Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
Is your subsidiary in Brazil required to have an Internal Committee for the Prevention of Accidents (“Comissão Interna de Prevenção de Acidentes e Assédio” or “CIPA”)?1 If so, you have until March 20, 2023, to update your program to include sexual harassment prevention measures.
How do I know if I need to have a CIPA?
A CIPA is regulated by the Regulatory Norm (NR) # 5,2 which was first issued 1978 and has been amended many times over the years. The last update was in December 2022 when sexual harassment prevention provisions and requirements were added.
When companies are incorporated in Brazil, they are required to list their main business purpose. These purposes fall within one or more of the National Classification of Economic Activities (CNAE), which list the corresponding health and safety risk levels associated with these activities. The “Risk Levels” go from 1 (the lowest risk) to 4 (the highest risk). Depending on the number of employees and the company’s Risk Level, a company may or may not need a CIPA; if they do need one, the number of employees will determine how many members from the employee and management sides are needed to form the committee.
Companies with Risk Levels 3 and 4 must have a CIPA once they have 20 employees. Companies with Risk Level 2 must have a CIPA once they have 51 employees and companies with Risk Level 1 must have a CIPA once they have 81 employees.
If I need to have a CIPA, in practice, what does that mean?
By way of example, a tech company office with the main corporate purpose of developing software3 will have a Risk Level 2. When the company reaches 51 employees (direct hires), the company will need to invite employees to elect one representative to become a member of the CIPA, plus one substitute, and the company will choose one management representative and their alternate to form the CIPA. The company must provide training on various topics (including sexual harassment) of at least 12 hours’ duration to these CIPA members. The CIPA must then meet regularly and maintain records of its meetings and programs developed and sponsored, such as the annual Internal Week of Prevention of Work Accidents (SIPAT), which must be kept for five years. Before the members’ terms expire, new CIPA elections must be conducted.
CIPA members enjoy certain job security. CIPA members must be excused from work to meet and participate in trainings; they cannot be unilaterally transferred to another location or have their job activities changed; and they cannot be terminated from the date of their candidacy until one year after the end of their term, except for misconduct.
What are the new sexual harassment prevention requirements?
Companies required to set up a CIPA under the terms of NR #5 must adopt the following measures, in addition to others deemed necessary, for preventing and combating sexual harassment and other forms of violence within the workplace:
- Rules of conduct regarding sexual harassment and other forms of violence must be incorporated in the company's internal policies, and disseminated to all employees;
- Procedures must be established for receiving and following up on complaints, investigating the facts and, when applicable, for applying administrative sanctions to those directly and indirectly responsible for acts of sexual harassment and violence, guaranteeing the anonymity of the complainant, without prejudice of applicable legal procedures; and
- At least every 12 months, the employer must carry out training, issue guidance and conduct employee awareness programs for all employees at all hierarchical levels of the company on topics related to violence, harassment, equality and diversity in the workplace, in formats that are accessible, appropriate, and show maximum effectiveness.
These measures must be implemented by March 20, 2023, or companies may be fined by the labor authorities. Companies required to have a CIPA must work with their CIPA members to develop this program as soon as possible.
It is recommended that companies that do not have a CIPA still consider implementing a sexual harassment policy and complaint procedure to develop awareness, promote a heathy environment, and reduce their potential exposure to moral damages, a type of pain and suffering award to employees who are subjected to harassment in the workplace.
1 CIPA’s new name will be Internal Committee for the Prevention of Accidents and Harassment – Comissão Interna de Prevenção de Acidentes e Assédio.
3 CNAE #s 62.01-5; 62.02-3; and/or 62.03-1. All CNAE #s relating to IT services under the CNAE family #s 62 and 63 have a Risk Level 2. You can find the complete CNAE list and their Risk Levels in the Annex of RN-4 - NR 4 - Serviços Especializados em Engenharia de Segurança e em Medicina do Trabalho (www.gov.br)