Search for:

Corporate Liability in Spain

By Cecilia Pastor (Baker McKenzie Spain)

I.              Corporate liability deriving from criminal activity

1.             Nature of the liability (criminal, administrative) and basis (crimes committed by directors or representatives, in the interest of or for the advantage of the company).

By means of Organic Law 5/2010 of 22 June 2010 ― which entered into force on 23 December 2010 ― the Spanish Criminal Code introduced, for the first time, corporate criminal liability in Article 31 bis. Further, on 30 March 2015, a new amendment to the criminal code entered into force, introducing some changes to the first version of Article 31 bis.

According to the current version of Article 31 bis, legal entities will be criminally liable for:

  1. Offenses committed by their legal proxies, directors and managers on behalf of the entity and in direct or indirect benefit to the entity
  2. Offenses committed by individuals, subject to the authority of the abovementioned representatives, directors or managers (eg, employees) within the operation of the entity’s activity and on its behalf, and to its direct or indirect benefit when the entity has breached its duties of supervision, monitoring and control.

Legal entities will only be held criminally liable in Spain for offenses expressly established in the Criminal Code.

2.             Type of crimes/administrative offenses from which, according to the legislature, corporate liability may arise

Under the Spanish Criminal Code, corporate criminal liability will arise from the following offenses:

  • Illegal traffic of human organs (Article 156 bis)
  • Trafficking of human beings (Article 177 bis)
  • Prostitution and corruption of minors (Article 187)
  • Discovery and revelation of secrets of individuals (Article 197)
  • Fraud (Articles 248 and to 251 bis)
  • Obstruction of law enforcement, which includes: concealment of assets; providing an incomplete or false list of assets within judicial or administrative enforcement proceedings; and using seized goods without authorization (Articles 257 to 258 ter)
  • Fraudulent insolvency, which includes: the disposal of assets and payment to the creditor when these operations are detrimental to the equity of the entity in current or imminent bankruptcy; improper bookkeeping; or the falsification of the company’s accounting documents (Articles 259 to 261 bis)
  • Computer hacking (Articles 263 to 267)
  • Crimes against intellectual property, which include: the unauthorized reproduction, distribution, disclosure, plagiarism, or export of import of literary, artistic or scientific work; providing links in the Internet to intellectual property contents without authorization; and street trade or distribution of products protected by patents or utility models or under trademarks or distinctive signs without the consent of their holder (Articles 270 to 277)
  • Crimes related to the market and consumers, which include: the discovery and revelation of company secrets; the interruption of supply of products of basic needs; false advertising; forgery of financial information in listed companies; or the alteration of market competition (Articles 278 to 286)
  • Corruption in business (Article 286 bis)
  • Money laundering (Article 301)
  • Tax evasion (Articles 305, 306 and 310 bis)
  • Crimes related to the Treasury (social security) (Articles 307, 307 bis, 307 ter and 310 bis)
  • Other offenses related to public administration which includes: fraud with regard to subsidies; and improper bookkeeping under tax legislation(Articles 308 and 310 bis)
  • Offenses against the rights of foreigners workers, which include: the promotion or facilitation of illegal trafficking; or clandestine immigration to Spain or another country in the EU (Article 318 bis)
  • Offenses related to the organization of the territory and town planning, which include building or executing works: in places legally or administratively protected; or on land not zoned for development (Article 319)
  • Environmental offenses (Articles 325 to 331)
  • Offenses related to state security, which includes: tipping, emission or release of ionizing materials or radiation into the air, the soil or water; manufacturing, handling, transporting, holding or manufacturing explosives, flammable, corrosive, toxic or asphyxiating substances; breaching safety regulations; and the unlawful production, import, export, commercialization or use of any substance that destroys the ozone (Article 343)
  • Cultivation preparation, traffic or possession of toxic drugs, narcotics or psychotropic substances (Article 368)
  • Forgery of credit and debit cards and travelers checks (Article 399 bis)
  • Bribery and corruption (Articles 419 to 427 bis)
  • Influence peddling (Article 429)
  • Corruption in international commercial transaction (Article 445)
  • Funding of terrorism organizations or groups (Article 576 bis)

3.             Identification of companies and entities to which liability may apply

All legal entities (including but not limited to companies, associations, foundations, trade and labor unions, political parties or registered religious entities) are subject to criminal liability. However, according to Article 31 quinquies of the Criminal Code, this liability will not apply to the state, local and institutional public authorities, regulatory authorities, public entrepreneurial agencies and entities, international public organizations, and entities that exercise sovereignty or administrative privileges.

