One of the most relevant aspects introduced by the reform of the Criminal Code carried out by means of Organic Law 1/2015, of 30 March, is the establishment of the minimum requirements that a Compliance Programme must have, set out in Article 31 bis 5 of the Criminal Code.
This article states the following:
The organisation and management models referred to in condition 1 of section 2 and the previous section must meet the following requirements:
- They shall identify the activities within the scope of which the crimes to be prevented may be committed.
- They shall establish the protocols or procedures that specify the process of formation of the will of the legal person, the adoption of decisions and their execution in relation to them.
- They shall have models for the management of adequate financial resources to prevent the commission of the crimes to be prevented.
- They will impose the obligation to report possible risks and non-compliance to the body responsible for monitoring the operation and observance of the prevention model.
- They will establish a disciplinary system that will adequately sanction non-compliance with the measures established by the model.
- They will carry out a periodic verification of the model and of its possible modification when relevant infringements of its provisions are revealed, or when changes occur in the organization, in the control structure or in the activity carried out that make them necessary.
As a way of developing this article, Circular 1/2016 of 22 January from the Office of the Attorney General suggests that these programmes “are not intended to avoid criminal sanctions against the company but to promote a true ethical business culture” which should extend to compliance with all regulations, not just criminal ones.
The Compliance Programmes, adds, must be “clear, precise and effective and, of course, written (…) evidence must be given of their suitability to prevent the specific offence that has been committed, and a judgement must be made to that effect as to the suitability of the programme’s content for the offence. Therefore, the organization and management models must be perfectly adapted to the company and its specific risks”.
As for the specific protocols and procedures referred to in the Criminal Code, the Prosecutor’s Office is of the opinion that they must “guarantee high ethical standards” and “enable the detection of criminal conduct”. To this end, and in relation to the fourth requirement indicated above, an effective instrument of essential importance is the internal complaints channel.
With regard to the requirement for adequate financial resources in each case, the Criminal Code seems to suggest that the Compliance Programme should have its own independent budget line, which in any case should be sufficient to enable it to have full effect and all the appropriate mechanisms for its proper functioning to exist.
With regard to the sanctions referred to in the fifth requirement, we would like to make a specific mention.
As indicated in the aforementioned Circular of the Attorney General’s Office, this point “presupposes the existence of a code of conduct in which the obligations of managers and employees are clearly established. The most serious infringements, logically, will be those that constitute a crime, and consideration must also be given to those conducts that contribute to preventing or hindering their discovery, as well as to the violation of the specific duty to bring the detected breaches referred to in the fourth requirement to the attention of the control body”.
Specialist in Privacy, Intellectual Property and Corporate Compliance
Metricson is a legal services firm specialized in technology and innovative businesses and helps companies around the world to develop and protect their activity with the maximum legal guarantees.
If you want more information or want to know more about our services, do not hesitate to contact us here