On July 2015, the Spanish Criminal Code introduced compliance programs as a valid defence for legal entities to avoid or mitigate criminal liability derived from certain criminal offenses (including corruption related offenses) committed by a company´s directors, managers or employees. On January 22, 2016, Spain’s State Prosecutor has issued a 65 pages long document providing guidance to Spanish prosecutors on criminal prosecution of legal entities in general and on the assessment of compliance programs adopted by companies in particular, to determine if these are suitable to avoid or substantially reduce the corporate criminal liability. Said evaluation guidelines include the following nine evaluation criteria: First. The adoption of a compliance program is not by itself sufficient to exclude the criminal liability of the legal entity. Companies should avoid to adopt a standard compliance program that is not tailored to the company’s needs and risks. “Off the shelf” compliance programs will not be considered as a valid defence to criminal prosecution. Second.- Companies should not adopt compliance programs merely as an instrument to avoid criminal liability. Compliance programs should rather reflect the true compliance culture of the company. Third.- The so called compliance certificates issued by consultants, certification companies or any third party may be taken into account as an additional evidence to determine the suitability of the compliance program, but said certification (i) will not be deemed sufficient per se to prove the existence of an effective compliance program, and (ii) will not be a substitute of the judgment of its sufficiency to be made by the court. Fourth.- The “tone from the top” is critical. Public prosecutors will closely look at the attitude and involvement of the directors and managers of the company in the design, implementation, observance and monitoring of the compliance program. Indications of ambiguity on the implementation, contradictory messages about the importance of respecting the compliance program, or the involvement of a director or executive on a specific violation of the compliance program under investigation will be critical to judge whether the company has adopted a robust compliance program. Fifth.- The benefit obtained by the company as a result of the crime committed will be a critical factor that prosecutors will consider when assessing the compliance program as a defence. If the company has obtained a direct benefit from the crime committed by its directors or employees, the public prosecutor will be more strict when evaluating the sufficiency of the compliance program than if the director or employee is the primary beneficiary of the crime whereas the company only benefits indirectly from it. Sixth .- Despite the fact that the detection of the commission of crimes by directors or employees is not a formal requirement of a an effective compliance program, it is an essential part of it, jointly with its ability to prevent crimes . Consequently, the prosecutors will give extra credit to those compliance programs that are capable of detecting when a director, manager or employee may have committed a crime. Prosecutors will take as an evidence of the existence of a robust compliance program and the company’s uncompromised internal culture of compliance if the company has detected a crime, has conducted and internal investigation, has disclosed it to the public prosecutor and has cooperated with the investigation and the court. Seventh.- The commission of a crime by itself does not automatically disqualify the effectiveness of a compliance program. To conclude if a compliance program should be consider sufficient to exclude the criminal liability of a company, prosecutors will take into account the rank of the persons involved in the commission of the investigated crime (directors, managers or employees), the number of individuals involved, the number of times that the crime has been committed and for how long the criminal conduct has occurred. Eight.– To evaluate the culture of compliance of a company and, consequently, the effectiveness of the compliance program, prosecutors will take into account the manner in which the company has reacted in previous instances of potential violations of the compliance program A timely reaction and the imposition of serious sanctions to the wrongdoers will be considered evidence of an uncompromised commitment of the company with compliance. Ninth.– The specific actions (remedial and otherwise) taken after a company has detected a violation of the compliance program, including its review to improve it, its immediate and effective investigation, its disclosure and cooperation with the prosecutor and the judge, will be critical indicators to be appreciated by the prosecutor to assess the effectiveness of the compliance program and the existence of a true compliance culture in the company. In the following weeks and moths we will see how the Spanish prosecutors apply the guidelines and how the courts judge the effectiveness of a compliance program as a valid defence for companies to avoid criminal liability for crimes committed by their directors, managers and employees. We will follow this developments very closely.
Rafael Jiménez-Gusi is a partner in Baker McKenzie's Corporate Practice Group in Barcelona. He has more than 20 years of experience handling cross-border M&A transactions and company reorganizations. Mr. Jiménez-Gusi serves as secretary of several Spanish corporations, where he regularly advises on corporate compliance matters. He has organized, led and conducted numerous internal investigations involving allegations of corruption and company fraud. Mr. Jiménez-Gusi has served several leadership positions in Baker McKenzie at the office, regional and practice group level. This includes serving as member of the Firm’s Global Executive Committee. In addition to his legal practice, Mr. Jiménez-Gusi has been an associate professor of Ramon Llull University and ESADE Law School, and acts as legal counsel of Active Africa.
Diego Pol is a senior associate in Baker McKenzie's Barcelona office. He focuses his practice on advising national and international clients in the area of corporate Compliance and prevention of legal risks, mainly in anti-corruption laws, export controls and sanctions, and corporate criminal liability. Diego likewise advises companies in corporate law and M&A transactions He has worked at various law firms in the United States and Spain and He teaches at the Master in International Business Law and the executive course on Corporate Compliance at ESADE Business & Law School).