Public owned enterprises in Italy : A hybrid nature for a hybrid regime of over-compliance

The purpose of this paper is to describe the state of play regarding Italian Government strategy for preventing and combating corruption in Public Owned Enterprises (POEs). That is a special case since it implies the application of a hybrid regime of over compliance. On one hand, POEs must comply with Legislative Decree no. 231 of 2001 as private organization, on the other hand POEs must comply with Law No 190/2012 as public-owned organization. We carried out empirical research on the application of Legislative Decree no. 231 and Law No 190 based on an analysis of 106 Italian POEs. The results depict a controversial situation. Only a small part of the sample seems to comply with the Law and Decree. Most parts of the sample do not perfectly comply with Decree No 231 and Law No 190. In this case, it seems that the hybrid nature of POEs leads to an incomplete process of compliance. Or said in other terms, over-compliance does not work. The research limitations are mainly related to the sample, only Italian POEs, and to the absence of a longitudinal analysis due to the too recent application of the normative. This study provides an empirical basis for governments to apply anticorruption measures to POEs, and it provides useful insights for management to avoid the “conformity trap”. This study is the first to provide a starting point for reflection on the intertwined relationship between POEs and anticorruption measures, and to outline the current status quo of application in the Italian context.


INTRODUCTION
Historically, the spread of public entrepreneurship in Europe from the end of the 19 th century has been largely explained as a process of reacting to market failures, through which public administrations progressively supplanted the market and behaved as an entrepreneur in designing and managing services (Clo et al., 2015;Millward, 2005).The disillusionment with private initiated regimes gave way in most countries to direct selfproduction as the dominant form of regulation, where public authorities governed the whole process of service provision both through internal departments or organizing entities strictly organic (local authorities keep the responsibility to define aims and strategic goals, to directly appoint the administrative organs, to approve fundamental acts and to supervise the management) to local authorities.Starting from this almost generalized background, new organizational model progressively came out in the last decades of the 20 th century, following the opposite direction.Bureaucratic failures, together with other technological, political and economic forces triggered de-integration and decentralization, bringing about a changing regulatory environment.
Within this general context of change, public owned enterprises (POEs) have turned out to be a distinctive institutional feature of many European countries.This trend has been driven by an evolving economic, political, ideological and theoretical background, aimed at making the public sector more business-like by introducing the principles and tools of private management into public administrations in order to improve their performance (Grossi and Reichard, 2008;McDonald, 2016).As a result, an increasing share of decisions and resources, while being kept within the public sphere initiative, are finally allocated to entities converted into private-law companies (joint-stock companies or limited liability companies).Accordingly, their efficiency, efficacy, but also their sustainability, accountability and transparency become key concerns for both public policy makers and theoretical analysis (Grossi et al., 2015;Klein, 2012;Zatti, 2013).
In what follows we do not discuss the controversial and widely investigated ownership effects on the overall performance of enterprises (Boardman and Vining, 1989;Bognetti and Obermann, 2008;MacAvoy et al., 2012), but we focus on a specific issue concerning the management of POEs.A recent challenge they have to deal with is in fact the internalisation of effective corruption prevention mechanisms.On the one hand, POEs are exposed to the same governance challenges as those faced by private organizations and should be held to the same high standards of governance as private companies.On the other hand, due to their close relationship with policy makers and regulators, POEs may face additional and more specific challenges, such as undue political influence and conflict of interest for board members.In particular, concerning this second aspect, previous studies (Anechiarico and Jacobs, 1995;Auriol and Blanc, 2009;Faccio, 2006;Nguyen and Van Dijk, 2012) have explored the connection between firms and politicians finding corporate political connections to be relatively widespread, more evident among larger firms and particularly common in countries that are perceived as being highly corrupt (such as Italy) (Kaptein, 2011).According to the World Bank, in fact, POEs are prone to greater corruption risks due to some additional challenges than private sector firms.These are mainly due to factors such as multiple principals, politicized boards and management, and low levels of transparency and accountability (Cameron et al., 2005;Dela Rama, 2011;World Bank, 2014).The proximity of POEs to other public organizations or public-owned entities, which can Previtali et al. 141 be clients or suppliers to the POEs, creates a potential risk for favoritism and corruption.In addition, politicized boards and political appointment of chief executives leads to poor oversight of managers and increases the risk of corrupt activities going unchecked.Many POEs have weak internal control and auditing systems, thereby making them more prone to corruption (World Bank, 2014).
Starting from these premises there is both the theoretical and empirical need to go beyond the classical understanding of corruption as a generic form of moral hazard in organizations and analyze anti-corruption practices in different types of organizations (Banerjee et al., 2012).POEs, for instance, should adopt several corruption prevention practices with the aim, among others, of making them consistent and functional both in terms of their mission, often closely linked to objectives of general interest, and with governance choices, often borrowed from the private sector.To the best of our knowledge, previous studies on POEs are focused on privatization and globalization (Cuervo-Cazurra et al., 2014), on governance and ownership issues, foreign acquisition and, in general, on the expanded role of governments in global capital markets (Bremmer, 2010;Karolyi and Liao, 2017).To date, researchers have devoted relatively little attention to both the study of corruption in POEs.The little done so far has focused on the causes and economic consequences of corruption, without analyzing how organizations adapt and integrate "universal" practices and systems into their specific organizational frame.One of the goals of this paper is to remedy this deficiency with a study of corruption and compliance practices adopted in Italian POEs.
Moreover, almost all empirical studies in the literature to date measure and analyze corruption at the countrylevel.There are several arguments for why we need more organization-level analyses for a better understanding of corruption.First, country-level research does not help us to understand how individual firms face corruption and why and how the practices and the tools to fight corruption vary across organizations within a country.In addition, the country-level institutions and the regulatory framework cannot help to explain the substantial differences among organizations within the same country.Finally, organization-level studies can have important policy implications and could, for example, provide countries with a high level of corruption with recommendations on which local institutions matter for the prevalence of corruption.
Italy is interesting as a single country setting for at least three reasons.First, According to the latest Corruption Perception Index (CPI) by Transparency International (https://www.transparency.org/news/feature/corruption_perceptions_index_2016), Italy ranked 60th (along with Cuba), with a perceived corruption rate improving over the past few years.As to the 2016 CPI, on a scale from zero to 100 whereby 100 refers to the lack of corruption, Italy got a score of 47, with a little improvement compared to the previous year (44), rather placing Italy among the worst performing countries in the G7 and the EU members.As calculated by the Italian Court of Auditors, direct economic costs amount to approximately EUR 50/60 billion per year.Second, although several prior studies investigate the role of the overall national legal effectiveness and the legal origins in affecting corruption (Herzfeld and Weiss, 2003;Treisman, 2000), the role of within-country governance structures has received very little attention in the academic literature, partly due to data availability issues.Third, in Italy, the government strategy to prevent corruption has led the National Anti-Corruption Authority (ANAC) to issue Determination no. 8 of 2015 which provides that POEs due to their hybrid nature -abide by a dual compliance obligation: compliance with Legislative Decree no.231 of 2001 as regards cases of active bribery (bribery, undue inducement to give or promise utilities, private corruption), and compliance to Law no.190/2012 as regards cases of passive bribery.
Consequently, POEs in Italy represent an interesting context of analysis in order to study the adoption of anticorruption and compliance measures on forms of control and accountability in organizations characterized by a hybrid nature, as a means to facilitate the achievement of hybrid organizational and strategic objectives, aiming at removing or mitigating the factors that make more difficult the accomplishment of results.It is necessary to go beyond the simple analysis that considers the adoption of anticorruption and compliance practices as a "formal" process: the mere introduction of these practices could be not sufficient to create the conditions to implement innovative practices and policies in POEs.The anticorruption and compliance mechanisms characterized just by rule-based processes may have negative consequences especially in POEs, reducing these mechanisms to an add-on for internal control and compliance to external regulations, derailing any real process of hybridization with the pre-existing organization management systems and practices.
However, despite an awareness of how the effectiveness of both anticorruption and compliance mechanisms depends greatly on the way in which they are introduced and implemented, there are few contributions exploring "if" and "how" they work in practice.In addition, most of the cases already studied concern private enterprises (Belloc, 2014;Cuervo-Cazurra et al., 2014;Nguyen and van Dijk, 2012), with results that can be partially generalizable to different organizational contexts such as the POEs, where the practices related to corruption are having a rapid development after the regulatory intervention and where there is still an important need for knowledge and theoretical development.
Within the international debate on corruption there is the need to understand how organizations adapt and integrate "universal" practices and systems into their specific organizational frame.This need is even greater when it comes to POEs, where particular external forces and internal dynamics require the adaptation of management tools coming from other sectors, as the new public management discourse has repeatedly debate.The present work contributes to filling this gap by understanding the state of implementation of Italian legislation based on anti-corruption and compliance measures in POEs; a relatively new subject and one lacking in-depth theoretical and research exploration.
The paper is organized as follows: first is an overview of regulatory framework on both corruption and compliance in Italy.This is followed by presentation of the peculiarities of the relationship among POEs, governance and corruption.Thereafter, the research model and sample used for the research is outlined; followed by the main results of the questionnaire and their discussion.The conclusions, recommendations for further development along with research and limitations were then presented.

