‍

The public tendering landscape in Brazil has long been a subject of debate concerning efficiency and transparency, as well as, unfortunately, the persistence of corrupt practices. The relentless pursuit of a more honest, competitive, and ethical environment has culminated in a significant regulatory shift in recent years, driven by Law #14,133/2021, the New Tendering and Administrative Contracts Act. This legislation, which replaced the previous Law #8,666/93, Law #10,520/2002, and Law #12,462/2011, introduced a series of innovations. A key innovation is the formal requirement and incentive for the implementation and maintenance of integrity and compliance programs by companies wishing to contract with the federal government.

However, the effectiveness of any law intrinsically depends on its implementing regulations and the creation of mechanisms that operationalize its guidelines, thereby enabling practical enforcement. In this context, Decree #12,304/2024 emerged at the end of 2024 as a fundamental step. It detailed the parameters for evaluating integrity programs in cases involving large-scale works, services, and supplies, tie-breaking between proposals, and the rehabilitation of bidders or contractors within the direct, autarchic, and foundational federal federal government.

Complementing this framework, the Brazilian Office of the Comptroller General (CGU) issued SE/CGU’s Normative Ordinance #226/2025 on September 9, 2025.  This Ordinance establishes the specific methodology and parameters for evaluating the integrity programs mentioned in Decree #12,304/2024.

What follows is an analysis of the synergistic relationship between these legal instruments and their practical implications for organizations that are, or wish to become, suppliers of goods or services to the Federal Government. The context of the New public tendering Act, a detailed analysis of the Decree, an in-depth examination of the Normative Ordinance, and the interplay between these three standards will be addressed below.

‍

THE RELEVANCE OF COMPLIANCE IN PUBLIC TENDERING PROCESSES

Law #14,133/2021 marked a watershed moment in the legal regime for Brazilian public tenders and administrative contracts Developed in response to the pressing need to modernize and improve public procurement processes after nearly a decade of discussion, it sought not only to ensure probity and efficiency in the allocation of public resources but also to foster innovation, sustainability, and fair competition. Its predecessor, Law #8,666/93, although foundational for decades, no longer fully addressed the complexities and demands of a modern state or a society calling for greater transparency, ethics, and optimization of public resources. The new law introduced concepts such as risk management, strategic planning, and the pursuit of best value for the government – moving beyond the sole criterion of lowest price.

One of the most significant innovations of the New Public Tendering Act is its emphasis on integrity programs (compliance). Although the Anti-Corruption Act (Law #12,846/2013) already established the possibility of mitigating penalties for companies with effective compliance programs, Law #14,133/2021 elevated compliance to a new level within public tendering. It incorporated the topic in several instances, whether as a tiebreaker criterion, a factor for mitigating sanctions, or, in certain situations, as an essential requirement for contracting.

For instance, Article 25 of Law #14,133/2021 established that the requirement for integrity programs could be stipulated in regulations as a condition for participating in bids and for entering into contracts, especially for large-scale contracts (those with significant values, to be defined in a specific ordinance) or in sectors considered at high risk of fraud and corruption. This means that for certain tenders, the absence of an integrity program could be grounds for elimination. Similarly, Article 60, which deals with tie-breaker criteria in tendering processes, expressly mentioned the “implementation of an integrity program, as per regulations,” granting a competitive advantage to companies demonstrating this commitment. Furthermore, Article 156 listed the administrative sanctions applicable to bidders and contractors, specifying that the existence and operation of compliance programs should be considered when applying and measuring penalties, thus reinforcing the preventive and mitigating role of compliance.

This integration of compliance into the New public tendering Act is not merely formal. It reflects a profound understanding that preventing illicit activities and promoting ethics and corporate governance must be central concerns not only for the government but also for its private partners. In this context, a compliance program ceases to be a mere differentiator and becomes a strategic risk management tool for companies and a robust mechanism for ensuring probity, efficiency, and trust for the federal government. Its relevance lies in its ability to mitigate risks of fraud, corruption, collusion, misconduct, and other irregularities that have historically plagued the tendering environment, causing significant losses to the public treasury and eroding societal trust in institutions. By promoting integrity, the law intends to ensure that public contracts are executed with the highest quality and lowest cost, directly benefiting citizens and society as a whole.

