The Compliance Program: What is it and how is it implemented?
Thursday, November 28, 2024
Gerard Rodríguez
Organic Law 5/2010, which amended the Criminal Code, introduced for the first time in Spain the criminal liability of legal entities, and having a Compliance Program can mitigate or exempt such liability.
A Compliance Program is the set of organizational and procedural rules adopted by a company to ensure compliance, at all levels, with the regulations that bind it.
Why implement a Crime Prevention Model?
The purpose of having a Program is to prevent, detect, and manage legal, ethical, and financial risks while promoting integrity and good practices within the organization, in order to benefit from exemption or mitigation in the event a crime is committed.
The Program acts as:
Exemption or Mitigation of Criminal Liability of the Legal Entity. The main benefit of implementing a Criminal Compliance Program is the possibility of exonerating or mitigating the company’s criminal liability. In accordance with Article 31 bis of the Criminal Code, having a Compliance Program can prevent the organization from being criminally convicted, provided it demonstrates that it adopted all reasonable measures to prevent the commission of the crime.
Mechanism for crime prevention and early detection. The Program must include internal control mechanisms and periodic audits that allow the detection of irregularities or behaviors that are risky or potentially criminal before they materialize. Consequently, it creates a healthy work environment and reduces the likelihood of fraud or unlawful acts.
Mitigator of Legal Risks and Financial Penalties. Regulatory non-compliance can lead to sanctions and penalties for organizations and even the ultimate penalty in commercial law, namely, the dissolution of the company. Having a Compliance Program helps reduce, minimize, and mitigate these risks, as it demonstrates a clear intention to comply with regulations and establishes a code of conduct that applies to both employees and management.
Stronghold of corporate image and reputation. In a competitive market, reputation is one of the greatest assets of a company or organization. The implementation of a Compliance Program gives clients, business partners, suppliers, and society at large the assurance that the company acts ethically and in accordance with current legislation, which contributes to improving its public image.
Necessary element for public tenders and contracts. Many Spanish public administrations require companies to have Compliance Programs in order to participate in tenders or sign contracts with the public sector.
Mitigation of Long-Term Costs. Future Project and Business Expansion . The implementation of the Program represents an evident initial investment, but in the long term it can lead to both economic and reputational savings and allows the company to focus on the development of its business.
Elements of a Compliance Program
Article 31 bis.5 of the Criminal Code establishes that Compliance Programs must meet the following requirements:
They must identify the activities that could give rise to the commission of crimes that need to be prevented.
They must establish the protocols or procedures that define the process of forming the will of the legal entity, adopting decisions, and executing them in relation to those activities. The code of ethics will serve as the charter from which the rest of the organization’s internal regulations derive.
They must have financial resource management models in place that are adequate to prevent the commission of crimes that need to be avoided. It is not enough to simply have a Compliance Program; it must be monitored, with controls carried out, protocols activated, and internal investigations conducted, as well as processes such as Know Your Customer, among others, and the necessary financial resources to implement them.
They must impose the obligation to report possible risks and breaches to the body responsible for monitoring the functioning and compliance of the prevention model. This point is of vital importance when assessing the diligence of the legal entity and determining whether criminal liability can be exempted or mitigated. An example of this is the whistleblowing channels established by Law 2/2023, of February 20, regulating the protection of persons who report regulatory infringements and combating corruption (Whistleblowing Law).
They must establish a disciplinary system that sanctions non-compliance with the measures set out in the Program itself.
They must carry out periodic verification of the Program and make any necessary modifications when violations occur or when there are changes in the organization, control structure, or activity.
How is a Compliance Program implemented?
The body responsible for designing and implementing the compliance program is the organization’s board of directors, which (i) must appoint a compliance body (compliance officer), either individual or collegiate, and (ii) draft the internal regulations (codes, procedure manuals, policies, etc.).
The compliance body is responsible for ensuring the company’s regulatory compliance, training employees on the regulations to be followed, and reviewing the Program and the execution of the company’s procedures. This body may be external, and its functions can be entrusted to advisors, consultants, or lawyers with the necessary technical knowledge for its implementation.
In the case of SMEs, the functions of the compliance body may be assumed by the board of directors itself.
For the exemption of criminal liability of legal entities, it is not enough to have any Compliance Program in place merely on paper; it must be one that is tailored to the business, operational, and effective, including monitoring and control measures for crime prevention. This will determine the quality with which it has been implemented and may result in anything from mitigation to complete exemption from liability.
What penalties or sanctions can be imposed on legal entities?
As we have seen, legal entities can be subjects of a criminal offense. If convicted, some of the penalties provided for are:
- Fines of up to 9 million euros.
- The dissolution of the legal entity, which entails the loss of legal personality and the capacity to act in legal transactions.
- The suspension of activities for up to five years.
- Disqualification from obtaining public subsidies and aid, from contracting with the public sector, and from enjoying tax or Social Security benefits and incentives.
- Judicial intervention in cases where it is necessary to protect the rights of workers or creditors, for as long as deemed necessary (not exceeding 5 years).
Criminal liability falls on the legal entity and on whoever acts as a de facto or de jure administrator, who will be held personally liable even if they do not meet the conditions to commit the offense themselves, as long as those conditions exist in the entity or person they represent.
In matters of money laundering prevention, Article 2 of Law 10/2010 establishes who is required to implement measures and apply greater diligence regarding operations susceptible to money laundering, such as credit, financial or investment institutions, managers, real estate developers, auditors, lawyers, court representatives, notaries, registrars, and others.
Administrative sanctions in the field of Money Laundering Prevention include, among others:
A fine with a minimum amount of 150,000 euros and a maximum amount equal to the greater of the following: 10 percent of the total annual turnover of the obliged entity, twice the economic value of the transaction, five times the amount of the profits derived from the infringement (when such profits can be determined), or 10,000,000 euros.
Public reprimand.
In the case of entities subject to administrative authorization to operate, the temporary suspension or revocation of such authorization.
Take the right step
When a crime is committed by a legal entity, the proper implementation of a Compliance Program can lead to the mitigation or exemption of its criminal liability.
This not only protects the company from potential liabilities but also generates added value by improving its reputation and optimizing business management and resources.
In an increasingly demanding regulatory environment, Criminal and Corporate Compliance has become a key element for the sustainability and long-term success of organizations in Spain. At GRÀCIACALBET, we can advise you on the preparation, monitoring, and updating of your Program.