THE ITALIAN REGULATORY FRAMEWORK
Corruption is a widespread phenomenon in Italy: it represents one of the main causes of inefficient service delivery, instability of public financial resources as well as citizen"s lack of trust towards democratic institutions affecting the Italian economic development (Ceschel et al., 2016).There was a need for an anticorruption policy to strengthen, on one hand, repressive measures and to introduce (or enhance where needed) prevention tools after and "on the other hand" aiming to tackle corruption in a comprehensive way and those factors that facilitate its incidence.It was precisely the widespread and systematic nature of the corruption that makes repression (though important) insufficient and that calls for the design and implementation of an integrated and coordinated anticorruption policy.In this frame, in Italy, since 2001 the Legislative Decree no.231 was issued to implement the OECD Convention of 17 September 1997 on the fight against corruption involving foreign public officials in international economic transactions.This has led to a change in the Italian regulatory system: the Decree provides a new form of liability for all private companies, which the legislator describes as "administrative", independent from the liability of the individual who has actually committed the crime.In fact, under articles 6 and 7 of the Decree, in a case of corruption or bribery the company body may be exempted from liability if it can prove it has adopted and effectively implemented some measures and choices of governance and an organizational model to prevent corruption and frauds, such as the following: (a) the Board of Directors adopted and efficiently enacted, prior to commission of the act, organizational and management models which are capable of preventing offences of the type occurring; (b) the task of overseeing such operations has been delegated to a Supervisory board vested with powers to act on its own initiative and conduct monitoring; (c) the persons committed the offence by fraudulently circumventing the organizational and management models; (d) there has been no omission or insufficient oversight on the part of the Supervisory board referred to in subparagraph b).
As we have seen, the Legislative Decree concerns private legal entities.For public administrations, Law 190 of November 6, 2012, the so-called "Anti-Corruption Law," introduced, for the first time in Italy, an organic system to prevent corruption and illegality in public administration.Examining the content, it is clear that Law No 190 is the extension of the provisions of Decree No 231 for private companies to all Italian public administrations.Law No 190 requires that all public bodies should adopt: (a) a corruption prevention plan that must identify the activities which encourage corruption; (b) a person responsible for the prevention of corruption (compliance officer) who must assess the suitability of the corruption prevention plan and oversee both its implementation and operation and the effectiveness of the control procedures and processes; (c) a code of ethics and conduct; a set of values, principles and guidelines for behaviour to which employees should aspire for as part of their work; (d) specific risk prevention measures, which coincide with procedures and protocols that cover sensitive issues such as conflict of interest, authorization to make appointments outside the company, incompatibilities and ineligibility for top positions, whistleblowing, and the rotation of staff.
Here, ANAC (2015) enforced a double compliance regime for POEs: publically controlled enterprises are obliged to comply with Legislative Decree no.231 as private companies, but at the same time, they are obliged to comply with Law no.190 since ANAC equates POEs, with particular reference to in-house cases, and public administrations.From here, the risk is to create redundancies between the two systems: the organizational model and the supervisory body established under Decree no.231 risk overlapping with the adoption of the corruption prevention plan and the appointment of a compliance officer, as explicitly stated by the Law no.190.The risk here is the creation of an "over-compliance framework" which can lead to a "conformity trap" (Vit, 2016).That is the reassuring and unquestioning acceptance of legitimacy building activities that are contrary to apparent technical-rational warning signs, and the illusion of control and confidence they Previtali et al. 143 create.Moreover, this regulatory framework could apply a "rule based compliance", creating the conditions for a "protect and justify" approach to possible failures of POEs (as well as the behaviour of poorly performing employees); but such systems could also be embedded in managers' decision-making processes, becoming instruments of organizational learning and, therefore, a means for improving the performance of POEs (Behn, 2001;Previtali and Cerchiello, 2017;Hinna et al., 2017).

