Skip to main content
Try Lexiel for freeTry now →
20 minSofía

Anti-Corruption Programs and Criminal Compliance

Criminal liability of legal persons, compliance models (Art. 31 bis CP), whistleblowing channel, compliance body and risk mapping.

Criminal Liability of Legal Persons (Art. 31 bis CP)

Since the 2010 Criminal Code reform (expanded in 2015), legal persons can be criminally liable for offences committed on their behalf or account, and for their direct or indirect benefit.

Liability arises in two scenarios:

Offences by Representatives and Directors

When the offence is committed by persons with power of representation, decision-making authority, or control functions within the organization (Art. 31 bis 1.a CP).

Offences by Employees

When the offence is committed by persons subject to the authority of the above, due to a serious breach of supervision, oversight and control duties (Art. 31 bis 1.b CP).

Compliance Models: Criminal Exemption (Art. 31 bis 2 to 5 CP)

Article 31 bis provides that a legal person is exempt from criminal liability if it proves that, prior to the commission of the offence:

  1. The governing body adopted and implemented effective organizational and management models to prevent offences of the same nature (or significantly reduce the risk).
  2. Model supervision was entrusted to a body with autonomous powers of initiative and control.
  3. The individual perpetrators committed the offence by fraudulently circumventing the prevention models.
  4. There was no omission or insufficient exercise of supervisory functions by the compliance body.

For the model to be effective, it must meet the requirements of paragraph 5:

  • Risk map: identification of activities where preventable offences may be committed.
  • Protocols and procedures: rules specifying the decision-making and execution processes.
  • Financial resource management: adequate resources to prevent offences.
  • Whistleblowing channel: obligation to report potential risks and breaches.
  • Disciplinary system: sanctions for non-compliance with the model.
  • Periodic review: revision of the model when relevant breaches or organizational changes are detected.

Whistleblowing Channel (Law 2/2023)

Law 2/2023 of February 20, on the protection of persons who report regulatory infringements, transposes the European whistleblowing directive.

Key points for lawyers:

  • Mandatory internal reporting system for companies with 50 or more employees and all public sector entities.
  • Whistleblower protection: prohibition of retaliation, reversal of the burden of proof, support measures (free legal advice, protection from liability).
  • Confidentiality: the whistleblower's identity may only be disclosed with express consent, unless required by court order.
  • Processing deadlines: acknowledgment within 7 calendar days, response within 3 months.
  • External channel: the Independent Whistleblower Protection Authority (AAI) serves as a complementary external channel.

Compliance Body

The compliance body (or compliance officer) is the cornerstone of the prevention model. Its functions include:

  • Supervising the operation and compliance of the prevention model.
  • Managing the internal whistleblowing channel.
  • Proposing updates to the risk map and protocols.
  • Reporting periodically to the governing body.
  • Staff training and awareness.

In smaller companies, the governing body itself may assume these functions (Art. 31 bis 3 CP). In listed companies, a dedicated collegiate body is recommended.

Risk Map and Code of Ethics

The risk map is a living document that identifies, evaluates, and prioritizes criminal risks associated with each area of the organization. It must cover, at minimum: bribery, influence peddling, fraud, money laundering, tax offences, offences against workers, and environmental offences.

The code of ethics complements the risk map by establishing the values, principles, and standards of conduct that must guide the actions of all persons linked to the organization.

Mandatory Training

Training is not a decorative element of the compliance program. Circular 1/2016 of the Attorney General's Office states that a model without effective and periodic training lacks real efficacy. Training must:

  • Be periodic (at least annual) and adapted to each level of responsibility.
  • Include practical cases and real scenarios.
  • Document attendance and comprehension.
  • Be reinforced when breaches or relevant regulatory changes are detected.

Video coming soon

For now you can read the written content below

Module quiz

1

A company with 200 employees has no internal whistleblowing channel. An employee discovers a bribe to a public official committed by the CFO. What consequence does the absence of the channel have for the company?

2

A company's compliance officer detects that the sales department offers excessive gifts to public sector clients. They report to the board, but the board decides not to act. Who bears responsibility if a bribery offence is committed?

3

A company implemented its compliance program 5 years ago and has not reviewed it since. Does it meet the requirements of Art. 31 bis CP?

4

An employee reports accounting irregularities through the company's whistleblowing channel. Two weeks later, they are dismissed citing poor performance. What protection do they have?

5

Which of the following elements is NOT a requirement of the prevention model under Art. 31 bis 5 CP?

Have your own legal questions?

The Individual Plan gives you 50 queries/month with answers verified against official legal sources.

Try free for 14 days
PreviousNext
Anti-Corruption Programs and Criminal Compliance | Lexiel Academy