An analysis of Circular 1/2016 concerning the criminal liability of legal entities (Circular) in accordance with the latest reform of the Spanish Criminal Code, pursuant to Organic Law 1/2015.

Organic Law 5/2010, of 22 June, introduced for the first time in Spain the system of criminal liability of legal entities. This is a system already present in other European countries such as Italy, a pioneer  in regulating this kind of liability (Italian Decree Law 231/2001, of 8 June, concerning “Discipline of administrative liability of legal entities, companies and associations, including those with no legal personality”).

Subsequently, in March 2015, the Spanish Criminal Code was reformed (Organic Law 1/2015), primarily introducing the following amendments to the system of criminal liability of legal entities:

  • A series of new premises for the criminal liability of legal entities were established.
  • Companies were encouraged to implement compliance programmes, which became exculpatory of criminal liability, and certain indications were provided as to what their content should be.

​In this context, the Circular establishes a series of steps that public prosecutors should follow in interpreting the Criminal Code in the wake of the 2015 reform, and in assessing the efficacy of compliance programs at companies.

As an introduction, note that the criminal liability of legal entities in Spain has, since the outset, been conceived as vicarious liability.  In other words, it is conceived as a liability pursuant to which legal entities respond legally for the actions of a physical person, executive or employee. It is a form of representative liability whereby there must be a link between the legal entity and the physical person who has performed a specific action.

Notwithstanding the above, among the most notable new aspects introduced by the Circular are the regulation of imputable and unimputable legal entities, the crimes that may be attributed to them, the system for the exemption of criminal liability of legal entities in relation to the compliance programmes, and the criteria to be followed by the public prosecutor to assess the efficacy of the compliance programmes or the figure of compliance officer.

Firstly, a new definition is provided of “physical person”, broadening the range of persons who may incur the legal entity’s criminal liability. In accordance with the previous regulation, the legal entity could be considered to be fully liable in accordance with the actions of its administrators in fact and in law. However, the newly worded Criminal Code includes any person who, despite not actually being administrators or representatives of the company, have decision-making powers in the company, or persons improperly controlled by them. Accordingly, the Circular indicates that persons  to who, without having power of decision in the company, certain functions such as risk control have been assigned, are included.

Another new aspect introduced by the Circular is the interpretation of the seriousness of the action performed by the physical person in question. The 2015 reform replaced the requirement to understand that a subject is criminally liable for not having exercised “due control”, for the less stringent requirement of “having gravely breached the duties of supervision, vigilance and control”. Accordingly, the Circular explains that the legislator has left out of the criminal sphere those less serious actions that would simply give rise to administrative penalties.

Although the criminal response is now less stringent in some cases, in other cases it is stricter – as is the case in the modification of article 31-2 of the Criminal Code. This article previously stipulated that for criminal liability to ensue on the part of the legal entity, the physical person’s conduct must be “for its benefit”, but the current wording of this article goes a step further. It is now being sufficient for the physical person’s conduct to imply “direct or indirect benefit” for the legal entity. Consequently, those companies not focused on obtaining a profit economically could also be criminally liable when they are seeking:

  1. Benefits through other companies
  2. Benefits consisting in cost savings
  3. Strategic, intangible and reputational benefits

However, aside from the aforementioned new aspects, the pivotal axis of this Circular focuses on the significance of companies’ organisational and management models, compliance programs that, meeting certain requirements, may result in the exemption or mitigation of criminal liability of the legal entity.

Accordingly, the Circular highlights the importance of the organisational and management models regulated by the new Criminal Code and equates them with compliance programmes, indicating that “the company must have a compliance programme to meet the legal requirements in general and, of course, criminal legality, but not limited to this”. Hence, the Public Prosecutor interprets in a tone of reproach  the wording of the Criminal Code provided by the legislator, since the Public Prosecutor understands that the organisational and management models must not be taken to be merely a mechanism for the company   to avoid the criminal penalty, but that they should seek to “promote a truly ethical business culture”. The Circular explains that all those companies that have rushed to establish a regulatory compliance system must take into account that merely having such a programme is not sufficient to obtain exemption from criminal liability, but that it should convey a real idea of corporate culture, since otherwise “there is a risk of companies seeing these programmes as a kind of insurance policy against criminal proceedings”.

In this connection, the Public Prosecutor insists that, in the event of a crime, the burden of proof is on the company, it not being sufficient to merely demonstrate that a compliance programme was followed, but that the company must prove that its programme was efficient and met legal standards and fulfilled the purpose of the regulation.

Similarly, the Public Prosecutor explains that it is necessary to know the risks and needs of each sector, and compile an all-encompassing compliance plan (including all legal aspects) which must contain, among others, a risk map, a specification of the obligations of each member of the company, and the consequences of non-compliance. The compliance programmes  must be perfectly tailored to the company and to its specific risks.

Moreover, the Public Prosecutor also refers to the usefulness of “certificates of suitability of the programme, issued by third parties”, in other words, a company that wishes to prove that it is compliant with compliance regulations may demonstrate this with a certificate showing that the programme implemented at the company is suitable and that if a crime is committed, it was an isolated event  in relation to the ethical business culture fostered at the company. As proof in eventual proceedings, the duration of the criminal activity, the number of employees involved therein, the measures taken by the company to implement its programme, and the surveillance and supervision thereof may all be presented.

Another significant aspect is the figure of the compliance officer. The Criminal Code requires that the company should allocate the supervision of its compliance programme to a specific internal body, with independent control powers. The Circular, meanwhile, explains that the duties and tasks of the compliance officer must be clearly stated and the mechanisms for the officer to be able to manage any conflict of interest arising as a result of the performance of his or her duties must be in place.

In short, this Circular puts into context the vicarious liability model, from which any trace of objective liability is removed. Accordingly, the object of the criminal process now also includes assessing the suitability of the compliance programme implemented by companies.

However, aside from the favourable impact of these changes with regard to transparency and the prevention of economic crimes in companies, the Circular also states that the work of the criminal legislator should have been followed by actions in the administrative and mercantile spheres, in light of the importance of these programmes, as was the case with the regulation to prevent money- laundering and terrorist funding.

Lastly, the Public Prosecutor concludes that companies should adapt their compliance policy to these references, in order to contribute to the integration of an ethical corporate culture, without overlooking the regulation’s teleological purpose, which is the prevention of economic crimes.