POES nature and corruption
POEs are known by many namesgovernment corporations, government business enterprises, government-linked companies, parastatals, public enterprises, public sector units or enterprises and so on.As well as the name, the definition of POEs also often varies across countries.Institutional documents and previous research (Kowalski et al., 2013;OECD, 2005;World Bank, 2006) suggests that there is a wide range of legal forms for POEs, depending on factors such as: the level of government that owns the enterprise; the way in which the enterprise was founded; the purpose of the POE and, finally, the status of the POE if it is in the process of being privatised.While the varying forms of POEs may provide governments with flexibility, the multiple forms that POEs assume may also serve to complicate ownership policy, make them less transparent and insulate POEs from the legal framework applicable to other companies.However, a move towards harmonisation of the legal status of POEs with companies in the private sector is beginning to take place, which in turn could facilitate a more systematic use of corporate governance instruments (Belloc, 2014;Clo et al., 2015;He et al., 2016).
It was this hybrid nature of corporatized enterprises that has been subject to diverse, in some cases opposite, evaluations.On one hand, following the influence of the New Public Management reform strategy (Pollit, 2007), corporatisation has been seen as a positive opportunity, bringing about efficiency and effectiveness in the public sector through organisational specialisation, resultsbased management and performance measurement (Alexius and Ornberg, 2015;McDonald, 2016).Accordingly, managerial autonomy and professionalization are expected to favour depoliticisation, shielding directors and professional bureaucrats from the day-to-day pressure of elected officials and the short term vision of election cycles and interferences from other government agencies (McDonald, 2016;OECD, 2015).Under this perspective, the amphibious nature of POEs sometime escaping from the rigid and bureaucratic framework (budgeting and accounting rules, recruiting mechanisms, public works awarding regulations) of public administrations (Grossi and Reichard, 2008).On the other hand, de-integration and reduced political control can be the cause of unintended critical effects, mainly due to the creation of entities that behave like private companies without the political and financial risks associated with direct private sector participation (McDonald, 2014).As observed by Alexius and Cisneros Ornberg (2015), hybridity in public enterprises, which attempts to reconcile potentially conflicting logics and values, risks not being a straight forward tool for the simultaneous creation of social and commercial value, but rather, often becomes "sites of confusion and criticism for failing to do so" (p.288).Mission drift, reduced accountability and increasing transaction costs are commonly considered as the main pitfalls emerging from this governance option.Firstly, the emphasis on monetary results may have counterproductive effects on the public missions of services, leading to short-termism and the commodification of the public approach (McDonald, 2016).The rhetoric of "customers" instead of "citizens" and cost-reflecting pricing are supposed to weaken the attainment of broader public goals, with values not expressed in monetary or quantitative terms that risk being penalised in decision making.Furthermore, the lack, or in any case lower, presence of synergistic planning and the diverging interests of ring-fenced corporations develop centrifugal powers and isolationism, which undermine economies of scale and a more holistic execution of the public mandate.Secondly, the presence of a more complex principal-agent chain (general public, public sector administrators, supervisory board and board of directors, CEO and professional management) can be the cause of unclear lines of responsibility, lack of accountability and reduced democratic transparency (Tonurist and Karo, 2016), thus raising the likelihood of self-serving behaviour by corporate insiders (OECD, 2015).Saussier and Klien (2014) assume that privatisation and contracting out favour corruption and opportunistic behavior since higher payoffs and personal benefits can be shared by the public government and the private partner.This risk is supposed to be lower for publically controlled enterprises where a higher degree of integration and the absence (or reduction) of a profitoriented attitude should diminish the interest in and possibility of redirecting cash flows to reward the politician or bureaucrat involved (Clo et al., 2015;Cuervo et al., 2014;Karloyi and Liao, 2017).The same authors also observe that, differently from the problem of corruption, political opportunism and misuse can be favoured in a POE, especially when boards and chief executives are politicised and directly influenced by elected organs.This suggests the opportunity to depoliticise the management, and reduce the opportunity to use the firm to gain consensus in a misleading way.In addition, where a substantive autonomy is granted to directors and chief executives it can lead to poor overseeing of managers and increases the risk of corrupt activities being unchecked (Srinivasan, 2015).Poor monitoring of managers, lack of market discipline, public managers corruption and malevolent politicians interference are the four main reasons commonly advocated to sustain POEs" comparative inefficiency (Belloc, 2014).However, the available literature does not support the traditional claim that the State, as such, inevitably induces public managers to be weakly committed or corrupted in government-owned firms.In particular, the sources of POEs inefficiency are not intrinsic to the owner"s identity per se, i.e. the government, rather they concern conditions (such as culture, legislation and the degree of political competition) extrinsic to it (Bremmer, 2010;Cameron et al., 2005;Milward, 2005;Kaptein, 2011).As stated by the World Bank (2014) all these factors make POEs prone to greater corruption risks due to some additional challenges.
If we concentrate on corruption prevention, the perspective to be adopted for a POE should be designed in accordance with its mission and operating environment.In fact, the director and managers can be, as in a private entity, active agents in corruptive behaviors, trying to gain contracts and benefits for the enterprise (Belloc, 2014); but they can also be passive subjects when they demand money, gifts or other undue advantages to act or to refrain to act in the exercise of their function, thus penalizing the interests of the company (Auriol, 2006;Dela Rama 2011).Many operative areas can be involved: administrative acts and authorization, contract awarding procedures, grant and other donation policies, workforce recruitment and career progression, tariff definition, appointment and nomination rules, and, control and inspections.In respect to public administration, POES lead to an increased decentralization of responsibilities and autonomy that can raise the risk of corruption and of other ethical problems.The adoption of less rigid and bureaucratic accounting and contract awarding procedures leads to the incrementation of discretionary choices, and can further increase this risk.More independent managers, for example, have additional opportunities and instruments to influence other actors in the purchasing process or in the recruitment of the workforce.At the same time, the public shareholder has a lower incentive to exert control since the financial effects of mismanagement do not immediately affect public budgets.The presence of softer budget constraints may also induce elected officials to influence operative choices to gain political consensus (lowering prices for public services or increasing the staff) without being directly responsible for the negative impacts in terms of costs and revenues.The overall threat is that the ambiguous nature of publically controlled enterprises weakens the checks normally operating in the public sector (hierarchical control, more transparent awarding procedures, direct voice from the public) without (or only partially) benefiting from the disciplining effects of market pressure.
As we can see, in dealing with corruption there are no simple answers, and we think that this is particularly true for public-owned enterprises (POEs) that, unlike the parent public administration, may "benefit" from less rigid decision and control mechanisms that could potentially be used for the commission of corrupt and fraudulent crimes (Florio, 2014).As a consequence, the process of escaping from the rigid and bureaucratic legal framework of public administration into the relative freedom of the business sector can bring about a perverse result: that of creating freedom and lessening control coupled with more opaque systems of political rewards and penalties.In summary, it is as if the POES leads to an imperfect situation, between the public and the private sectors, which must provide adequate and specific prevention measures, strictly connected with the measures adopted by the public reference bodies, but within which problems of teleological ambiguity and opportunistic behaviour may arise.This actually confirms the hybrid nature of the POEs, and generates a potential antagonism between an imperfect process of corporatization and the need by the public partner to exercise more control.
In this frame, POE"s boards of directors and supervisory board can play a key role in adopting effective mechanisms and practices to prevent corruption (Di Pietra and Melis, 2015).The managerial literature on corporate board composition shows that boards connections act as a mechanism of exchange of information and innovative governance practices among companies (Arora and Gambarella, 1991).Moreover, interlocking directorates facilitate the diffusion of the best strategies and the development of capabilities of the boards to overcome formal rigidities and to cope with dynamic scenarios (Carpenter and Westphal, 2001).When equipped to operate autonomously, they can act as safeguards against political capture.They also set the "tone from the top" (OECD, 2016) and can contribute to creating an ethos of integrity by communicating corporate values down the chain of command.In addition, boards can oversee and monitor the effectiveness of measures implemented within POEs to identify and prevent corruption and other forms of corporate misconduct, including anti-corruption ethics and compliance programs and measures.
Notwithstanding the benefits derived from both the increased control and the implementation of the regulatory requirements, the manner in which control is exercisedalso by board of directors -and law"s suggestions implemented may itself have pernicious consequences (de Colle 2014; Stansbury and Barry, 2007).Despite the apparent promise of organizational compliance and anti-corruption measures as vehicles for discouraging business practices and risky behaviors that compromise integrity or threaten the public interest, POEs can use these measures in a passive way (anticorruption measures are adopted only to be compliant with the law).Summarizing, when organizations place emphasis on coercive implementation of a compliance orientation instead of developing a values-based approach they may undermine the program"s own effectiveness, because ""they institutionalize control and thereby risk politicization, indoctrination, and an atrophy of competences"" (Stansbury and Barry, 2007).

