply chain concern being escalated to senior management, challenged, and followed by concrete remedial action?
• Substance over formality: Are our high-risk suppliers systematically identified and monitored in a way that generates reliable findings, rather than just evidence of formal compliance?
• Critical supplier dependency: Where the business is highly dependent on a key supplier, have we assessed the resulting risk concentration and proactively explored alternative, Caporalato-compliant sourcing scenarios?
• Internal and external coherence: Do our Model 231 framework, contractual arrangements, and external statements on labour standards form a consistent, evidence-based whole?
• Burden of proof: If challenged, is our documentation sufficient to meet the burden of proof that will fall on us – to demonstrate that key decisions on high-risk suppliers were informed, made in the company’s best interests, and free from conflicts?

The ability to answer these questions affirmatively with specific, documented evidence is fundamental to improving the position of both the company and its leadership should Caporalato-related issues ever come under scrutiny.

Conclusion

Ultimately, managing Caporalato-related supply chain risk is a defining test of corporate governance and leadership accountability. It requires senior management to build a clear, evidence-based record of proactive control and informed decision-making. Demonstrable commitment to this approach not only protects themselves and the organisation from significant regulatory and financial consequences but also establishes a more resilient and ethical supply chain. This ensures leadership's responsibility is proven through consistent action, rather than being questioned in a crisis.

As trusted advisors, we support clients end-to-end and internationally – from preventative risk management and boardroom governance, through regulatory engagement and cross-border investigations, to defence in enforcement and litigation matters. Our extensive experience in risk and crisis management enables us to guide organisations through high-stakes situations swiftly and strategically.

To discuss how these challenges may affect your specific circumstances, we invite you to contact us.