To the public companies that provide services of general interest, only penalties of fines and court intervention will be applicable unless the court considers that this legal status’s purpose is the avoidance of potential criminal liability.

4.             Corporate liability for crimes committed abroad by its representatives or subsidiaries

According to Article 23 of the Spanish Judiciary Organic Law, Spanish courts will be competent to conduct criminal proceedings for criminal offenses committed abroad on the following cases:

  1. As a general rule, legal entities may be held liable under the Spanish Criminal Code when all of the following circumstances met:
    1. The Spanish entity’s legal proxies, directors, managers or employees who committed the crime are Spanish nationals.
    2. The facts of the offense are considered an offense in the country in which it took place.
    3. The victim or the Public Prosecutor files a lawsuit before the Spanish courts.
    4. The legal proxies, directors, managers or employees who committed the offense have not been absolved, reprieved or convicted abroad or, although they have been convicted, they have not served the sentence.
  2. Special rules apply to some specific criminal offenses:
    1. Trafficking of human beings (Article 177 bis) will be prosecutable in Spain when:
      1. The proceedings are conducted against a Spanish citizen.
      2. The proceedings are conducted against a foreign citizen whose usual residence is in Spain.
      3. The offense was committed by an entity with domicile in Spain.
    2. Corruption in business (Article 286 bis) or corruption in international commercial transactions (Article 445) will be prosecutable in Spain when:
      1. The proceedings are conducted against a Spanish citizen.
      2. The proceedings are conducted against a foreign citizen whose usual residence is in Spain.
      3. The crime was committed by a legal proxy, director, administrator, manager, employee or collaborator (eg, a subsidiary) of an entity with domicile in Spain.
      4. The offense was committed by an entity with domicile in Spain.
    3. Cultivation, preparation, traffic or possession of toxic drugs, narcotics or psychotropic substances (Article 368) will be prosecutable in Spain when:
      1. The proceedings are conducted against a Spanish citizen.
      2. The investigated facts are part of a criminal scheme with the purpose of committing these crimes in Spain.

The foregoing offenses will not be prosecutable in Spain, and thus, no criminal liability under Spanish law would arise, if they are under investigation in the criminal court of the country where the crime took place or in International Criminal Courts, in accordance with the relevant international treaties. Therefore, the jurisdiction will be held by the courts of the country where the crimes were committed.

4. Offenses against the Spanish Public Administration, that is, bribery (Article 424) and   influence peddling (Article 429), will be prosecutable in Spain regardless of the nationality or residence of the criminally liable individual or entity (principle of protection of the general interest).

As it is stated in the Public Prosecutor’s guidelines of 1 June 2001, when facts are prosecutable in Spain, corporate criminal liability will be governed by the Spanish Criminal Code. Therefore, corporate criminal liability for an offense prosecuted in Spain will be ruled by Spanish law.

5.             Corporate liability in the case of transactions taking place after the commission of a crime (acquisitions, mergers, demergers, etc.)

Article 130.2 of the Spanish Criminal Code provides that transformation, mergers, absorptions or demergers of legal entities will not extinguish their criminal liability, which will be transferred to the entity or entities into which the original entity is transformed, merged or absorbed, or to the entities arising from the demerger.

Moreover, a concealed or merely apparent dissolution of the legal entity ― ie, when a different entity carries on its economic activities and substantially maintains the same clients, suppliers and employees ― will not extinguish the criminal liability of the dissolved entity, which shall be transferred to the company that carries on, de facto, its activities.

II.            Applicable sanctions

1.             Type of sanctions applicable to the company

The penalties that may be imposed on legal entities held criminally liable for the crimes committed by their legal proxies, managers, directors or employees are as follows:

  1. Per diem fines (a daily amount from EUR 30 to EUR 5,000) or proportional fines (eg, with regard to the amount defrauded or the benefit obtained by the legal entity)
  2. Dissolution of the legal entity
  3. Suspension of the activities of the legal entity for a maximum period of 5 years
  4. Closure of all or some of the premises and establishments of the legal entity for a maximum period of 5 years
  5. Prohibition on engaging in activities through which the crime was committed, favored or concealed; this measure may be definitive or temporary (for a maximum period of 15 years)
  6. Barring from obtaining public subsidies and aids, from entering into contracts with the Public Administration, and from enjoying tax or Social Security benefits and incentives for a maximum period of 15 years
  7. Court intervention for a maximum period of 5 years to protect employees’ and creditors’ rights.