RESEARCH MODEL
The purpose of our research is to provide an evidence about the state of play regarding POEs strategy for developing compliance and preventing corruption, addressing both their formal design and their practical implementations.Only focusing on the effectiveness of the compliance and anti-corruption systems it is possible to avoid the risks of a "conformity trap" (de Colle, 2014; Stanskury and Barry, 2007;Bruton et al. 2015), that is the risk of the emergence within organizations of a thoughtless, blind and blinkered mindset that is counterproductive with respect to the aim of enhancing the actual compliance of the organization.
To do so, we examined the contents of both the Law no.190 and the Decree no.231 by distinguishing the outcomes (e.g., effectiveness of the practices and measures) from the process, that is, the procedures that organizations should follow in order to achieve desirable outcomes (e.g.having management systems designed to avoid corruption) (de Colle et al., 2014;Leipziger, 2003).Then, starting from these two categories of analysis (the process and the outcomes), we began to form a table of analysis (Table 1).
Concerning the process, the first characteristic to be analysed was the supervisory board composition (Carpenter and Westphal, 2001;Dela Rama 2011).Boards of directors act as the intermediaries between the state as shareholder and the management.They can also play the crucial role of safeguard against political capture, if given the autonomy to effectively fulfil the functions of setting strategybased on clear objectives communicated by the stateand monitoring management.The presence of politically affiliated individuals on POE boards, for example, can lead both to conflicts of interest and to situations where corporate decision-making is politically motivated rather than based on clear performance objectives.We also focused on the presence of outside directors, which is one of the most important characteristics of good governance.Codes of good governance in many countries (e.g.US, UK, Australia, Germany, Japan, Italy, India, and Brazil), in fact, call for more independent directors on boards.Strong and independent boards of directors can ensure that the state as owner is not involved in the day-to-day operations of POEs, thereby limiting opportunities for corruption involving public officials (Belloc, 2014;Nguyen and van Dijk, 2012;Previtali and Cerchiello, 2017;Treisman 2000).From a theoretical perspective, the agency theory tradition suggests that a higher proportion of outside directors should be associated with stronger financial performance (Stiles and Taylor, 2001).According to Brick and Chidambaran (2010) the independence of the directors on the board can be an important determinant of board activity that increases as a board becomes more independent.Clarke and Xu (2002) found that an independent and competent corporate board limits the firm"s ability to pay bribes and can actually boost the bargaining power of the managers in dealing with corrupt officials.According to Sullivan (2009), compliance with internal policies, guidelines and regulations, and simply adopting a code of ethics or a code of corporate governance with a companion code of ethics is not sufficient.Hence, the role of the supervisory board is seen as central to establishing and maintaining a corporate ethics program.
Concerning the board continuity, Vafeas (1999) examined the number of board meetings in a sample of 307 firms over the period from 1990 to 1994 and he found that board activity measured by board meeting frequency is an important dimension of board operations and that there is a positive relationship between the representation of outside directors in the board and the level of board activity.According to the author, if higher board activity facilitates better board monitoring, outside directors are likely to demand more board meetings to enhance their ability to monitor management.Other scholars investigated this aspect in order to study the relationship between board meeting and effective monitoring (Lipton and Lorsch, 1992).The researchers found boards that meet regularly are more active in making sure the enterprise is running in the best interest of ownership.Chen et al. (2006) stated that a high number of board meeting might indicate that the board is aware of the enterprise"s activities.Kamardin and Haron (2011) also stated that a high percentage of board meeting shows that the directors know about the enterprises" activities and are able to better monitor the implementation of the strategy.Finally, Salleh and Othman (2016) found that more frequent board meetings lead to a more effective board of directors in deterring corporate fraud.Starting from the same assumptions, the implementation of law no.190 was explored by analysing the number of compliance officers reports to the board in a year.Then we analysed the system effectiveness.Since it is not realistic to think that this type of supervisory board and/or the compliance officer can lead to a significant impact on a company"s financial performance, here it seemed to be more appropriate and coherent with the supervisory board"s and compliance officer"s mission pursuant of Decree no.231 and Law no.190 to consider the efficacy of the compliance system, analysed both as perceived effectiveness by top management (Boiral, 2012;Bruton et al., 2015;de Colle, 2014;Stransbury and Barry, 2007) .
This means looking beyond compliance with the letter of regulation: the attention needs to shift to promoting organizational solutions and behaviours useful to prevent risk corruption (Ceschel et al., 2016;Hinna et al., 2017).The better definition of a managerial control system, which is the result of a development process and adequately organized innovation, permits to decide to avail tools (mechanisms, organs and procedures) considered more in keeping with the organizational needs and specificity (Miller et al., 2008).This "new" form of control will also enable favourable assessment processes on the part of externals called in to verify the attainment of such results and that the standards determined have been respected.Moreover, ensuring people behave in a compliant way implies a different and a more clear definition of role and responsibilities in the whole organization.Managers, directors and employees have to be motivated to behave in a compliant way, despite pressures to the contrary.Compliance is then both "top down" and "bottom up" and a culture of compliance will become the default behaviour across the organisation.To be compliant, people need both to know what they are expected to do and to have the skills to behave in the right way (Bhimani, 2009;Grossi et al., 2015;Klein, 2012).

