Compliance Programs at the Light of the 2015 Criminal Code Reform – Live from the 2016 ECEI

0
1097

Spanish Criminal Code Reform

30bdf28By Stephanie Gallagher, JD
stephanie.gallagher@corporatecompliance.org

Live from the  2016 European Compliance & Ethics Institute – a presentation by Maria Hernandez, Partner, Eversheds Nicea

Maria Hernandez gave an expert overview of the 2015 Spanish Criminal Code Reform and the practical implications for organizations doing business in Spain, both with an existing compliance program, and those without a compliance program. Below is a summary of Ms. Hernandez’s presentation.

The Spanish Criminal Code Reform – A Brief Overview

The criminal liability of corporations under Spanish law was introduced in the Spanish Criminal Code in 2010 with some uncertainty which lead to the reform of the Criminal Code in 2015. July 1, 2015 brought the much-needed clarity with the codification of the elements of an effective compliance program. This presentation covered two recent rulings by the Spanish Supreme Court in addition to the Ministry of Public Prosecution issued guidelines in January 2016 talking about the culture of compliance.

What does this Code say?

Article 31 bis Spanish Criminal Code states that corporations might be held criminally liable for acts committed, in their (direct or indirect) benefit, by:

a) the legal representative of by those with the authorized decision-making authority of control authority (senior management)

b) individuals under the management of others if the commission of the offense was possible due to the act of surveillance or control.

There are a limited number of crimes capable of generating the criminal liability of corporations. Under the new code, it is necessary to look beyond bribery to a whole list of crimes of differing nature, including money laundering, bribery, crimes relating to international commercial activity, all the way to prostitution and the sale of human organs.

Compliance Programs as Attenuating or Exonerating Factors

Corporations could be exempted/attenuated from criminal liability if:

  • The board of directors has, prior to the perpetration of the crime, adopted or implemented an organization, management and control model suitable to prevent offenses
  • The supervision of the model is entrusted to a supervisory body with independent powers of initiative and control. In SME, might be the Board
  • The authors of the crime committed if fraudulently eluding the Model.
  • The Supervisory Board has not neglected its duties of supervision and control.

What are the Elements of a Compliance Program Under the New Spanish Code?

  1. Risk Assessment
  2. Policies, procedures, and controls
  3. Financial Management system
  4. Obligation to report
  5. Disciplinary system
  6. Periodic verification and changes to the Model if:
    1. Significant violations are discovered
    2. Significant changes in the organization, control structs, or actives of the corporation.

Ms. Hernandez brought up the point that although this is very similar to the US Sentencing Guidelines and the UK Bribery Act, there are still a some missing elements. US

From US Sentencing Guidelines – No requirement for periodic communication and training or incentives.

From UK Bribery Act 2010 – Due diligence of third parties

Circular 1/2016 Ministry of Public Prosecutions Highlights

  • Culture of Compliance – are not a 100% guarantee
  • The “direct or indirect benefit” may exist even in the absence of financial gain (representational, organizational, competitive)
  • Liability of the CO? In three situations: material author, lack of supervision, gross negligence?) – Company will not benefit from the exemption. Side note: Organismo de Vigilanza under Italian Decr. Leg. 231/2001
  • Failure of supervision and control by senior Management must be serious in nature.

 

According to Circular 1/2016 Ministry of Public Prosecution:

The following will be looked at positively: 

  • Detection of offenses by entity and reporting to authorities.
  • Firm organizational response to the wrongdoing or a sense of prior criminal proceedings
  • Imposition of disciplinary measures
  • Implementation of strict selection processes for management and employees

Two Supreme Court Cases Providing Interpretation

Spanish Supreme Court – 1st judgment Feb 29 2016 – confirms the First Instance sentence in which three companies were convicted for their involvement in crimes against public health.

Spanish Supreme Court – 2nd judgment 221/2016 March 16th 2016 – The Supreme Court upheld the appeal on the basis of legal defenselessness. This case establishes the requirements for the existence of criminal liability under article 31 bis. The organization cannot be held criminally liability for all and every of the crimes committed by individuals in its benefit. Can only be held liable if it has seriously breached its duties of supervision and control and the right to a presumption of innocence.

Practical Considerations for Multinationals doing Business in Spain:

Companies WITH existing Corporate compliance program:

  • Gap Analysis
  • Worldwide/European Coroprate Risk assement is not enough
  • Commonly strong on anti-bribery policies and procedures: based on FCPA/UK Bribery Act
  • Engage into comprehensive Risk Assessment of their local operations
  • Review their existing policies and procedures and control mechanisms (include the investigation policies)
  • Approval of the Compliance Program by the Board of Directors
  • Re-issue training based on the new local Compliance Program language.
  • Appoint local Compliance Officer or Supervisory Board
  • Review whistle-blowing procedures under Spanish Data Privacy Regulations
  • Review disciplinary procedures under Employment legislation/Collective Agreements

For Companies WITHOUT Corporate Compliance Program

  • Engage in comprehensive risk assessment of location operations
  • Map and Implement policies and procedures and control mechanisms
  • Write disciplinary code or measures
  • Approval of the Compliance Program by the Board of Directors
  • Appoint local Compliance Officer or Supervisory Board
  • Conduct training and communication
  • Implement whistle blowing procedures respecting Spanish Data Privacy Regulations
  • Ensure regular monitoring.

The 2015 Spanish Criminal Code Reform is quite the hot topic in the compliance community. In addition to sessions such as this at the European Compliance & Ethics Institute, SCCE has also added an International Compliance & Ethics Academy in Madrid, Spain to service the education and training needs of the Spanish compliance community.