These penalties are not applicable in all cases. It will depend on the penalty expressly provided for each crime for which legal entities may be held criminally liable and on the seriousness of the offense.

Article 129 of the Criminal Code also contains a list of ancillary consequences when some crime has been committed through entities that do not have legal status. In such cases, the penalties described in the above letters c) to g) and the definitive prohibition on engaging any activity, even if it is a legal activity, may be applied to these entities.


2.             Interim measures, cease and desist orders, bans and confiscatory measures

Within a criminal investigation, the interim measures that may be ordered against a legal entity are the temporary closure of its premises and establishments, the suspension of its activity, and court intervention.

There could also be bonds and seizure of the company’s assets in order to cover potential civil liabilities.

3.             Liability of directors or managers for not having adopted (intentionally or negligently) measures for the prevention of the crime

There is no specific offense with regards to directors or managers who fail to implement controls or compliance programs that could prevent the commission of an offense. However, individuals could be held civilly liable for damages caused to the company due to negligence in their duties.

In addition to that, individuals within the company could be held criminally liable as perpetrators, accomplices or instigators of a criminal offense when, with their actions (intentionally or negligently), they commit a crime.

According to Article 11, an individual could be considered guilty whenever, in neglecting their duties of supervision, monitoring and control, the following requirements are met:

  1. The crime consists of the production of a determinate outcome.
  2. There is a contractual or legal duty of acting to prevent the commission of a crime.
  3. The individual has acted or neglected to act and consequently has created a risky situation for the protected legal right.

Note that the Companies Act establishes the civil liability of managers to compensate the company for damages caused by an infringement of their duties of diligence. Therefore, managers could be held liable for damages caused to the company for not having adopted measures for the prevention of crimes, as long as it may be considered an infringement of their control duties.

III.           Measures and “models” of prevention and effects of the same on corporate liability and applicable sanctions

1.             Consequences of the adoption of a compliance “model” and effects on corporate liability for crimes committed by the company’s managers, directors or representatives (cases in which it is possible to obtain an exemption from liability or a mitigation of the sanction)

The lack of adoption of an effective compliance “model” is considered a requirement to the commission of the offense. The implementation before the trial hearing takes place of an effective model to prevent future offenses within the company could mitigate the company’s criminal liability.

Following Article 31 bis, legal entities will be exempted from criminal liability in the following circumstances:

  • Before the commission of the crime, the management of the company has implemented effective models of organization and management that include monitoring and control measures capable of preventing or substantially reducing the risk of the commission of such crimes.
  • The supervision of the performance and fulfilment of the compliance model has been commended to an independent body of the company with autonomous control powers.

2.             Modality according to which a compliance “model” must be adopted in order to benefit from exemption from responsibility or mitigated punishment (codes of ethics, procedures, etc.)

For a compliance “model” to be considered a factor in giving an exemption from criminal liability, the “model” must:

  1. Identify activities within the scope of which crimes may be committed
  2. Establish procedures to define the decision-making process of the corporate will
  3. Have appropriate financial resources to prevent the commission of crimes
  4. Impose the obligation of reporting potential risks and breaches to the body entrusted with monitoring the observance of the compliance “model”
  5. Establish disciplinary measures to penalize the infringement of the compliance “model”
  6. Verify the effectiveness and efficiency of the compliance “model” periodically and amend it when important infringements of the model arise or when the organization or the company’s control structure or its activity changes

3.             Monitoring: independent person or body to control/supervise, with the purpose of verifying the correct application of the “model”; mode of operation of such person or body

According to Article 31 bis of the Spanish Criminal Code, the compliance “model” must be monitored by a body that is independent from the management of the company with sufficient control authority.

Small companies could relay the monitoring task to the management of the company.

The Criminal Code does not determine the management or composition of the monitoring body. However, there are some aspects to be considered in relation to this body, which controls or supervises the implementation of compliance programs:

The most important matter is the real and effective existence of this independent body, which may be proven by means of the financial and employment resources allocated to the body (as evidence of its existence) and its hierarchical position within the corporate structure (as evidence of its independence).

