TOP 5 CORPORATE COMPLIANCE MISTAKES BUSINESSES MAKE
Why Corporate Compliance Matters Now More Than Ever
Corporate compliance is the system of policies, procedures, controls, and behaviors that ensure a company follows the law, regulator issuances, and its own internal rules.
In the Philippines, non‑compliance has become costlier because:
- The Revised Corporation Code strengthened the SEC’s fining, contempt, and dissolution powers (Sec. 157–158, 161–162, R.A. 11232).
- Special regulators (BSP, CDA, HLURB/DHSUD, etc.) now impose sector‑specific compliance obligations and penalties.
- Courts increasingly hold individual officers liable where they are responsible for operations and compliance failures.
“If, after due notice and hearing, the Commission finds that any provision of this Code, rules or regulations, or any of the Commission’s orders has been violated, the Commission may impose any or all of the following sanctions…” (Sec. 158, Revised Corporation Code, R.A. 11232)
Against that backdrop, these are the five recurring corporate compliance mistakes that get businesses and their officers in trouble.
Mistake No. 1 – Treating Corporate Records & Regulatory Orders as Optional
A. Governing Law & Doctrine
- Revised Corporation Code – Records & SEC powers
- Contempt for non‑compliance with SEC orders
“Any person who, without justifiable cause, fails or refuses to comply with any lawful order, decision, or subpoena issued by the Commission shall, after due notice and hearing, be held in contempt and fined…” (Sec. 157, Revised Corporation Code, R.A. 11232 (2019))
- Administrative sanctions for Code or rule violations
“If, after due notice and hearing, the Commission finds that any provision of this Code, rules or regulations, or any of the Commission’s orders has been violated, the Commission may impose any or all of the following sanctions…” (Sec. 158, Revised Corporation Code, R.A. 11232 (2019))
- Penalties for failure to maintain/allow inspection of corporate records
“The unjustified failure or refusal by the corporation, or by those responsible for keeping and maintaining corporate records, to comply with Sections 45, 73, 92, 128, 177 and other pertinent rules… shall be punished with a fine…” (Sec. 161, Revised Corporation Code, R.A. 11232 (2019))
- False or misleading reports
“Any person who willfully certifies a report required under this Code, knowing that the same contains incomplete, inaccurate, false, or misleading information or statements, shall be punished with a fine…” (Sec. 162, Revised Corporation Code, R.A. 11232 (2019))
- Jurisprudence on officer liability in corporate wrongdoing
- Corporate officers who knowingly participate in unlawful acts cannot hide behind separate corporate personality (Fernandez v. People, G.R. No. 249606, 16 March 2022).
- Statements under oath in regulatory filings can be prima facie evidence of knowledge and consent to violations (Fernandez v. People, G.R. No. 249606, 16 March 2022).
“It held that the statements under oath contained therein, constitutes prima facie evidence of knowledge and consent of the importer of violations… when the importation was found to be unlawful.” (Fernandez v. People, G.R. No. 249606, 16 March 2022)
B. Typical Compliance Failures
- Failing to keep updated minutes, stock and transfer books, financial statements, or general information sheets.
- Ignoring SEC subpoenas or orders to explain certain transactions or to submit documents.
- Allowing officers to sign and certify incomplete or inaccurate reports.
- Refusing to allow inspection of records by entitled stockholders without just cause.
C. Practical Consequences
Under the Revised Corporation Code, the SEC may:
- Impose fines up to ₱2,000,000 plus ₱1,000/day of continuing violation (Sec. 158, R.A. 11232 (2019)).
- Issue permanent cease and desist orders (Sec. 158(b), R.A. 11232 (2019)).
- Suspend or revoke the certificate of incorporation (Sec. 158(c), R.A. 11232 (2019)).
- In extreme cases, dissolve the corporation and forfeit its assets (Sec. 158(d), R.A. 11232 (2019)).
- Separately, courts may impose fines under Sec. 161–162 against persons responsible for records and certifications (Sec. 161–162, R.A. 11232 (2019)).
D. Example Scenario
A medium‑sized trading corporation repeatedly files its General Information Sheet late, does not update its stock and transfer book, and ignores an SEC subpoena relating to beneficial ownership information. The corporate secretary signs a report that omits a new significant shareholder.
- The SEC may fine the corporation for report violations and non‑compliance with its subpoena (Sec. 157–158, R.A. 11232 (2019)).
- The corporate secretary, as certifying officer, risks personal fines under Sec. 162 for willfully certifying incomplete/false information (Sec. 162, R.A. 11232 (2019)).
