Compliance in detail

The WORLD COMPLIANCE ASSOCIATION defines compliance as the set of procedures and good practices adopted by organizations to identify and classify the operational and legal risks they face and to establish internal mechanisms for prevention, management, control and reaction to them.

Compliance was born in Spain with the inclusion in our legal system of the criminal liability of legal persons, and mainly with the reform carried out in the Criminal Code through Organic Law 1/2015 of March 30, which establishes, in article 31 bis 2, that it may act as an attenuating or exempting circumstance from the criminal liability of a legal person if the administrative body has adopted and executed effectively, before the commission of the crime, organization and management models that include the appropriate surveillance and control measures to prevent crimes of the same nature as the one committed or to significantly reduce the risk of their commission, or that the supervision of the operation and compliance of the implemented prevention model has been entrusted to a body of the legal person with autonomous powers of initiative and control or that is legally entrusted with the function of supervising the effectiveness of the internal controls of the legal person.

Our Penal Code indicates it in its article 31 bis 5:

• Risk map: They will identify the activities in whose scope crimes that must be prevented may be committed.
• Decision-making protocol: They will establish the protocols or procedures that specify the process of forming the will of the legal entity, of adopting decisions and of executing them in relation to those
• Financial resource management model: They will have appropriate financial resource management models to prevent the commission of crimes that must be prevented.
• Ethical channel: They will impose the obligation to report possible risks and non-compliance to the body responsible for monitoring the operation and observance of the prevention model.
• Disciplinary system: They will establish a disciplinary system that appropriately sanctions non-compliance with the measures established by the model.
• Periodic verification: They will carry out a periodic verification of the model and its eventual modification when relevant violations of its provisions are revealed, or when changes occur in the organization, in the control structure or in the activity developed that make them necessary.

In addition to the six points above, a COMPLIANCE BODY must be designated: “a body of the legal entity with autonomous powers of initiative and control or which is legally entrusted with the function of supervising the effectiveness of the internal controls of the legal entity”, which may be a sole or collegiate body and which, in the case of small legal entities, may be the administrative body itself.

• Illegal trafficking of human organs
• Crimes against moral integrity
• human trafficking
• Crimes against sexual freedom
• Prostitution, sexual exploitation and corruption of minors
• Discovery and disclosure of secrets and computer hacking
• Scams
• Frustration of execution
• Punishable insolvencies
• Computer damage
• Against intellectual and industrial property, the market and consumers
• Money laundering
• Illegal financing of political parties
• Against Public Finance and Social Security
• Against the rights of foreign citizens
• Of illegal construction, building or urbanization
• Against resources and the environment
• Crimes against animals
• Relating to nuclear energy and ionizing radiation
• Risks caused by explosives and other agents
• Against public health
• Against public health (drug trafficking)
• Counterfeiting of currency
• Falsification of means of payment
• Bribery and kickbacks abroad
• Influence peddling
• Crimes of incitement to hatred and glorification
• Smuggling
• Relating to genetic manipulation
• Price alteration in public tenders and auctions
• Refusal to carry out inspections
• Crimes against workers’ rights
• illicit association
• Criminal organizations and groups, terrorists and terrorist crimes
• Embezzlement

• Fine: up to 9 million euros.
• Dissolution of the company.
• Suspension of activities: up to 5 years.
• Clausura de locales y/o establecimientos: hasta 5 años.
• Prohibición de realizar las actividades en el ámbito de las cuales se cometió el delito: temporal (hasta 15 años) o definitiva.
• Inhabilitación para obtener ayudas y subvenciones, contratar con la Administración Pública y obtener beneficios fiscales: hasta 15 años.
• Intervención judicial: hasta 5 años.

• Risk reduction: Identification and mitigation of legal, financial and reputational risks associated with non-compliance with regulations, thereby preventing the commission of crimes within the company’s scope of activity.
• Compliance with the law: thus avoiding sanctions and reputational costs.
• Improving corporate reputation: Demonstration of an ethical corporate culture, based on transparency and legal compliance, improving the company’s image for customers, investors and other stakeholders.
• Protecting shareholders, managers and employees: training and awareness-raising actions generate more responsible employees and managers.
• Greater control of activity: visibility of undetected risks and establishment of protocols and procedures for all critical company processes.
• Certification: Obtaining ISO/UNE certification, which acts as external proof that the company follows the highest standards in terms of regulatory compliance.
• Continuous Improvement: Establishment of a system that promotes continuous improvement in compliance management, adapting to the changing needs of the regulatory environment and the business.