It is essential that the body develop proactive tasks consisting of:

  • Receiving notices of infringement of the compliance “model” and other incidents
  • Establishing monitoring protocols and periodic controls
  • Informing periodically on compliance
  • Updating all the models and protocols with view to new laws or changes in the activity or corporate structure and organization

With regards to listed companies, the Good Listed Companies’ Governance Code is prepared by the Spanish Securities & Exchange Commission, and it includes an obligation to companies to put in charge of control and risk management an internal department, subject to the supervision of a specialized commission of the Board of Directors (such as an auditory commission). The functions of this internal department would be:

  • To ensure the good performance of the control and risk management systems and that the company identifies manages and values the significant risks
  • To participate in the elaboration of risk strategies and its management
  • To supervise the control risk management systems, appropriately mitigating the risks

Finally, the Companies Act allows European companies (companies incorporate according to the rules established in European Regulation No. 2157/2001) to choose one-tier or two-tier administration system. Companies that choose the two-tier system would have a management body and a control body, whose functions will be those stated in European Regulation No. 2157/2001 (ie, to control the management body). The Companies Act allows the regulation of its composition and mode of operation in the company bylaws. If it is not regulated, the mode of operation will be the same as that of the management body, in accordance with European Regulation No. 2157/2001.

IV.          Judicial proceedings to determine corporate liability

1.             Court competent to decide the liability of and penalties applicable to the company

The Courts that are competent to conduct the investigation and rule on the criminal liability of and penalties applicable to the company are the same as those that will decide the liability of the individual who committed the offense. The procedural rules are the same for individuals and legal entities.

2.             Possibility of the application of interim measures

Within a criminal investigation or during the trial phase, the court competent to conduct the proceedings may, upon the request of one of the parties in the proceedings, order interim measures against legal entities, subject to the following requirements:

  1. There is reasonable evidence of the commission of a crime and the liability of the legal entity.
  2. The measure must be aimed to: i) prevent the legal entity from committing more crimes; ii) prevent the destruction or concealment of evidence by the company; or iii) ensure that the potential civil liability arising from the offense will be paid.
  3. The adoption must be exceptional, necessary (ie, there are no other measures less burdensome to achieve the purpose of the injunction), temporary (ie, the measure cannot be definitive and can be modified in the future) and proportionate.

In accordance with Article 544 ter of the Criminal Procedures Act, the “personal” interim measures that may be ordered against legal entities are only those expressly provided in the Criminal Code, that is, the temporary closure of its premises and establishments, the suspension of its activity and judicial intervention.

The “in rem” interim measures applicable to legal entities are the imposition of bails and the order of seizures of assets in order to ensure the payment of potential civil liability arising from the criminal offense.

Moreover, it is worth mentioning, in accordance with the Criminal Procedures Act, the entry and search of premises to find evidence that may help the criminal investigation proceedings. However, under Spanish law, this measure is not viewed as an interim injunction, but as an investigation measure.


3.             Plea bargains and related effects on the corporate liability

Legal entities, just like individuals, may negotiate with the public and private prosecutor during the criminal investigation and the trial phase to settle the criminal proceedings against the company.

4.             Imposition of sanctions against the company

In virtue of the “non bis in idem” principle, legal entities found criminally liable for offenses committed by their representatives, directors, managers or employees are not subject to further sanctions apart from those criminal penalties expressly provided in the Criminal Code.

However, Article 213 of the Companies Act prohibits directors who have been convicted for falsehood, as well as for crimes against freedom, property, the socio-economic order, public safety, or the administration of justice, from being appointed director or manager of a company. Then, although this is not a formal sanction, companies declared criminally liable for such crimes could not be appointed director of another company (in those cases when companies themselves are appointed as directors of other companies).

5.             Permanence of corporate liability if the crime is extinguished

In accordance with Article 31 ter of the Spanish Criminal Code, legal entities will be criminally liable for crimes committed by their representatives, directors, managers and employees even if the offender cannot be determined or criminal proceedings have not been initiated against them.

Moreover, personal circumstances of the individuals who committed the crime that mitigate, aggravate or modify their criminal liability will not affect the criminal liability of legal entities.

V.           Corporate liability in multinational groups

1.             Liability of parent companies located abroad in the case of offenses committed by directors, managers or representatives of the local company

The Spanish Criminal Code does not contain rules extending the criminal liability of the subsidiary to its parent company. Therefore, the general rule is that criminal offenses committed by the representatives, directors, managers or employees of a company should not result in criminal liability for the parent company.

