Spain's new Criminal Code will enter into force on 1 July. It has been enacted by Organic Law 1/2015, of 30 March, which amends Organic Law 10/1995, of 23 November and resolves a number of issues of interpretation that had emerged in the current regulation with regard to the exemption of corporate entities from criminal liability. One of the highlights of the reform is that it establishes that corporate entities will be exonerated from criminal liability if they have implemented corporate defence programmes in respect of their business.

  1. The criminal liability of corporate companies
  2. New elements introduced by the reform

The criminal liability of corporate entities

In 2010, Spanish Criminal Code made it possible to find a corporate entity criminally liable for the criminal offences committed in its name and on its behalf by its legal representatives or officers, or by its employees if it has failed to exercise "due control" over them.

Since then, it has been possible to find corporate entities criminally liable even when it has not been possible to identify the individual who committed the criminal offence.

  • The criminal offences for which corporate entities are directly liable include, among others: fraud, fraudulent insolvency, corporate espionage, insider trading, market manipulation, private-sector corruption, bribery, money laundering, criminal offences against territorial regulation, against natural resources and the environment, against worker rights and against the market or consumers.
  • If a company commits any of the above criminal offences, the possible consequences range from a fine to, in the most serious cases, a ban on receiving public subsidies, public funds or entering into contracts with the public administrations, judicial intervention or even closure.
  • Companies are able to mitigate or completely eliminate their exposure to criminal liability if, when they have detected a criminal offence, they collaborate in seeking evidence or take steps to repair the damage caused. Companies are also encouraged to implement adequate measures to prevent criminal offences from being committed and to detect any that may be committed in the future.

With the aim of averting offences, companies are encouraged to establish a clear organisational culture, they must have a clear knowledge of the risks linked to their employees at all levels and they must explain the conducts that the company will not tolerate. Furthermore, if there is evidence that the company has implemented the monitoring and supervision mechanisms necessary to prevent employees from committing offences, those mechanisms will help the company to minimise its exposure to criminal liability, or it will at the very least mitigate that exposure.

New elements introduced by the reform

The above is particularly important in view of the latest reform of the Criminal Code approved in March. The reform expressly establishes that, where the employees of a company have committed a criminal offence, that company will be exonerated from liability (or that liability will at least be mitigated) if, before the offence was committed, it had adopted and effectively implemented an organisational and management model suitable for preventing offences or reducing the risk of those offences being committed.

One of the aims of the reform – from the perspective of corporate criminal liability – is to bring an end to uncertainty over interpretation generated as a result of the regulation in force to date, taking on board the recommendations made by a number of international organisations and limiting the criminal liability of corporate entities. The duty of control and supervision is, in general, conditional upon the dimensions of the entity in question. Indeed, the latest reform of the Criminal Code establishes that a corporate entity will be exempt from criminal liability if it has implemented Corporate Defence or other preventive programmes that substantially reduce the risk of the entity committing criminal offences.

For corporate defence programmes to be valid and effective, the Spanish Criminal Code establishes that they must:

  • Identify the activities within the scope of which the offences that they aim to prevent may be committed;
  • Establish protocols or procedures that describe and establish the corporate entity's decision-making process and how those decisions are to be executed in respect thereof;
  • Include financial resource management models suitable for averting the offences that they are aiming to prevent;
  • Impose an obligation to report potential risks and breaches to the body responsible for supervising the functioning and observance of the prevention model;
  • Establish a disciplinary system to suitably punish any breach of the measures established in the model; and
  • Be verified periodically and modified when significant breaches emerge or when changes are made to the organisation, to the control structure or to the activities performed that make such changes necessary.

In that context it would be advisable to implement programmes such as those described above with the aim of reducing or completely excluding companies' exposure to criminal liability.