‍

DETAILED ANALYSIS OF DECREE #12,304/2024

Decree #12,304/2024 materialized the legislative intent expressed in Law #14,133/2021 regarding integrity programs. Its primary function was to regulate aspects related to the requirement, evaluation, and monitoring of compliance programs in public tenders and administrative contracts specifically in cases of large-scale works, services, and supplies, tie-breaking of proposals, and rehabilitation of bidders or contractors. It provided the necessary structure and guidelines to make the provisions of the Law operational and applicable.

‍

Main Guidelines and Objectives

Decree #12,304/2024 adopted a systemic and pragmatic approach, seeking to standardize the understanding and application of integrity programs across the federal government. Its main guidelines and objectives include:

• Standardization of minimum requirements: Decree established a minimum set of elements that an integrity program must contain to be considered effective and worthy of evaluation. This aimed to prevent subjective assessments and ensure that companies, when developing their programs, would understand the federal government's expectations, thereby promoting a baseline level of quality.
• Qualified incentive for adoption: by detailing the benefits and conditions for using compliance programs as a tiebreaker or sanction mitigation criterion, the Decree encouraged companies to proactively invest in their integrity structures, transforming compliance into a competitive asset and a market differentiator.
• Clarity in evaluation parameters: although the detailed methodology was reserved for the CGU’s Ordinance, the Decree established general guidelines for the evaluation, defining the need for a transparent, objective process based on pre-defined criteria. It also indicated that the evaluation should consider not only the formal existence of the program's elements but, crucially, their practical application and effectiveness.
• Promotion of a sustainable integrity culture: beyond a mere formality or checklist, the Decree aimed to foster an organizational culture that values ethics, transparency, and compliance as an intrinsic value and a pillar of business sustainability, not just a legal obligation.

‍

How the Decree Regulated and Complemented Law #14,133/2021

Decree #12,304/2024 acted as an essential bridge between the general principles of Law #14,133/2021 and its practical application in everyday public tendering processes. It detailed, for example, the specific situations and conditions under which an integrity program would be required as a condition for participation or as a tiebreaker criterion.

• Specific requirement and tie-breaker criterion: the Decree specified that requiring integrity programs as a condition for bidding or contract execution could be applied to large, highly complex contracts, or in sectors considered at high risk of fraud and corruption (e.g., infrastructure projects, public service concessions, and provision of critical goods and services). It also reiterated that proof of an effective program could be used as a tie-breaker criterion, giving preference to bidders demonstrating a stronger commitment to integrity, in addition to other economic and technical criteria.
• Definition of the program's essential elements: the Decree outlined the essential pillars of an integrity program, which should be developed based on the Anti-Corruption Act (Law #12,846/2013) and domestic and international best practices. These elements include, but are not limited to senior management commitment, risk analysis and management, a code of ethics and conduct, robust reporting channels, effective internal controls, periodic training, and third-party due diligence.
• Assignment of jurisdiction and centralization: The Decree explicitly assigned the CGU the jurisdiction to establish the detailed methodology and parameters for evaluating integrity programs, which were later detailed in SE/CGU’s Normative Ordinance #226/2025. This centralized technical knowledge and standardization, ensuring a consistent and specialized approach at the federal level.
• Strengthening the mitigation of sanctions: aligning with the Anti-Corruption Act, the Decree reinforced the role of the integrity program in mitigating administrative sanctions under Law #14,133/2021. However, it emphasized that mitigation would only be possible if the program was proven to be effective and, importantly, had been implemented and functional before the occurrence of the illicit act, thereby encouraging prevention and early detection.