However, according to the Order of the General Public Prosecutor dated 1 June 2011, corporate criminal liability may be attributed to a parent company when the parent company (holding company) is the representative or manager of the subsidiary and the two basic points (described below) are met. Accordingly, the General Public Prosecutor understands that the parent company would also benefit from the offense. This extension of liability would apply to Spanish and foreign companies alike.

Moreover, a parent company could also be held criminally liable as author of crimes (that trigger corporate criminal liability) committed by the directors, managers or representatives of its subsidiary if the parent company has breached a contractual or legal duty of preventing the commission of such crimes (ie, supervision, monitoring and control duties for not having implemented compliance programs).

2.             Basis of liability and applicable sanctions

Taking into account the General Public Prosecutor’s Guidelines, corporate criminal liability could apply to parent companies when:

  1. The parent company is the representative or manager of the subsidiary in which the offense has been committed
  2. The parent company has benefited from the offense for which the subsidiary is liable.

The applicable sanctions would be the same as those provided in the Spanish Criminal Code for legal entities.

The potential criminal liability of a parent company arising from a breach of its contractual or legal obligation to prevent the commission of crimes by the directors, managers or representatives of its subsidiaries would be based on the breach of a duty to prevent the commission of the crime and, thus, the production of the final outcome (commission by omission basis).


VI.          Significant case law concerning corporate liability arising from crimes and draft laws under discussion

1.             Significant case law, if any

Even though the introduction of criminal liability for legal entities is fairly new to Spanish legislation, there has been some relevant case law from the Supreme Court that analyzes and solves some of the issues related to compliance “models.”

  • Sentence 154/2016, 29 February:
  • Requires that the individual representing the Company before the Court and the individuals from the Company accused before the Court to be different, in order to avoid conflict of interest between them.
  • Requires that the employees’ interest when imposing penalties to the company (such as judiciary intervention, dividing fines, etc.) be taken into account.
  • Sentence 221/2016, 16 March:
  • States that the legal entity cannot be held liable for all the infringements committed by individuals within the organization. It could only be held liable for serious breaches and that went into the company’s profits, directly or indirectly, and motivated by an organizational fault.
  • States that it is required to be proven by the accusation that it is the organization’s fault.

It is also interesting to note the decision issued by the Court of Criminal Investigation No. 4 of the Spanish High Court dated 11 May 2017, which stayed the proceedings regarding an investigated auditing firm because the requirements to attribute criminal responsibility to the entity were not met. Such requirements were listed as follows:

  • That the criminal offense whose commission is attributed is one of those that the Criminal Code declares as susceptible of being committed by legal entities.
  • That the conditions that imply the exemption of criminal responsibility of the legal entities do not apply. These conditions are the following:
  • That, before the commission of the criminal offense, the board of directors effectively adopted and implemented organizational and managerial “models,” which include adequate measures of monitoring and control to prevent crimes of the same nature or to significantly reduce the risk of their commission
  • That the supervision of the compliance with that implemented “model” of prevention has been entrusted to a body of the legal entity with autonomous powers of initiative and control or with the legal function of supervising the effectiveness of the internal controls of the legal entity
  • That the individual perpetrator has committed the criminal offense by fraudulently evading the organizational and prevention “models”
  • That the body mentioned in 2 has not neglected or insufficiently exercised its supervisory, monitoring and control functions

In that case, the Criminal Investigation Judge estimated that the investigated auditing firm had proven that it had a compliance manual fulfilling the above-mentioned requirements. In particular, the auditing firm proved that it had sufficient tools, policies and protocols requiring its staff to comply with the professional standards, establishing adequate monitoring and control measures to prevent the commission of criminal offenses. The Judge also emphasized that, according to the applicable legislation, partners act with absolute autonomy and independence in professional companies.

2.             Proposed or contemplated new legislation

For the time being, no new reforms of the Spanish Criminal Code are expected, since the latest overall reform, which was published on 31 March 2015, entered into force on 1 July 2015. On 6 December 2015, an amendment to the Spanish Criminal Procedural Act (Organic Law 13/2015, 5 October) entered into force, and it sought to introduce procedural guarantees for the defendants, and regulates, for the first time, investigations through technological means.