- Continued defiance can escalate to suspension or revocation of the corporation’s registration (Sec. 158(c), R.A. 11232 (2019)).
E. Practical Compliance Tips
- Maintain a records compliance calendar (GIS, AFS, board meetings, stockholders’ meetings).
- Require a compliance sign‑off: no officer signs an SEC filing without a checklist attesting to completeness and accuracy.
- Designate a Records Custodian with written responsibilities and reporting lines to the board.
- Immediately engage counsel or your corporate secretary when you receive any SEC subpoena, show‑cause order, or notice of conference; do not ignore.
Mistake No. 2 – Misunderstanding Who Can Be Personally Liable Among Corporate Officers
A. Key Legal Rules
- Revised Corporation Code – general rule of separate personality
Corporations have separate juridical personality, but officers can be held personally liable when specific laws or facts pierce that shield. - Officer liability for corporate violations under special laws
Some special laws explicitly make certain officers criminally liable:
- Developers of subdivision/condominium projects (P.D. 957)
“Provided, that in the case of corporations, partnership, cooperatives, or associations, the President, manager, or Administrator or the person who has charge of the administration of the business shall be criminally responsible for any violation of this Decree…” (Sec. 39, P.D. 957 (1976), as quoted in G.O.A.L., Inc. v. CA, G.R. No. 118822, 29 August 1997)
- Officers of corporations selling regulated products (e.g., LPG under B.P. 33)
The Supreme Court held that only operating officers (president, general manager, managing partner, other officers managing business affairs, or the responsible employee) may be held criminally liable under B.P. 33, not the entire board (Ty v. De Jemil, G.R. No. 182147, 11 August 2010; Federated LPG Dealers Association v. Del Rosario, G.R. No. 202639, 23 March 2016).
“A common thread of the first four enumerated officers is the fact that they manage the business affairs of the corporation… the enumeration of persons who may be held liable… excludes the members of the board of directors.” (Ty v. De Jemil, G.R. No. 182147, 11 August 2010)
Customs & other regulatory offenses
- In customs fraud, those corporate officers who sign import documents or have clear participation may be convicted together with the corporation (Fernandez v. People, G.R. No. 249606, 16 March 2022).
“…as a corporate entity, Kingson can only execute its corporate powers through its board of directors and responsible officers… there was prima facie evidence of knowledge and consent to the falsities appearing in the IEIRD on the part of Fernandez.” (Fernandez v. People, G.R. No. 249606, 16 March 2022)
Piercing the corporate veil / control & fraud
- A holding company is not automatically liable for a subsidiary’s obligations; there must be clear and convincing evidence that control was used to perpetrate fraud or evade obligations (Maricalum Mining Corp. v. Florentino, G.R. No. 221813, 13 June 2018).
The Court listed indicators such as commingling of funds, diversion of corporate assets, failure to keep records, undercapitalization, and use of a corporation as a mere shell or conduit (Maricalum Mining Corp. v. Florentino, G.R. No. 221813, 13 June 2018).
B. Typical Mistakes
- Boards assume that no one is personally liable because “it’s the corporation’s act.”
- Directors who double as president or general manager do not realize they are the first in line for criminal/administrative liability under sector laws (e.g., BP 33, PD 957).
- Parent companies casually commingle funds with subsidiaries, or use them as shells, thinking liability can always be compartmentalized.
C. Practical Applications & Examples
- LPG distributor prosecuted under B.P. 33
In Ty and Federated LPG Dealers, the Court clarified that only the president, general manager, managing partner, officer in charge of management, or responsible employee can be prosecuted; mere directors who are not operating officers should not automatically be charged (Ty v. De Jemil, G.R. No. 182147, 11 August 2010; Federated LPG Dealers Association v. Del Rosario, G.R. No. 202639, 23 March 2016).
Practical lesson:
- If you are president or general manager, you are the default “face” of compliance for many regulatory offenses.
- If you are only a non‑executive director, you can still face liability where there is evidence of active participation, knowledge, or gross negligence (Fernandez v. People, G.R. No. 249606, 16 March 2022).
Parent–subsidiary structures
Maricalum Mining teaches that a holding company is not liable for a subsidiary’s labor obligations absent proof of control used to commit fraud or evade liability (Maricalum Mining Corp. v. Florentino, G.R. No. 221813, 13 June 2018). But where you see commingled funds, identical directors, same office, undercapitalization, and use of the corporation as a shell, the veil may be pierced.
D. Practical Tips for Officers & Boards
- Map out who is “in charge” of which regulatory area (e.g., customs, product safety, environmental compliance); ensure they understand their potential personal exposure.
