By Carmen Zarzo. Director of the Compliance Area of TOMARIAL. For more than 20 years, the direction of the Spanish legal system towards companies' commitment to regulatory compliance has been evidenced.
In 1997, with the Oliencia Code, born at the behest of the Ministry of Economy, measures were already established with the fundamental objective of promoting the transparency of Spanish companies. Subsequently, these and other recommendations are introduced in the Criminal Code through the reforms carried out in 2010 and 2015, which definitively establish the criminal responsibility of legal persons and the need to implement organizational and management models that include surveillance measures and control to prevent the commission of crimes.
- Regulatory Compliance Programs
Regulatory compliance programs are a set of internal rules, established in the company at the initiative of the administrative body, with the purpose of implementing a model of effective and appropriate organization and management that allows mitigating the risk of the commission of crimes and exonerating the company and, where appropriate, the administrative body, of the criminal responsibility of the crimes committed by its managers and employees.
Both national and international legislation and the Spanish courts have been responsible for introducing the parameters and guidelines of action, in order to provide companies with greater efficiency, agility, responsibility and transparency in management, for the sake of a higher credibility and a better defense of the interests of shareholders / partners.
These guidelines have materialized in the content of the Article 31 bis of the Criminal Code, which comes to list the basic requirements of a regulatory compliance program and in the judgments of the courts, which interpret the effectiveness of these compliance programs, together with the requirements developed by Circulars by the State Attorney General's Office - FGE-, which they demand that they be real, dynamic, updated and known by each and every member of the organization through internal training.
- The complaints channel
One of the requirements for the effectiveness of criminal compliance programs is the creation of a whistleblower channel or communication so that there is total transparency within the organization.
This channel must be made available to all members of the organization so that with its creation, anyone is allowed to report the possible commission of crimes or the breach of the program implemented. This always, guaranteeing the confidentiality of both the complainant and the complaint.
Thus, the new Organic Law on Data Protection and Guarantee of Digital Rights (LO 3/2018), also aimed at regulatory compliance, in its article 24.1, adapts to what is already regulated in the criminal code, and developed by Circular 1 / 2016 on the Whistleblower Channel, by establishing that “It will be lawful to create and maintain information systems through which a private law entity, even anonymously, may be informed of the commission within it or in the actions of third parties that contract with it, of acts or behaviors that could be contrary to the general or sectoral regulations that were applicable. Employees and third parties must be informed about the existence of these information systems ”.
It is clear that the Legislative development in general is aimed at a goal of commitment to business ethics, transparency and corporate social responsibility.
- The reality of charges against legal persons
At present we see that complaints or complaints are addressed, whenever possible, to the legal entity involved, either directly or indirectly, which guarantees the actor greater success in his criminal action and greater damage to the company denounced
It is in the hands of the company to be able to prove within the criminal procedure the existence of an implementation program implemented and EFFECTIVE, as required by the State Attorney General's Office when it establishes in its Circular 1/2016 that it will be the legal person who must prove the existence of compliance programs and that such programs they were effective to prevent the crime committed.
We are seeing the imputation of practically all the banking entities that are immersed in criminal proceedings, such as BBVA with the Villarejo case, Santander Bank as a result of the criminal action directed against Banco Popular, and the old Bankia case for its IPO.
The same goes for the Spanish semi-public company DEFEX, accused of corruption. It must be taken into account that public mercantile societies can also be subject to investigation and criminal responsibility.
In all these procedures we will see the banking entities justify the existence and effectiveness of their compliance programs and the commitment and ethical business culture that prevails in their organizations and in their governing bodies. In fact, in the case of Bankia, the Office of the Prosecutor has defended that the new managers of the entity, since its arrival in 2012, and therefore the entity, since then enjoyed such commitment, requesting the absolution of the entity.
Any legal person can be immersed in a criminal proceeding from which to be able to succeed by accrediting a true corporate ethical culture through the implementation of compliance programs.
Thus, the implementation of compliance programs becomes an advantage both for the internal control of the company and for differentiation from its competitors, adds reputational value to the company and constitutes a guarantee to neutralize the attacks that may occur in the framework of a criminal procedure.