‍

Expected Impact on the Conduct of Public Tenders

The impact of Decree #12,304/2024 on the conduct of public tenders is profound, potentially reconfiguring market dynamics:

• Substantial increase in integrity standards: a significant increase in the number of companies adopting and improving their compliance programs is expected, leading to a more honest, transparent, and less fraud-prone tendering environment.
• Improved qualification of bidders: the requirement for integrity programs acts as a qualitative filter, attracting more ethical, professional companies with better governance. Theoretically, this leads to higher-quality contracts, more efficient execution, and better use of public resources.
• Risk reduction for public administration: by engaging with companies that have robust and effective programs, the public administration reduces its own risks of involvement in corruption schemes, poor contract execution, litigation, and reputational damage.
• Challenge and opportunity for Small and Medium Enterprises (SMEs): While proportionality is a fundamental compliance principle, meeting program requirements may pose a significant challenge for SMEs, which may lack the financial and human resources of large corporations when investing in complex compliance frameworks. This requires careful application to avoid excluding potentially competitive suppliers. Solutions such as simplified frameworks, government support programs, and an emphasis on proportionality in assessment are crucial for ensuring inclusion.
• New competitive dynamics: Using compliance as a tiebreaker introduces a new competitive layer. Companies are now encouraged not only to offer the best price or technical solution but also to demonstrate a solid and verifiable commitment to ethics and integrity, making compliance a strategic differentiator.

‍

MAIN ASPECTS OF SE/CGU’S REGULATORY ORDINANCE #226/2025

SE/CGU Normative Ordinance #226/2025 represents the final and most detailed link in the regulatory chain governing compliance in public tendering processes. It translates the intentions of the Law and the guidelines of the Decree into a practical and detailed methodology for evaluating integrity programs. The CGU, as the central body of the Federal Executive Branch's internal control system and with extensive experience evaluating integrity programs under the Anti-Corruption Act, is the institution naturally responsible for this task, possessing the necessary expertise.

‍

The Methodology for Evaluating Compliance Programs in Public Tendering Processes

The Ordinance establishes a structured, transparent, and technical evaluation process, which generally involves the following sequential steps:

• Request for evaluation and document submission: the interested company, whether to meet a specific tendering requirement, seek a tie-breaker advantage, or mitigate a sanction, submits a request to the CGU. This request must be accompanied by a complete dossier containing documentation supporting its integrity program. This includes, but is not limited to a code of ethics, internal policies, a risk matrix, evidence of training, internal audit reports, and records from reporting channels.
• Preliminary and compliance document analysis: the CGU technical team conducts an initial, exhaustive review of the submitted documentation. The objective is to verify that all minimum elements required by the Decree and the Ordinance itself are present and that the program demonstrates internal coherence and adherence to formal requirements. Any inconsistencies or omissions may lead to requests for additional information or, in serious cases, preliminary rejection.
• Detailed evaluation of effectiveness: this is the crucial phase, which assesses not only the formal existence of the program's elements (“what is on paper”) but, primarily, its effectiveness, practical application, and integration into the organizational culture (“what actually happens”). The evaluation is an analytical process that transcends a mere document check, seeking evidence that the program is functional and actively engaged.
• Interviews and additional due diligence: to further assess effectiveness, the CGU may conduct interviews with key company personnel, from senior management (CEO, CFO, Compliance Officer) to operational staff (in purchasing, sales, legal, HR). The goal is to evaluate their awareness, knowledge of policies, and practical application of compliance guidelines. In specific and justified cases, on-site visits may be conducted, or additional information and evidence of controls may be requested.
• Preparation of the evaluation report: the CGU team drafts a detailed technical report with its conclusions, highlighting the program's strengths and weaknesses, identifying gaps, and issuing a reasoned opinion on its effectiveness or lack thereof. This report serves as the basis for the final decision.
• Decision and Publication: based on the evaluation report, the CGU or the competent authority issues a formal decision. This may attest to the program's effectiveness, indicate the need for improvements and monitoring, or deem it ineffective. The results are crucial and can be used for the purposes outlined in the legislation (tie-breaking, sanction mitigation, qualification for specific tenders). Publicizing the results, when applicable, promotes transparency and serves as a market reference.