- Avoid signing regulatory filings unless you have a clear basis and internal verification for the contents.
- Maintain real operational separation between parent and subsidiary: separate bank accounts, records, offices, and management decisions.
- Boards should require regular compliance reports from management and minuted deliberations; this also evidences diligence.
Mistake No. 3 – Ignoring Sector‑Specific Regulators and Special Laws
Many corporations rely solely on the Revised Corporation Code and forget they are also regulated by special agencies (BSP, CDA, DHSUD, DOE, etc.). This is risky because special laws often override general corporate provisions and impose heavier penalties.
A. Banking & Financial Institutions – BSP’s Exclusive Jurisdiction
In Koruga v. Aracenas, the Supreme Court held that when the acts complained of relate to the conduct of a bank’s business or unsafe or unsound banking practices, jurisdiction primarily lies with the Bangko Sentral ng Pilipinas (BSP) and the Monetary Board, not the regular courts (Koruga v. Aracenas, G.R. No. 168332, 19 February 2009).
“The Governor is hereby authorized, at his discretion, to impose upon banking institutions, for any failure to comply with the requirements of law, Monetary Board regulations and policies, and/or instructions… fines not in excess of Ten thousand pesos (P10,000) a day for each violation…” (Koruga v. Aracenas, G.R. No. 168332, 19 February 2009)
Practical mistake:
Banks (and sometimes their clients) run to the RTC or try to invoke the Corporation Code, forgetting that BSP has primary supervisory and sanctioning power over banking operations.
Implication:
Boards and compliance officers of banks should treat BSP circulars and Monetary Board resolutions as primary law, not mere guidelines.
B. Cooperatives Offering Financial Products – CDA & RA 11765
For cooperatives regulated by the Cooperative Development Authority (CDA) that offer financial products and services (e.g., savings and credit cooperatives, multi‑purpose coops with lending or deposit‑like products), Republic Act No. 11765 (Financial Products and Services Consumer Protection Act or FCPA) and its IRR issued by CDA impose new compliance burdens.
Key provisions from the CDA’s Implementing Rules and Regulations of RA 11765 (CDA Memorandum Circular No. 2023‑14):
- Administrative sanctions
“The administrative sanctions under the CDA Charter of 2019, the Cooperative Code of 2008, and the CDA Omnibus Rules of Procedures and the CDA circulars or issuances shall be made applicable to CDAREs, their directors, trustees, officers, and employees or agents for violation of the FCPA or any related rules…” (Sec. 2, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023))
- Solidary liability for acts of representatives and service providers
“CDAREs shall be solidarily responsible for the acts or omissions of their directors, trustees, officers, employees or agents in marketing and transacting with financial consumers… CDAREs shall be solidarily liable with their accredited third‑party service providers…” (Sec. 3, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023))
- Mandatory consumer protection systems
Under the IRR, all CDA‑regulated cooperatives offering financial products must establish a Consumer Protection Risk Management System (CPRMS) and a Financial Consumer Protection Assistance Management System (FCPAMS) (Sec. 4–6, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023), based on summary).
Common mistake:
Cooperatives treat consumer complaints informally; they do not build a formal CPRMS or FCPAMS, nor do they monitor third‑party service providers.
Implications:
- CDA can impose administrative sanctions not only on the cooperative, but also on directors, trustees, officers, employees, and agents for FCPA violations (Sec. 2, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023)).
- Coops are solidarily liable with their third‑party service providers (e.g., collection agents, IT providers) for consumer‑related misconduct (Sec. 3, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023)).
C. Real Estate Developers – PD 957
Developers selling subdivision lots and condominium units are regulated by P.D. 957 (Subdivision and Condominium Buyers’ Protective Decree), enforced now principally by DHSUD (formerly HLURB).
In G.O.A.L., Inc. v. Court of Appeals, the Court enforced PD 957 obligations:
- Developers cannot alter or add to a condominium project (e.g., add floors) without written consent of a majority of buyers or the homeowners’ association (Sec. 22, P.D. 957 (1976), as applied in G.O.A.L., Inc. v. CA, G.R. No. 118822, 29 August 1997).
- Upon full payment, the developer must deliver title to the buyer (G.O.A.L., Inc. v. CA, G.R. No. 118822, 29 August 1997).
- Parking spaces in a condominium are common areas for all unit owners (G.O.A.L., Inc. v. CA, G.R. No. 118822, 29 August 1997).
