1. The facts

The Criminal Code was reformed in 2010 and this introduced the European concept of criminal liability of legal persons in relation to the commission of a series of specific offences or “numerus clausus” in a novel way in Spain.

The Criminal Code was once again amended in 2015, detailing, both the responsibilities that legal persons, their administrators and directors may incur, as well as the content of the preventive and monitoring actions that the legal person must carry out (introduction of a legal compliance Protocol) to be able to have exemption or mitigate criminal responsibility.

2. Parties Affected by the reform: The entity itself, its administrators and directors.

The Criminal Code includes a comprehensive regulation in the field of liability of legal persons, with regard to; the obligations of the administrators, the measures to be taken to exempt the legal person from the criminal liability that could be attributed to it and the consequences of not carrying it out.

There are many types of crime that can be committed within a legal person, these range from computer damage, environmental damage, and disclosure of secrets to public health, money laundering, or offences against the public finances and social security.

The criminal charge will no longer be specific only to the legal person as an entity, but also to specific representatives, administrators of fact or of law, or, in short, people who are authorised to take decisions on behalf of the legal person or hold powers of organisation and control within it.

These physical persons will be individually charged for not having implemented a suitable protocol for criminal compliance and not having adopted the necessary measures to avoid crimes being committed, such as the lack of supervision, surveillance, control of the activity, with the criminal code specifically indicating that the penalties will be imposed “not only due to taking part in the crime, but because of the lack of implementation of prevention programmes which were required.”

Finally, we must not also forget what is provided for in the Criminal Code, the existence of specific regulations in the field of penalties, such as:

  • Articles 225 to 230, 236 to 241, 249 and 529(b) of the Capital Companies Law impose an obligation on the administrators of capital companies to prevent and control legal risks.
  • The toughening of the General Tax Law and procedures for tax inspection and tax fines would entail serious consequences for administrators who do not establish proper tax compliance and control systems.
  • Administrative regulation (Money laundering, consumers and users, etc.) Failure to comply with such a regulation shall make the company, its administrators and employees liable for the penalties provided for therein.

The consequences of not having this Legal Compliance Protocol (“Corporate Compliance”) can range from fines and deprivation of freedom for those administrators/directors who are responsible, to the ban on contracting with public authorities, legal intervention of the company and its dissolution.

3. Contents of the Protocol

The Criminal Code provides for the following actions in order to specify which duties of supervision, monitoring and control of the activity the administrators must meet (and any person who is authorised to make decisions on behalf of the legal person) so that they are exempt (both at legal person level as well as personal criminal responsibility level):

  1. Before the commission of the crime, the Board of Directors shall adopt and implement effective models of organisation and management that include surveillance and control measures suitable to prevent crime or to significantly reduce the risk of its commission, in such a way that the individual authors will have only been able to commit the offence by eluding them.
  2. Monitor the operation and compliance of the prevention model implemented.
  3. To carry out all possible measures to prevent an omission or inadequate implementation of supervision, monitoring and control measures.
  4. Careful and responsible recruitment and selection, as well as surveillance of inspection and control staff.

4. Prevention actions

  1. Identification of the main risk areas and the activities in which crimes that should be prevented can be committed.
  2. Protocols, procedures and ethical codes that specify the training process of the legal person’s will, for decision-making and their implementation.
  3. Adequate management of financial resource models to prevent the commission of crimes.
  4. Protocols and communication models that comply with the obligation to inform of possible risks and breaches within a maximum of 72 hours.
  5. Effective complaints channel and appointment of a “Legal Compliance Officer”.
  6. Disciplinary system that appropriately punishes the breach of the measures established in the model.
  7. Continuous training of staff, managers and senior management of the entity/company.
  8. Annual audits of manuals, codes, contracts and protocols to adapt them to current regulations and to possible changes in the State and European Union regulations.

5. Conclusions and Recommendations

We conclude with a clear idea of the importance and the need to adapt to the new requirements of the Criminal Code by developing a legal compliance protocol (“Corporate Compliance”) and thus effectively prevent the harmful consequences that could be derived for both the legal person as well as for the administrators and directors.

The criminal liability of legal persons is already a consolidated legal reality and not just a simple draft. The Supreme Court has already issued numerous judgements on this reality, sentencing companies to their dissolution due to not having an effective legal compliance protocol (“Corporate Compliance”).

LeQuid, through a qualified team of specialist professionals in the matter and certificates at national and international level, will analyse your business, assessing those activities which may constitute a risk of criminal responsibility, agreeing on the values through which the company must be governed and, through them, establishing effective and efficient manuals and processes regarding its day to day running, thereby adding security and added value to your brand.

José María Dutilh Carvajal.