Blog

Crime Prevention Model. What is it and How is it implemented?

Thursday, 28 de November de 2024

By Gerard Rodríguez, attorney

The Organic Law 5/2010, which amended the Criminal Code, introduced for the first time in Spain the criminal liability of legal entities, and having a Compliance Program can mitigate or exempt from such liability.

A Compliance Program is the set of organizational and procedural rules adopted by a company to ensure that the regulations binding it are complied with at all levels.

Why implement a Crime Prevention Model?

The purpose of having a Compliance Program is to prevent, detect, and manage legal, ethical, and financial risks while promoting integrity and good practices within the organization to benefit from exemption or mitigation in case of a crime.

 The Program functions as:

  • Exemption or Mitigation of Criminal Liability of the Legal Entity. The primary benefit of implementing a Criminal Compliance Program is the possibility of exonerating or mitigating the company’s criminal liability. In accordance with Article 31 bis of the Criminal Code, having a Compliance Program can prevent the organization from being criminally convicted, provided it demonstrates that it adopted all reasonable measures to prevent the commission of the crime.
  • Mechanism for the Prevention and Early Detection of Crimes: The Program must include internal control mechanisms and periodic audits to detect irregularities or risky behaviors before they materialize. Consequently, it fosters a healthy work environment and reduces the chances of fraud or illicit acts.
  • Mitigator of Legal Risks and Economic Sanctions. Non-compliance can lead to penalties and punishments, even the ultimate sanction in commercial law—the dissolution of the company. A Compliance Program helps reduce, minimize, and mitigate these risks by demonstrating a clear commitment to compliance with regulations and establishing a code of conduct affecting both employees and management.
  • Pillar of Corporate Image and Reputation. In a competitive market, reputation is one of a company’s most valuable assets. Implementing a Compliance Program signals to clients, business partners, suppliers, and society that the company operates ethically and in accordance with the law, improving its public image.
  • Requirement for Public Tenders and Contracts. Many Spanish public administrations require companies to have Compliance Programs to participate in tenders or sign contracts with the public sector.
  • Long-term Cost Mitigator. Future Business Development: While the Program requires an initial investment, it can result in long-term financial and reputational savings, allowing the company to focus on business growth.
Elements of a Compliance Program

Article 31 bis.5 of the Criminal Code states that Compliance Programs must meet the following requirements:

  • Identify activities likely to generate crimes that must be prevented.
  • Establish protocols or procedures detailing how the legal entity forms its will, adopts decisions, and implements them concerning those activities. The ethical code serves as the cornerstone of all internal regulations.
  • Include models for managing financial resources adequately to prevent the commission of crimes. It is not enough to have a Compliance Program; it must be monitored, controlled, and supported by financial resources for internal investigations, customer due diligence, etc.
  • Mandate reporting of potential risks or violations to the body overseeing the prevention model. This is crucial for analyzing the diligence of the legal entity and determining exemption or mitigation of criminal liability. Examples include whistleblowing channels, as regulated by Law 2/2023, on protecting whistleblowers and combating corruption.
  • Establish a disciplinary system to penalize breaches of the Program’s measures.
  • Ensure periodic verification of the Program and modify it when violations, organizational changes, or control structures arise.
How is a Compliance Program implemented?

The governing body of the organization is responsible for designing and implementing the Compliance Program by (i) Appointing a compliance body (a compliance officer), which may be individual or collegial, and (ii) Drafting internal regulations (codes, procedure manuals, policies).

The compliance body ensures the organization complies with regulations, trains employees, and reviews the Program’s effectiveness.

This role can be outsourced to advisors, consultants, or lawyers with the necessary technical expertise.

In PYMES (Small and Medium Companies), the governing body may assume these functions. 

For the exemption of criminal liability of legal entities, it is not enough to have any Compliance Program implemented on paper, but rather one that is tailored to the business, operational, and effective, including monitoring and control measures for the prevention of crimes. This will determine the quality with which it has been established and will result in anything from a mitigating factor to complete exemption from liability.

What penalties or sanctions can be imposed on legal entities?

As we have seen, legal entities can be subjects of crime commission. In case they are convicted, some of the penalties provided for are:

  • Fines of up to 9 million euros.
  • Dissolution of the legal entity, resulting in loss of legal personality and capacity to operate.
  • Suspension of activities for up to five years.
  • Disqualification from receiving public grants, contracting with the public sector, or benefiting from tax incentives.
  • Judicial intervention to protect workers' or creditors’ rights, for up to five years.

The criminal liability is that of the legal person and of the person acting as de facto or de jure administrator, who is personally liable even if the conditions for committing the offence are not present in him, provided that they are present in the entity or person he represents.

In the field of money laundering prevention, Article 2 of Law 10/2010 establishes who are the subjects required to implement measures and apply enhanced due diligence to operations susceptible to money laundering. These include: credit institutions, financial or investment entities, managers, real estate developers, auditors, lawyers, court representatives, notaries, and registrars, etc.

Administrative sanctions in the area of Money Laundering Prevention include, among others:

  • Fines with a minimum amount of €150,000 and a maximum amount reaching the greater of the following: 10% of the annual total turnover of the obligated subject, twice the economic content of the operation, five times the amount of the benefits derived from the infringement when such benefits can be determined, or €10,000,000.
  • Public reprimand.
  • For entities subject to administrative authorization to operate, temporary suspension or revocation of said authorization.
Conclusion

In the event of a crime committed by a legal entity, the proper implementation of a Compliance Program may serve as a mitigating or exonerating factor for its criminal liability.

This not only protects the company from potential liabilities but also adds value by enhancing its reputation and optimizing business management and resources.

In an increasingly demanding regulatory environment, Criminal and Corporate Compliance emerges as a key element for the long-term sustainability and success of organizations in Spain. At GRÀCIACALBET, we can assist you in preparing, monitoring, and updating your Program.

Strengthening your path with strategic legal advice

Our wide range of legal and business services, designed to provide comprehensive and strategic support. From litigation and tax advice to investments and wealth management

Contact now