‍

Criteria and Parameters Used for This Assessment

Normative Ordinance SE/CGU #226/2025 details the pillars of an effective integrity program, mirroring and adapting international best practices (such as guidelines from the US Department of Justice and ISO 37001 – Anti-Bribery Management Systems) and the criteria established by Brazil’s Anti-Corruption Act. The evaluation criteria are designed to verify the program's robustness, adherence, and effectiveness. Key parameters include:

• Commitment and support from senior management (“Tone at the Top”): Analysis of the visible, unequivocal, and ongoing dedication of senior management to promoting a culture of integrity, demonstrated through public statements, allocation of adequate resources, active participation in training, and the establishment of compliance goals. The existence of a compliance officer (or Committee) with autonomy, authority, and adequate resources is a fundamental indicator.
• Risk analysis and management: the existence of a robust, systematic methodology for identifying, assessing, prioritizing, and mitigating corruption and fraud risks specific to the company's business, particularly concerning interactions with the federal government. The program must be tailored to the organization's inherent risks and must be dynamic and periodically reviewed.
• Code of ethics and conduct: a clear, comprehensive code that is accessible to all employees (and ideally also to partners), outlining values, principles, and behavioral guidelines with an explicit focus on interactions with public officials, participation in tenders, and contract execution. It must be widely disseminated and understood.
• Internal policies and procedures: documented specific policies for high-risk areas, such as gifts and hospitality, sponsorships, political donations (where permitted), conflicts of interest, use of privileged information, and, especially, detailed procedures for participating in bids and managing administrative contracts.
• Reporting, investigation, and whistleblower protection channels: the existence of secure, confidential, and anonymous channels for reporting violations to the code of ethics or to the law. There must be a guarantee of non-retaliation for good-faith whistleblowers and an independent, impartial, and well-defined investigation.
• Internal and financial controls: financial and operational control mechanisms that ensure transaction compliance, segregation of duties, proper approval of expenses, and prevention of accounting fraud or misappropriation of funds.
• Ongoing training and communication: regular, mandatory training and communication programs on the code of ethics, compliance policies, and applicable legislation for all employees, tailored to different hierarchical levels and functions. The frequency and effectiveness of training are monitored.
• Third-party due diligence and supplier management: rigorous due diligence procedures for verifying the integrity of business partners, suppliers, intermediaries, agents, and especially consortium members and subcontractors involved in public tenders and contracts. This management must be ongoing, not limited to the initial hiring phase.
• Continuous auditing and monitoring: periodic internal/external audit mechanisms and continuous monitoring to assess the program's effectiveness, identify failures, measure performance (using compliance KPIs), and promote continuous improvement.
• Internal investigation and corrective actions: the company's capacity to conduct effective, impartial, and transparent internal investigations into suspected wrongdoing, applying appropriate disciplinary measures and implementing corrective actions to prevent recurrence.
• Proportionality and adaptation: the assessment considers the company's size, complexity, and sector as well as  their particular operational risks. An SME's program will not be held to the same requirements as a large multinational's, provided it demonstrates effectiveness proportional to its risks and resources.

‍

Requirements and Expectations for Compliance Programs of Companies Participating in Public Tendering Processes

For companies, Normative Ordinance #226/2025 establishes clear expectations. The compliance program must be more than a set of documents; it needs to be a living, dynamic system integrated into the organizational culture.