“Any person who shall violate any of the provisions of this Decree… shall, upon conviction, be punished by a fine… and/or imprisonment… Provided, that in the case of corporations… the President, manager, or Administrator or the person who has charge of the administration of the business shall be criminally responsible…” (Sec. 39, P.D. 957 (1976), as quoted in G.O.A.L., Inc. v. CA, G.R. No. 118822, 29 August 1997)
Mistake:
Developers treat PD 957 requirements as mere contract issues and overlook that their president/manager can go to jail for non‑compliance.
D. Quick Reference Table – Special Regulators vs. Common Mistakes
| Sector / Law | Regulator / Law | Typical Compliance Mistake | Main Risk |
| Banks | BSP, New Central Bank Act, General Banking Law | Treating unsafe practices as mere corporate law issues, ignoring BSP orders | BSP fines per day, MB actions (Koruga v. Aracenas, G.R. No. 168332, 19 February 2009) |
| Cooperatives with financial products | CDA, RA 11765, CDA MC 2023‑14 | No CPRMS/FCPAMS, poor handling of consumer complaints, no oversight of third‑party providers | CDA sanctions on coop and officers; solidary liability (Sec. 2 & 3, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023)) |
| Real estate developers | DHSUD/HLURB, PD 957 | Unauthorized project changes, non‑delivery of titles, mishandling of common areas | Fines, imprisonment of president/manager (Sec. 39, P.D. 957 (1976), G.O.A.L., Inc. v. CA, G.R. No. 118822, 29 August 1997) |
Mistake No. 4 – Using Multiple Entities and Trade Names to Confuse or Mislead
Some corporate groups use multiple entities or very similar business names to project a stronger credit standing or to hide the identity of the actual transacting entity. This can cross the line into fraud, corporate misrepresentation, or estafa.
A. Doctrinal Foundations
- Misrepresentation and estafa
In Galvez v. Court of Appeals, corporate officers used similar business names and interlocking corporate structures (RMSI, Smartnet Philippines, SPI) to mislead a bank into thinking that different entities were actually the same, thereby obtaining credit (Galvez v. CA, G.R. No. 187919, 13 March 2013).
They “used the business names Smartnet Philippines, RMSI, and SPI interchangeably and without any distinction… by using the confusing similarity of RMSI’s business name…” (Galvez v. CA, G.R. No. 187919, 13 March 2013)
- Indicators of sham entities and veil‑piercing
Maricalum Mining listed concrete factors that may justify disregarding separate corporate personality, such as:
“Commingling of funds… diversion of the corporation’s funds… failure to maintain corporate minutes or adequate corporate records… identical equitable ownership in two entities… use of a corporation as a mere shell or conduit…” (Maricalum Mining Corp. v. Florentino, G.R. No. 221813, 13 June 2018)
B. Typical Mistakes
- Using confusingly similar names (e.g., “XYZ Philippines, Inc.” and “XYZ Philippines – Division”) when only one has assets and credit.
- Using the letterhead of one corporation while the contract is actually with another.
- Submitting articles of incorporation or financial statements of a stronger entity when the borrower or contractor is a weaker one.
- Moving liabilities to a thinly capitalized entity while holding assets elsewhere, yet representing to counterparties that they are the same.
C. Practical Implications
- Officers can face criminal estafa charges if the misrepresentation obtains credit or property from a bank or customer (Galvez v. CA, G.R. No. 187919, 13 March 2013).
- Courts may pierce the corporate veil, holding the controlling entity or individuals liable where there is sufficient evidence of control and wrongful use (Maricalum Mining Corp. v. Florentino, G.R. No. 221813, 13 June 2018).
- Regulators (e.g., SEC, BSP) may treat these as fraudulent or unsafe practices, leading to administrative sanctions.
D. Compliance Best Practices
- Use distinct, non‑misleading corporate and business names, especially within a group.
- Ensure all contracts, invoices, and letters clearly identify which juridical entity is acting.
- Avoid mixing letterheads, logos, or seals of different group entities.
- Maintain strict separation of bank accounts, accounting records, and employees per entity to avoid evidence of commingling.
Mistake No. 5 – No Integrated Compliance System (Reacting Only After Violations)
Across all the foregoing issues, a recurring root cause is that companies do not build systems; they react ad hoc when regulators or complainants surface.
A. Legal Trend: From Entity‑Level to System‑Level Obligations
The IRR of RA 11765 for CDA‑regulated entities is an example of law now demanding systems, not just individual acts:
- Cooperatives must establish a Consumer Protection Risk Management System (CPRMS) and a Financial Consumer Protection Assistance Management System (FCPAMS) (Sec. 4–6, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023), based on summary).
This is aligned with similar trends at BSP and SEC (e.g., risk management, AML, governance codes), even though those specific issuances are not in your provided search results.