DATA COLLECTION
Due to the nature of the study, the research strategy was a survey involving 106 POEs (Figure 1) selected from our research directory that contains about 200 SOEs -that have declared a deep interest in the anti-corruption system.These POEs are in large part controlled by State and public entities: 82 companies are totally controlled by public authorities, in 18 companies the State owns from 50 to 90% of the shares, and, in six companies the shares owned by the State are less than 50% of the capital.One third of the interviewed companies have a sole shareholder.
To develop the survey instrument, an inventory of anticorruption and compliance practices was drawn up based on both a literature review (Auriol, 2006;Chen et al., 2006;De la Rama 2011;Hezfel and Weiss, 2003) and an analysis on the Italian policy documents.Data collection was done through a questionnaire of 28 questions that was composed of three parts, each with a different focus: company demographics, assessment of compliance to Legislative Decree n. 231, assessment of compliance to Law n. 190.As stated above, our research model explores the several dimensions concerning the application of legislative decree n. 231 and law n.190 on POEs.
The first variable analysed was the provenance of members, by identifying supervisory units with external members, in-house members or a mixed composition.The second variable was the board continuity, analysed by the frequency of supervisory board meetings.The effectiveness was measured through questions on the following: (i) Compliance is useful to a better definition of managerial control; (ii) Compliance implies a better definition of roles and responsibilities; (iii) Compliance leads to a positive impact on the organisation and a better formalisation of procedure.(iv) Compliance implies an improvement in the organisational mechanism for risk prevention and control.

