Spanish criminal law used to follow the principle of “societas delinquere non potest” – inherited from ancient Roman law – which means that companies cannot commit crimes, only individuals may be responsible for crimes. However, Spanish lawmakers recently changed this system, switching to an Anglo-Saxon inspired model in which companies can also be charged with crimes.
Such modification has been carried out by means of an amendment of the Criminal Code[1] (“Código Penal”). The amendment brings to the Criminal Code the following matters:
(i) Companies may be charged with criminal responsibility in the following events:
(a) For offences committed by managers and legal representatives of the company, when acting on behalf of the company and for its benefit.
(b) For crimes committed by employees of the company while carrying out their functions and for the benefit of the company, unless due control has been applied.
In this case, the basis of the responsibility established by the Code is the failure of the duty of control. Thus, in the event of a crime committed by an employee, the company shall be responsible only if managers have failed to have a certain degree of control over the activities of the company and its employees. In other words, the manager in charge of the compliance tasks may avoid with his work that the company is considered criminally responsible.
(ii) Companies may be responsible only for some crimes (money laundering, environmental crimes, tax avoidance, etc.).
(iii) Mitigating circumstances for the criminal responsibility of companies: admission of the crime before the procedure starts, collaboration with the investigations of the facts and repair of the damage caused before the trial takes place.
(iv) Liability exemption for the adoption of prevention measures in order to avoid crimes (compliance programs). The law establishes a different regulation of the exemption depending on which crime we are dealing with:
(a) For crimes committed by legal representatives of the company, the exemption will take place if:
– The board of directors has applied effectively a compliance program that foresees and reduces the risk of the commission of those crimes.
– The supervision and implementation of the compliance program has been entrusted to an independent body.
– The perpetrators of the crime have fraudulently avoided the compliance program.
– No failures or omissions of the control of the compliance program’s application have took place.
(b) For crimes committed by employees of the company while carrying out their functions, the exemption will take place in the event that the company, before the commission of the crime, has approved and effectively applied a model of organization and management that is adequate to prevent crimes.
The amendment brings also a useful regulation that establishes the content that an adequate compliance program may have. Such content is the following:
(i) Identification of the activities in which crimes are more likely to be committed.
(ii) Procedures for decision-making in those particular areas.
(iii) Management models for the administration of financial resources.
(iv) Obligation of reporting to the surveillance body possible risks and/or failures of the program.
(v) Penalties for the non-observance of the regulations of the compliance program.
Finally, the Code establishes that the company will have to review the compliance program regularly, in order to adapt it to the changing circumstances of the company.
In small companies[2], the management body can assume the control functions and the implementation of the prevention measures. However, in the rest of companies those functions have to be assumed by an independent body.
To sum up, Spanish lawmakers have changed the principle of non-responsibility of companies for criminal offences to a system in which, under some circumstances, companies can be liable for crimes. The new regulation establishes a system of criminal responsibility for the company for, on one hand, crimes committed by managers and legal representatives on its behalf, and, on the other hand, crimes committed by employees; in the event that the company has failed to apply proper preventing measures. Thus, the duty of control of the implementation of the preventing measures and the issuance and application of a compliance program become particularly important for Spanish companies.
[1] “Ley Orgánica 5/2010, de 22 de junio, por la que se modifica la Ley Orgánica 10/1995, de 23 de noviembre, del Código Penal” and “Ley Orgánica 1/2015, de 30 de marzo, por la que se modifica la Ley Orgánica 10/1995, de 23 de noviembre, del Código Penal”.
[2]Small companies will be those that are allowed to submit abridged annual accounts (“cuentas anuales abreviadas”) before the Commercial Registry, in accordance with Spanish Law on Corporations.
