Organic Law 5/2010 entered into force on 23 December establishing the most far-reaching reform of criminal law in Spain since the approval of the Criminal Code in 1995. This major legislative change affects numerous issues, but the main innovation of the reformed Code was unquestionably that, for the first time, Spanish legislation attributed criminal liability to legal persons, with them becoming directly exposed to criminal law, and considered as capable of committing offenses and of being punished with sanctions.

Key among the provisions of the reformed Criminal Code was the criterion adopted by the legislator to attribute criminal liability to legal persons, who according to the reformed legal text may be considered fully liable for their deeds (i.e., they may be sentenced as wrong-doers) in two cases, namely:

  1. If a director or representative commits an offence benefiting the legal person; and
  2. If the offence benefiting the legal person was committed by one or more of its employees, rather than by a director or representative, where the punishable act was made possible because the legal person concerned did not exercise due control over its employees and their activities.

On July 1st, Organic Law 1/2015 entered into force introducing some major innovations within criminal legislation. Among them, the Code Reform establish an exonerating circumstance in relation to the criminal liability of legal entities if prior to the comission of any offence the legal person has adopted and implemented an organizational and management model to prevent and detect offenses.

Organic Law 1/2015 introduces a detailed description of the due control systems that the companies shall established in order to prevent offenses (art. 31 bis CC), which includes:

  1. The adoption by the management body of an organizational and management model which include suitable surveillance and control measures to prevent offenses;
  2. The creation of a specific body within the legal person with independent powers of initiative and control charged of the supervision of the performance and the observance of the prevention model;
  3. The identification –due diligence– of the activities aras where the offenses which must be prevented, may be committed;
  4. The implementation of protocols or procedures which specify the process of formation of the will of the legal person, the adoption of its decisions and the execution thereof in relation to such protocols or procedures;
  5. The achievement of adequate models for the management of financial resources to prevent the commission of the offenses which must be prevented;
  6. The obligation to report possible risks and breaches to the body in charge of monitoring the performance and observance of the prevention model – whistleblowing systems–;
  7. The implementation of a disciplinary system which adequately punishes the breach of the measures which may be established by the model and
  8. The regular verification of the model and its possible modification when important infringements of its provisions are revealed or when there are major changes within the organization, its control structure or its activity that make them necessary.

Complete fulfillment of the previous requirements will exonerate any criminal liability of the legal person. In cases where only partial fulfillment can be proved, the criminal liability of the legal person will be reduced.

Even though it will take some time for companies operating in Spain to adapt to these new Corporate Compliance requirements, it goes without saying that the implementation of control systems and crime prevention models shall begin as soon as possible, under penalty of severe criminal contingencies for the company and serious risk of personal liability for its directors.