RESULTS
According to research model, for a useful discussion of the results obtained by the survey we based our elaborations on descriptive statistics enucleating two perspectives of analysis reflecting the measures to prevent corruption and frauds: the process and the outcomes.Concerning the first perspective of analysis, we investigated the board composition and the frequency of board meetings.
In relation to the board composition andparticularlyto the provenance of its members from inside or outside the company, just nine companies used an in-house body that coincided with an existing function; 40 prefer a mix between internal and external members; and 57 adopt a composition made up of external members (Table 2).This result shows that Italian POEs prefer to choose external board members probably assuming that an independent board of directors can be an important element not only to ensure high quality and credible disclosure by POEs, but also to confirm the commitment in preventing and fighting corruption.Boards of directors can, and should, play a key oversight role regarding POEs" operations.However, this result should be related to the fact that 82 companies of our sample are totally controlled by public authorities: transparency and corruption issues can notably arise if POEs are run so closely to the public administration that the government is involved at manyor alllevels of corporate decision making.Without proper checks in place, the scope for corruption increases, particularly when POEs operate in weak public governance environments with lax oversight.
Another fundamental characteristic is the supervisory board continuity, measured as the frequency with which the members meet together.Table 3 shows that 25 companies meet more than 9 times a year, 33 companies from 5 to 8 times, and there were a substantial number of boards (48) which meet less than 4 times a year.The analysis depicts a low continuity in about half of the sample.From the analysis is not clear if board meetings can be used to monitor the POEs in preventing the occurrence of fraud and corruption.The law frequency of board meetings in the half of the POEs analysed seems to show that the directors do not know about the company activities and, consequently, they are not able to monitor the company operation closely.This result shows that board meetings only in some cases, could be used in deterring corruption.Moreover, from a theoretical perspective, the obtained results on board meetings questioning one of the main role of the board of directors that is the protection of the ownership"s interests from any management manipulation: the law frequency of board meetings, in other words, could increase the agency problem.In relation to the analysis of compliance related to Law n. 190/2012, as regards the compliance officer continuity, we asked how many times he/she formalised his/her work through a written report to the board.Table 4 shows 4 POEs reported to the board from 9 to 12 times a year, 12 companies from 5 to 8 times, a substantial number of compliance officers (52) who reported less than 4 times a year, and 38 companies that reported only once a year.This analysis depicts a very a low continuity in a large part of the sample.
This controversial situation is confirmed by the analysis of the second perspective of our analysis, measured as the value and effectiveness of the compliance.Here, half of the sample declared that compliance is useful for a better definition of managerial control, roles and responsibilities, and for a better formalization of procedures.The remaining half of the sample saw compliance as not useful (Table 5).Probably, this half of the sample look at the compliance as something that is "rule based", not embedded in managers' decisionmaking processes: the requirements of Decree 231 are not perceived as instruments of organizational learning and, consequently, they are not functional for improving POEs" performance (Behn, 2001).These responses can consist in symbolic adhesion to norms or standards to high level of compliance.Different responses may depend on both the broader external context (i.e. the policy environment in which the POE operates) and the internal context (i.e. the internal distribution of power, the credibility and legitimacy of leadership) that can favour (or not) the effective adoption of the requirements of Decree 231.
Concerning the application of law no.190, half of the sample perceives a low value of compliance (Table 6).The collected evidences reveals that even if the Italian legislation has provided strong and compelling legal support for the improvement of the organisational mechanism for risk prevention and control, a systematic way of implementing and developing a risk management process is not widespread until now.One of the possible reasons that may help to explain this ambiguous result is that anticorruption policiesand consequently the systems adopted in order to prevent and control risksshould be strictly interconnected with performance, transparency and accountability, and personnel"s training.Moreover, the organizational mechanisms to prevent corruption can be effective only in the case they are aligned to the strategic and organizational purposes of the company (Ceschel et al., 2016).Another important aspect to guarantee an effective implementation and the use of some risk management tools is related to the approach used by the company: an effective use of risk management is one of the major components of an organization that allows every employee to feel that his/her contribution has supported the fight against corruption and, more in general, the innovation of the POEs.Moreover, the presented results are aligned to the evidences collected at the European level.According to the data provided by the reports of the European Commission (2014a, 2014b), the majority of Europeans disagree that their government"s efforts are effective in tackling corruption (66%, with 28% "totally" disagreeing).In particular, the view that government efforts are effective in tackling corruption is most prevalent in Denmark (54%), followed by Finland (47%) and Belgium (40%).The countries with the least positive opinions on government efforts are the same as those with the poorest perceptions of prosecution success, with the addition of Latvia: Slovenia (10%), Spain (11%), Czech Republic and Cyprus (both 12%), Greece and Latvia (both 14%), Portugal (15%) and Bulgaria (16%).In Italy only the 22% of people have a positive opinion about the effectiveness of the system designed by the norms.
More in general, according to the OECD Report "Combatting corruption and promoting business integrity in state-owned enterprises: Issues and trends in national practices" (2016), there is a weak enforcement of anticorruption laws.Half of the 41 countries party to the OECD Anti-Bribery Convention had not concluded a single enforcement action related to foreign bribery as of end-2014.And this situation leads to a vicious circle in the case of POES, where the institutions are responsible, respectively, for investigating corruption cases and for their oversight.

