Abstract: Following the major changes introduced in Spain by the Organic Law 1/2015, we consider appropriate to write these short lines about the drafting of Article 31 bis of the Spanish Penal Code, which governs, although in a way not quite complete, the criminal liability of legal persons.
The reform of the Spanish Penal Code given by the Organic Law 1/2015 introduces in Spain, for the first time, a complete "Corporate Compliance" system.
The Spanish legislation confirms and develops the intent of the previous reform of the Penal Code, dated 22nd June 2010.
The responsibility system devised by the Spanish legislator bases its foundations on direct Compliance models to prevent the commission of crimes in the bosom of his business.
The Article 31a, although is not entirely exhaustive, indicates the minimum requirements that the Compliance models must include.
The Article 31 bis of the Spanish Penal Code
At the paragraph 1 of Article 31bis, the objective and subjective requirements that make criminally responsible for a legal person are listed.
First at all, the legal person shall respond if it gets some direct or indirect benefit (understanding by “indirect benefit” a mere expectation of a profit).
Physical persons who can "transfer" the responsibility of the legal person are:
- Their legal representatives or those who, acting individually or as members of a body of the legal person, are authorized to make decisions in the name of the legal entity or have organizational and control powers within it.
- Those who, being subject to the authority of the natural persons mentioned in the previous paragraph, have been able to carry out the facts by the duties of supervision, supervision and control of its activity having been seriously disregarded, having regard to the specific circumstances of the case. In this regard, it must be taken into account that when the crime has been committed by a subordinate the Company may be liable if it has not adopted and implemented effectively a Compliance program.
The following circumstances contribute to the company not being sentenced:
- The management body has effectively adopted and implemented, prior to the commission of the crime, organizational and management models that include the appropriate monitoring and control measures to prevent crimes of the same nature or to significantly reduce the risk Of its commission;
- The supervision of the operation and compliance with the prevention model implemented has been entrusted to a body of the legal person with autonomous powers of initiative and control or that is legally entrusted with the task of supervising the effectiveness of the internal controls of the company;
- The individual perpetrators have committed the crime by fraudulently evading organizational and prevention models and
- There has not been an omission or insufficient exercise of its supervisory, monitoring and control functions by the body referred to in condition 2.
Furthermore, the Spanish legislator has proposes to the Board of Directors of small and medium-sized enterprises to be part of the Compliance Committee.
Finally, this Article explains the requirements which shall be met by Compliance Programs:
- Identify the activities in which the crimes that must be prevented can be committed.
- They shall establish the protocols or procedures that specify the process of forming the will of the legal person, taking decisions and executing them in relation to them.
- They will have models of management of the adequate financial resources to prevent the commission of the crimes that must be prevented.
- They shall impose the obligation to report possible risks and non-compliance to the body responsible for monitoring the operation and observance of the prevention model.
- Establish a disciplinary system that adequately sanctions the breach of the measures established by the model.
- They shall carry out a periodic verification of the model and its possible modification when relevant infractions of its provisions become apparent or when there are changes in the organization, in the control structure or in the developed activity that makes them necessary.
The burden of proof
According to the judgments of the Spanish Supreme Court (STS 154/2016, STS 221/2016) and other organisms, the Public Prosecutor or, in general, the party which olds the accusation must evidence the lack of a proper Compliance Program.
Otherwise we would be in front of an unacceptable presumption of guilt, openly violating the presumption of innocence of art. 24.2 of the Spanish Constitution.
Which companies have to adopt the Compliance models?
The Article 31bis is directed to all legal persons. However, the Criminal Code excludes the liability of some Public Law organizations: the State, public administration, economic public bodies and international organizations.
The Spanish legislator, while not imposing a specific obligation, emphasizes the importance of creating an entrepreneurial culture of regulatory compliance, providing that the only extenuating circumstance and the correct application of a model of Compliance.
A specific case: the Spanish subsidiaries of foreign Companies
Special reference must be made in relation with subsidiaries of foreign parent companies, with Compliance internal models already in force.
It is important to clarify that the regulation contented in the Article 31 bis, paragraph 5 has been interpreted by the Public Prosecutor’s Office, preventing the automatic application of models coming from a foreign parent company. The need to adapt the Compliance Programs stems from the following regulatory elements:
- The regulatory obligation, ex Article 31 bis, of the Criminal Code, to carry out an analysis and evaluation of the specific risks of the Spanish criminal branches.
- The existence of different types of offense that legal persons may commit in Spain.
- The adaptation of the whistleblowing lines of the Company to the Spanish labor law and to the Spanish privacy law.
- The existence of a different regulation for otter matters (such as the environment, for example).
- The requirement to create an internal specific body for the Spanish branch to which they attribute the supervisory tasks, supervision and operation of models.
Compliance Officer or an in-house organism?
The Spanish legislation does not refer to a "Compliance Officer", but rather to an in-house organism which supervises and controls the accomplishment of the Compliance program, following the regulation given by the Article 31 bis, paragraph 2, 2nd of the Penal Code.
This Organic Law, in fact, requires the creation of an official in-house organism with an autonomous initiative and control powers.
This corporate structure is differentiated from other foreigner models which give to internal managers (Compliance Officer) the responsibility to supervise and control the activities of the company on a global or local level.
Therefore, in the case of subsidiaries in the Spanish territory, it is necessary the creation of an "internal control organism" or, at least, an internal checking of the real capacity at the global/regional Compliance system.
Conclusions
Bufete Escura offers a wide range of Compliance services addressed to Spanish and foreign companies, including:
- The implementation of Compliance models that include the analysis of criminal risks according to the offenses covered by the Spanish Penal Code, and the creation of a whistleblowing line adapted to the Spanish legislation and proper training to the members of the company, as well as an in-house organism able to check the accomplishment of the Compliance program requirements.
- Preparation of rules of procedure and specific training of the members of the company.
- External advice to the Supervisory or internal as member advisory.
Bufete Escura, as a member of TagLaw, Interlegal and Hispajuris, is one of the most important law firms in Spain, and it is specialized in consulting and development of Compliance systems.