B. Elements of a Basic Corporate Compliance System
While design will vary by size and sector, a sound compliance framework typically includes:
- Governance & Accountability
- Board‑approved compliance charter identifying roles of the board, management, and compliance officer.
- Clear designation of responsible officers for topics like corporate reporting, data privacy, product safety, financial consumer protection.
- Policies & Procedures
- Written policies aligned with:
- Revised Corporation Code (records, filings, governance).
- Sector regulators (BSP, CDA, DHSUD, DOE, etc.).
- Special statutes (FCPA, PD 957, BP 33, Customs laws, etc.).
- Risk Assessment
- Regular identification of legal and regulatory risks (e.g., misleading marketing, product defects, data breaches, AML, consumer complaints).
- Documentation of controls and any gaps.
- Training & Culture
- Periodic training for directors, officers, and employees about their legal responsibilities (e.g., certifying officers, branch managers).
- Clear disciplinary policies for compliance breaches.
- Monitoring, Reporting, and Corrective Action
- Internal compliance audits or spot checks.
- Channels for complaints and whistleblowing, including consumer assistance systems where required (e.g., FCPAMS for coops).
- Documented corrective action plans for any breach.
C. Practical Advice: Starting Small but Systematic
Even SMEs can implement a lean compliance system:
- Appoint a Compliance Officer (can be the corporate secretary or CFO in smaller firms) with a simple written mandate.
- Create a one‑page compliance map listing all required filings, regulators, and special laws applicable to your business.
- Adopt standard board and management templates:
- “Compliance Update” as a standing agenda item.
- “Regulatory Incident Report” template to document and respond to notices or subpoenas.
- For coops and financial‑service providers, prioritize designing a complaint handling workflow and risk register to meet RA 11765 expectations (Sec. 4–6, IRR of RA 11765, CDA Memorandum Circular No. 2023‑14 (2023).
Consolidated Quick‑Look: Top 5 Corporate Compliance Mistakes
| No. | Mistake | Core Law / Case | Key Risk |
| 1 | Treating records & SEC orders as optional | Sec. 157–158, 161–162, Revised Corporation Code (R.A. 11232 (2019)) | Fines up to ₱2M, contempt, suspension/revocation, dissolution |
| 2 | Misunderstanding who can be personally liable | Ty v. De Jemil, G.R. No. 182147 (2010); Federated LPG Dealers, G.R. No. 202639 (2016); Fernandez v. People, G.R. No. 249606 (2022); Sec. 39, PD 957 (1976), G.O.A.L., Inc. v. CA, G.R. No. 118822 (1997) | Criminal liability of presidents, managers, certifying officers; pierce corporate shield |
| 3 | Ignoring sector‑specific regulators | Koruga v. Aracenas, G.R. No. 168332 (2009); IRR of RA 11765, CDA MC 2023‑14 (2023); PD 957 (1976), G.O.A.L., Inc. v. CA, G.R. No. 118822 (1997) | Daily fines, administrative measures, criminal charges, officer sanctions |
| 4 | Using multiple entities/trade names to mislead | Galvez v. CA, G.R. No. 187919 (2013); Maricalum Mining v. Florentino, G.R. No. 221813 (2018) | Estafa, veil‑piercing, holding group/owners liable |
| 5 | Having no integrated compliance system | IRR of RA 11765, CDA MC 2023‑14 (2023); general trend in PH regulation | Repeated violations, escalating sanctions, inability to defend officers |
Because Philippine law combines the general framework of the Revised Corporation Code with numerous sector‑specific laws and regulators, corporate compliance has become a complex, multi‑layered duty. The Supreme Court has repeatedly shown willingness to:
- Enforce regulators’ sanctioning powers (SEC, BSP, CDA, DHSUD).
- Hold specific corporate officers personally liable when laws or facts warrant.
- Disregard corporate formalities in the face of fraud or sham structures.
Since the law imposes sanctions and even criminal liability for failure to maintain records, obey regulators, protect consumers, and avoid fraud and many businesses repeatedly commit the same structural mistakes, therefore every board and senior officer should consciously build a documented, system‑based compliance program, tailored to their industry and regulator.
For actual implementation, it is prudent to have counsel or a compliance professional perform a regulatory gap assessment specific to your corporation’s sector (e.g., banking, cooperatives, real estate, energy), then translate those obligations into concrete policies, workflows, and assignments—before the next subpoena, inspection, or complaint arrives.
05 January 2026
About Nicolas and De Vega Law Offices
Nicolas and de Vega Law Offices is a full-service law firm in the Philippines. You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines. You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.