DISCUSSION
The analysis of results highlights the current state of compliance with both Decree no.231 and Law no.190 as very controversial, a sort of intermediate-state.On one hand we found POEs with high levels of perceived value of the compliance systems as an effective measure to prevent corruption; on the other hand there are POEs which seem to refuse to comply with the norms.Even if several years have passed since the launching of the Decree (16 years) and of the Law (5 years), it is evident how the approach suggested by the regulatory framework has not been fully internalized by the POEs.In fact, from the survey, we remark the slow progresses made conducting us to suppose some technical and/or organizational difficulties encountered in the shifting from a merely compliant logic of adjustment to the norms of the sector to the establishment of holistic organizational models (Haimes, 1992), related to an approach based on the "performance rationality".
These results highlight how the dual compliance regime required by norms for POEs is actually leading to unsatisfactory results, both in the prevention of bribery, and therefore, in the implementation of the compliance to Legislative Decree no.231/2001, and in the prevention of passive corruption and implementation of the compliance to the Law no.190/2012.The survey conducted in this study provides some insights into the debate (Lozeau et al., 2002, Boiral 2012) related to the resistance, compliance or development of practices and the measures in both the anti-corruption and compliance field.In general, the main findings of our analysis have shown that Italian POEs are conducting several activities that could be smoothly integrated into a compliance/anticorruption strategy, but a systematic way of implementing and developing a compliance/anti-corruption framework and process is not widespread until now.
On the one hand, the analysis revealed that the implemented anticorruption and compliance systems have positively impacted on the definition of role, responsibilities, managerial control and, finally, on the existing procedures.At the same time, the "new" anticorruption system improved the organisational mechanism for risk prevention and control are strictly interconnected with performance appraisal, transparency and accountability, confirmingat a first glancethe adoption of a systematic approach to risk management (Hinna et al., 2017).All these elements evidence the presence of some form of organizational support (in terms of structures, people and resources) to make effective the compliance/anticorruption systems.
Nevertheless, on the other hand, an important aspect to guarantee a systematic implementation and the use of a compliance/anticorruption system is related to both the approach and the completeness of the process (Boiral, 2012).Looking at our analysis the process seems to be characterized by some sources of inconsistency, evidencing the need for clarification in order to ensure its effectiveness.Referring to the dimensions of analysis that we classified as "process", our data show that in almost the 85% of POEs the number of compliance officers reports to the board in a year it is inferior to 4. Also the number of meetings of the supervisory board in a year it is inferior to 4 for the 45% of the analyzed POEs.These results evidenced that the adopted procedures could not adequately support the compliance/anticorruption systems effectiveness.Formally, all the POEs analyzed have an organizational model for corruption prevention, a supervisory board and a compliance officer, but they appear to be proceeding along separate tracks.In addition to scholars (Power, 2004) which sustain that the key to successful anticorruption practices depends on the organizational culture our focus on POEs point out some "technical" and organizational problems.One of the most important and technical issue is the hybrid nature of POEs (Bruton et al., 2015): this nature consists in differing degrees of state ownership and control and also a range of models which governments might choose on the path to private ownership where there is no longer value seen in maintaining state involvement.It is as if their hybrid nature does not allow the POEs to equip themselves with effective corruption prevention instruments, in an unresolved dilemma between the public and the private natures that, in our analysis, leads to a more than obvious risk of a conformity trap.
Another issue -related to the nature -that provides some possible explanations for this results concern the process of change that in the last decades involved POEs.While it is important to maintain a pragmatic view and to acknowledge that rent-seeking intentions may be pervasive among POEs" administrators, policy-makers should not consider public officials" misbehavior as an issue intractable except by narrowing State functions and control (that is, privatization process).Rather, there is the need to examine much more deeply (than it currently does) some issue, including the appropriate conditions under which operational autonomy of board of directors should be allowed and strengthened the tools through which the ownership entity should be held accountable (that is, how the State should exercise its ownership rights), disclosure of both financial and non-financial information, the appointment of independent or external directors in the board, and the mechanisms for enhancing board participation of employee representatives.These issues could be considered for improving POEs" governance with respect to anti-corruption activity and to overcome the problem of the hybrid nature.
It is important that compliance and anti-corruption norms provide guidance on both substantive and process aspects, if their implementation would be most effective.
The results of our analysis help us to remind both norms designers and users that the real aim for an organization will only be to understand itself and the meaning of compliance for its business.Compliance and anticorruption norms can be obstacles to this process if they are developed and implemented uncritically and with an excessive emphasis on a rule-based compliance.However, we believe that they can be a vehicle not only for organizational self-discovery, but also for fighting corruption.