• Complete, coherent, and accessible documentation: all policies, procedures, and implementation evidence (e.g., ethics committee minutes, training records, investigation reports) must be documented in an organized, coherent, and easily accessible manner for the CGU.
• Real and demonstrated implementation: well-written policies are insufficient; companies must demonstrate that they are effectively applied in daily operations and that employees know and follow them. This requires constant monitoring and the ability to demonstrate control application.
• Robustness and comprehensiveness: the CGU expects more than just a set of documents; the integrity program must be a living, comprehensive framework. It must cover all aspects of operations, from senior management to front-line employees, and extend to the value chain (suppliers, partners). Robustness implies clear policies, effective reporting channels, a well-disseminated code of conduct, rigorous third-party due diligence, and a functioning internal control system. The scope must also address public sector-specific risks, such as conflicts of interest in tenders and the management of administrative contracts.
• Proven effectiveness: the primary challenge and expectation is demonstrating the program's effectiveness in preventing, detecting, and remedying corruption and irregularities. The CGU will seek evidence that the program works in practice, not just in theory. Effectiveness is demonstrated through:
  • “Tone at the Top” and “Tone from the Middle”: the genuine commitment of senior and middle management to ethics and integrity.
  • Metrics and indicators: the company's ability to monitor and present data on program implementation, i.e., training sessions, complaints received and investigated, disciplinary actions.
  • Internal audits and independent reviews: periodic verification of control adherence and effectiveness.
  • Incident response: the readiness and appropriateness of actions when irregularities are detected, including the remedying losses and applying internal sanctions.
• Continuous improvement: integrity programs are not static. Companies must demonstrate an ongoing process of evaluating, learning, adapting and improving their controls in response to new risks, regulatory changes or lessons learned from internal or external incidents. This involves:
  • Periodic risk reviews: constant updating of compliance risk mapping, especially when related to interactions with the government.
  • Regulatory adaptation: adjusting policies and procedures to reflect new laws, decrees, and ordinances, such as SE/CGU Normative Ordinance #226/2025.
  • Lessons learned: incorporating insights from internal investigations, audits, or even public corruption cases to strengthen controls.
  • Adoption of best practices: seeking and implementing international standards, such as ISO 37001 (Anti-Bribery Management System), which emphasize ongoing improvement.
• Culture of integrity: Underlying all these points, the CGU seeks evidence of a genuine culture of integrity, where ethics is an intrinsic value. This is evident in the way employees make decisions, their openness to discussing ethical dilemmas, and their trust in reporting channels without fearing retaliation. For a company seeking to succeed in public tenders, a compliance program is a strategic pillar. The absence of a robust, positively evaluated program may not only preclude participation in strategic bids but also deprive the company of a key tie-breaker criterion and a vital tool for mitigating sanctions, directly impacting its market reputation and sustainability.

‍

CORRELATION BETWEEN SE/CGU’S REGULATORY ORDINANCE #226/2025, DECREE #12,304/2024, AND LAW #14,133/2021

Law #14,133/2021, Decree #12,304/2024, and SE/CGU’s Normative Ordinance #226/2025 should not be viewed as isolated instruments, but rather as integral parts of a cohesive and hierarchically structured legal and regulatory framework. They are complementary, working in concert to create a robust integrity ecosystem within the Brazilian public procurement environment.

‍

How these Legal Instruments Complement and Articulate Each Other

The relationship between these three standards can be visualized as a regulatory pyramid, where each layer builds upon the previous one to create objective parameters for effective compliance:

• Law #14,133/2021: the New Public Tendering Act serves as the base of this pyramid. It establishes general principles and master guidelines, inaugurating the era of compliance in public procurement. The Act contains the provision that integrity programs may be required or serve as a tiebreaker criterion (Article 25, Paragraph 4, and Article 60, Item IV), but without detailing “how” or “what” these programs should entail. It expresses the lawmaker's intent to modernize and sanitize the public procurement environment, establishing integrity as a fundamental value and a requirement aligned with the principles of morality, probity, and efficiency.
• Decree #12,304/2024: this represents the intermediate layer of the pyramid, filling the gaps left by the Act. It operationalizes the compliance requirement by defining the minimum pillars of an integrity program (generally based on those of the Anti-Corruption Law), the situations in which it may be required (e.g., large contracts or high-risk sectors), and, crucially, by designating the CGU as the competent authority to establish the assessment methodology. The Decree gives form and substance to the Act's intentions, transforming “may be” into “will be,” thereby ensuring a uniform application of compliance criteria based on objective standards across the national territory.
• SE/CGU’s Normative Ordinance #226/2025: at the apex of the pyramid, the CGU Normative Ordinance is the instrument of execution. It translates the Decree's guidelines into a practical, detailed guide for evaluating integrity programs. It also establishes the specific methodology, detailed criteria, effectiveness parameters, and documentation requirements. The Ordinance serves as the technical manual that federal agencies and companies will use to understand and apply the compliance requirements, ensuring a standardized, objective, and technical assessment. It provides the actual assessment framework, including scoring systems and the specific elements to be verified, such as the existence of a robust risk assessment and the effectiveness of internal controls.

This interdependence creates a virtuous cycle: the Act innovates and generates the demand for integrity, the Decree organizes this demand and assigns responsibilities, and finally the Ordinance provides the tools for it to be met and evaluated effectively. Together, they form a system designed not only to punish corruption and fraud in public procurement but, primarily, to prevent and discourage it, thereby promoting a more ethical and transparent business environment.

‍

Practical Implications for Organizations Participating in Public Tendering Processes

The practical implications of this regulatory triad for organizations wishing to contract with the government are vast and necessitate a paradigm shift:

• Unavoidable need for investment in compliance: companies that have historically neglected compliance or maintained only formal programs will need to make significant investments in structuring, implementing, and maintaining effective programs. This investment extends beyond financial resources to include time, qualified personnel, and, fundamentally, the commitment of senior leadership. Compliance ceases to be a discretionary cost and becomes a strategic investment. It is expected that this will actively discourage the use of shell companies, which are often created solely to participate in specific public tenders.
• Adaptation and constant improvement: even companies with established compliance programs must review and adapt their policies and procedures in light of the specific requirements set forth by the Decree and the Normative Ordinance. This involves conducting a detailed gap analysis to identify the need to address specific risks inherent in interactions with the public sector. Adaptation may require revising contractual clauses, creating specialized training for sales and contract teams, and strengthening due diligence processes for business partners that interact with the government.
• Competitive advantage and market differentiation: companies with robust, well-regarded compliance programs will hold a clear competitive advantage. They will not only be eligible to participate in more strategic tenders but will also benefit from tiebreaker criteria, positioning themselves as more reliable and ethical partners for the federal government. This translates into a “preferred supplier” status, greater investor confidence, and a strengthened brand image aligned with growing ESG (Environmental, Social, and Governance) expectations.
• Proactive and sophisticated risk management: Companies will need to systematically map, assess, and mitigate the risks of fraud and corruption inherent in their operations, with a particular focus on public procurement. Tools such as risk matrices, control self-assessments, and continuous transaction monitoring become essential for identifying and addressing vulnerabilities before they materialize into incidents.
• Employee training and engagement: the effectiveness of a compliance program critically depends on the engagement of all employees. This requires ongoing training, clear communication, and the promotion of an organizational culture that values ethics and integrity across all levels. Training must be tailored to different audiences (senior management, middle management, operational staff) and address practical scenarios and ethical dilemmas specific to the public procurement environment. The existence of an accessible, reliable, and trusted reporting channel is vital for encouraging the reporting of misconduct without fear of retaliation.
• Increased transparency and accountability: organizations will be held to a higher standard of transparency in their operations and corporate accountability. The ability to demonstrate the effectiveness of internal controls and a readiness to correct deficiencies will be crucial to maintaining their reputation and success in the public sector. This includes maintaining detailed records, enabling internal and external audits of processes, and demonstrating a willingness to cooperate with authorities in the event of investigations.

In essence, these legal instruments compel companies to embed integrity as a core value of their corporate identity, moving beyond mere legal compliance to embrace a pervasive culture of ethics and responsibility that informs all their operations and strategic decisions.