On March 31 2015 Organic Law 1/2015 amending the Criminal Code was published in the Official State Gazette. It is one of the most extensive amendments to the Criminal Code to date. The amended text will come into force on July 1 2015.

Among other modifications, the amendment substantially changes the regulations regarding criminal liability of companies set out in Articles 31 and following of the Criminal Code. The most significant change is the new importance attributed to compliance programmes, which – where appropriately designed and executed – can not only mitigate (as has been the case until now) but even exempt companies from criminal liability.

Criminal liability

The circumstances in which criminal liability can be attributed to companies first introduced by Organic Law 5/2010 continue to stand. Therefore, companies can be held criminally liable when an offence has been perpetrated, on their behalf and for their benefit, by:

  • the managers or legal representatives of the company; or
  • persons who, acting under the authority of the persons above, could have perpetrated the offence as a result of not being subject to due control.

However, the amendment introduces a nuance with regard to this last point. Before the reform, criminal liability could be attributed when "no due control had been exercised"; now the offence must have been perpetrated as a result of the managers or legal representatives of the company "having grossly breached supervisory, surveillance and control duties over activities, considering each case's specific circumstances".

In other words, where any breach of control duties previously sufficed to give way to criminal liability, now a gross breach is required.


A company may be excluded from criminal liability if, before the perpetration of an offence, it adopted and effectively applied an organisational and managerial programme that was adequate to prevent similar offences or significantly reduce the risk of such offences being perpetrated – namely, a compliance programme.

Compliance programme requirements
In accordance with the newly amended Criminal Code, compliance programmes must:

  • identify the activities and areas in relation to which potential offences could be committed. Essentially, the company needs to carry out a prior evaluation of its own particular criminal risks;
  • establish the protocols or procedures necessary for the company to adopt and execute decisions relating to such compliance programmes. The company must set out an internal procedure to approve compliance programmes and execute decisions relating to such programmes;
  • provide models for managing financial resources which are adequate for the prevention of the offences that the company is obliged to prevent;
  • impose on all company personnel the duty to report to the supervisory body any potential risk or breach of the measures set out in the compliance programme. The company must set out a procedure to enable its employees to report any breach of the compliance programme;
  • establish a disciplinary system that adequately penalises breaches of the measures provided in the compliance programme. However, in practice, it may be that this disciplinary system can defer to employment regulations regarding the breach of company instructions, so it may not be necessary to provide for specific breaches and penalties; and
  • be subject to periodical review and necessary amendments in relation to relevant infringements or changes to the organisation, control structure or activity of the company.

Supervisory and control body
A body of the company must be assigned to supervise enforcement of the compliance programme.

In small companies, supervisory functions can be directly exercised by the managing body of the company. In accordance with Article 31, paragraph 3 of the Criminal Code, 'small companies' include all companies which can legally submit an abridged profit and loss account.

Application of exclusion

Companies are excluded from criminal liability if the above requirements were met when the offence was perpetrated by persons acting under the authority of the managers or legal representatives (ie, employees or agents).

Where the offence was perpetrated by the legal representatives or managers of the company, the following additional requirements must be met in order to exclude criminal liability:

  • The offence was perpetrated fraudulently by individuals avoiding the organisational and criminal prevention measures in place;
  • The supervisory, surveillance and control measures were not unduly omitted or insufficiently applied by the supervisory and control body referred to above; and
  • The supervisory and control measures were attributed to a body of the company with autonomous powers of initiative and control, or which was legally entrusted with supervision of the internal control measures.

Mitigation of criminal liability

The reform provides that when a company's compliance programme only partially meets the aforementioned requirements, this circumstance will be considered as a mitigating factor of criminal liability.

This mitigating factor is in addition to those which were already set out in the Criminal Code before the amendment, which include the adoption of measures capable of preventing future offences being perpetrated after perpetration of the offence, but before the trial.

Failure to adopt compliance programme

Managers of a company cannot be held criminally liable for failing to adopt a compliance programme. Although the new law included a new criminal offence in its draft stage, this provision was rejected by Parliament. The rejected provision established prison sentences of up to one year for managers or legal representatives of any company which did not adopt due surveillance and control measures to prevent criminal offences from being committed within the company when the perpetration of a criminal offence had already commenced.

For further information on this topic please contact Adriana de Buerba at Pérez-Llorca by telephone (+34 91 436 04 20) or email ( The Pérez-Llorca website can be accessed at

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.