CONCLUSIONS
The results of our research show that the state-of-play of the implementation of Legislative Decree 231/2001 and Law 190/2012 in Italian POEs is a work still in progress.
One of the most noticeable and positive element is that our empirical analysis shows a commitment of the POEs in the implementation of a decentralized anti-corruption strategy that goes beyond mere bureaucratic exercise.However, alongside many POEs who demonstrate a good application of the norm, there are other POEs, which have unclear operative implications and do not provide for improvements within the organization.The supervisory units of this latter group are often composed of one internal member who lacks the indispensable requisite of independence and autonomy of judgment.
The situation is even worse when we consider the continuity of actions promoted by the supervisory body and compliance officers where the majority meets together and/or reports to the company board less than 3-4 times a year.Moreover, over half of the sample made no changes whatsoever to their procedures.It is rather surprising if we think about the dominant organizational culture in Italian POEs: the analysis shows that an half of the sample perceive the value of compliance confirming a commitment to putting the regulatory requirements into practice.However, another consistent part of the sample saw compliance as not useful, showing a possible passive use of the regulatory framework since there is a low level of internal pressure to effectively implement it.A possible explanation for the lack of influence of internal requirements on implementation may be that, in general, policies for change are mandated without regard to the organization"s ability (in terms of resources) to implement them.This could be the case also of Italian POEs.
More in general, our study show that the shifting from the definition of the regulatory framework -to both promote compliance and prevent corruption -to action asks for the establishment of a complex organizational model involving not only the implementation of the law but also the integration among structures and management systems, ranging from performance assessment to internal controls, and from optimization of resources to the creation of specific capabilities (Bhimani, 2009;Boden et al., 2009;Hood et al., 2004;Miller et al., 2008).
In this sense if, on one side, the legislative perimeter provided by Decree 231 and Law 190/12 includes restrictions and opportunities of structural nature, on the other side, the organizations, in order to move toward a logic of effectiveness and rational use of resources, shall primarily be able to act according to their features and to the context in which they operate, leveragingespecially on POEs -on the integration and hybridization of processes, practices, mechanisms and skills.
Even if several years have passed since the last regulatory intervention, it is evident how the suggested model has not been fully internalized by POEs.In fact, from the analysis, we may conclude that the shift from a merely compliant logic of adjustment to the norms, to the establishment of a holistic organizational models (Haimes, 1992), based on a "performance management rationality" is still ongoing.In those holistic models, all the prevention system components shall support the decision-making process of "corporate governance" and be possibly open to forms of broad inclusion of all the stakeholders, within a scheme of "performance management" where organizational and individual responsibilities are clearly identified.
Combining results and arguments provided to explain them, some practical implications can be derived.Firstly, some changes appear to be necessary in the governance structure of POEs: the board members nomination process, for example, should ensure that managers and directors have the necessary competencies, skills and experience to run successfully POEs" activities.In many countries, the nomination process is largely based on political representation, and board members often lack the needed expertise.National-level corporate law should define the requirements to be met by eligible candidates and settle mandatory steps to ensure transparent selection of board members.Board composition regulation should also establish the presence of outside members in order to increase the independence of the board and consequently improve its capabilities to operate as an active entity insulated from political influence.Second, norms and legislative interventions should provide a clear definition of functions and responsibilitiesin terms of compliance and anticorruption -for board members and directors of POEs.This is central for separating out the management"s business judgment domain from political interference, and to help a transparent and coherent transmission of information between POEs" boards and representative entities without incurring in undue political influence.
While with this article we have focused our discussion on practical arguments, we also believe that some theoretical implications can be derived from our research.With this paper, we have tried to contribute to academic debate on corruption in public organizations.Previous studies (Von Eiff 2006;Von Eiff and Stachel, 2007;Vincent, 2005), in fact, have evidenced how anticorruption activities continue to lack a systematic approach showing the public organizations" weaknesses in implementing compliance in day-to-day practice.Hence, there is the need to study the implementation process of compliance practices on forms of control and accountability in public sector organizations, as a means to facilitate the achievement of organizational and strategic objectives.Among these, one of the most important is certainly the fight against corruption.Several studies have discussed about corruption aiming both to understand its dimension and to develop measures and policies to prevent it.Studies were conducted in both private (Argandona, 2003;Lange, 2008) and public sector (Anechiarico and Jacobs, 1995;Auriol, 2006;Auriol and Blanc, 2009), looking to the individual behavior (Cameron et al., 2005) or to the perceptions about corruption in different countries (Kaptein, 2011;Dela Rama, 2011), but little is known about the rise of the compliance logic and its implications for the fight against corruption in countries around the world (Lozeau et al., 2002;Auriol, 2006;Dela Rama, 2011).Finally the evidence provided is sufficiently general to be a reference also on the theoretical debate for POEs" corporate governance.

LIMITATIONS AND FURTHER RESEARCH
The major limitations of this study are related to the sample.The results are derived from a part of POEs operating in the Italian context.No attempts are made, in this research phase, to generalize the obtained results to the Italian POEs that are not included in this study.On this point, a next step of the research is to increase the number of cases in order to provide also some differences in terms of sector of activities/services.
Moreover, our study points to a number of potentially fruitful avenues for future research.First, we believe that future work using inter-temporal modelling could build upon and extend the insights presented here.A second area for future work arises from those contrasts in anticorruption and compliance characteristics which are apparent across countries and or across several industries.Third, future research could try to understand the real use and the implications both at the organizational and individual level of the anticorruption mechanisms and policies during their adoption also adopting a longitudinal analysis.Finally, further research can explore also external elements that could influence in deterring corruption and fraud.

Figure 1 .
Figure 1.Composition of the sample by annual revenue (in Euro).

Table 1 .
The model of analysis.

Table 2 .
Composition of supervisory board by provenence of members.

Table 3 .
Number of meetings of the supervisory board a year.

Table 4 .
Number of compliance officers reports to the board in a year.

Table 5 .
Value of the compliance with Decree 231.

Table 6 .
Value of the compliance with Law n. 190/2012.