New Penal Code Amendment
On 31 March 2015 Organic Law 1/2015 of 30 March amending the Penal Code was published
in the Boletín Oficial del Estado, Spain’s official journal.
As stated in the preamble to the act, this reform, scheduled to enter into force on 1 July 2015,
“makes a technical improvement in the regulation of the criminal liability of legal persons,
which was introduced into Spanish legislation by Organic Law 5/2010 of 22 June. The purpose
of the improvement is to outline properly the contents of ‘due control’, inasmuch as criminal
liability may be based on failure to exercise due control”.1
The new amendment expressly acknowledges that a legal person may be exempted from
criminal liability if it has a corporate compliance programme for the prevention of crime. This
acknowledgement puts an end to all discussion on the matter and for the first time establishes
the requirements that must be met by what the law terms “an organization and management
model for the prevention of crime”.
When a crime is committed by de-facto o de-jure directors or legal representatives2 of a legal
person, the new article 31 bis 2 of the Penal Code makes the following conditions necessary in
order for the enterprise to be exempted from criminal liability: (i) the crime prevention model
must have been adopted and effectively executed prior to the commission of the crime,
including monitoring and control measures fit for preventing crimes of the sort in question or
for reducing significantly the risk of such crimes; (ii) the crime prevention model must have
been supervised by an authority that has autonomous powers of initiative and control within
the legal person (what the Anglo-Saxon world calls “a compliance officer”), although, when the
legal person is “small”,3 supervisory functions may be assigned directly to the governing body
of the legal person; (iii) the individuals who have perpetrated the crime must have fraudulently
evaded the organization and prevention models; and lastly (iv) the authority entrusted with
supervising and running the prevention model must not have failed to exercise or insufficiently
exercised its supervision, monitoring and control functions.
1
This is done following the text of Italian Legislative Decree 231/2001 of 8 June on “Discipline in the administrative
liability of legal persons, companies and associations even where legal personality is lacking, according to the rule in
section 11 of the act of 29 September 2000, No. 300”.
2
The new article 31 bis 1.a) changes the previous wording to “legal representatives or those persons who, acting
individually or as members of a body of the legal person, are authorized to take decisions in the name of the legal
person or hold organization and control faculties within the legal person”.
3
According to the rewording of article 31 bis 3 of the Penal Code, “small” legal persons are those that are
authorized by law to submit profit and loss accounts.
The new article 31 bis 4 establishes that, when the crime is committed by employees (or other
persons under the authority of the de-facto or de-jure directors and legal representatives4),
the legal person is exempted of liability if, before the crime was committed, it did in fact adopt
and effectively execute an organization and management model adequate to prevent crimes
of the sort committed or to reduce significantly the risk of the commission of such crimes.
The article goes on to say that partial accreditation of the criminal liability exemption
requirements set in preceding articles will be regarded as an attenuating circumstance.
The new article 31 bis 5 of the Penal Code sets the requirements for an effectual, effective
corporate compliance programme (one which is fit to qualify the legal person for exemption
from criminal liability in future). Qualifying organization and management models must:
1. Identify the activities in which the target crimes might be committed. In other
words, before an “organization and management model for the prevention of crime”
can be created, an analysis must be run that includes an in-depth examination of the
company’s business, its facilities, the legislation applicable to it and to its business, etc.
This analysis is what the Anglo-Saxon world calls “risk assessment”. The goal is
correctly to identify and evaluate the company’s risk in connection with the sorts of
crimes that its directors, legal representatives and employees might reasonably engage
in. In short, the idea is to map out the firm’s risks.
2. Establish the exact protocols or procedures for forming the legal person’s wishes,
making its decisions and executing its decisions in connection with its wishes. Thus, the
legal person is equipped with policies, clauses, protocols, and of course a good internal
investigation manual, so it can detect potential criminal acts.
3. Set up financial resource management models suitable for averting the target
crimes. The governing body’s commitment to and engagement with the corporate
compliance programme must be reflected in the yearly allocation of resources so that
the compliance officer can effectively carry out his or her supervision, monitoring and
control functions.
4. Make it compulsory to report possible risks and infringements to the authority
entrusted with monitoring the operation and observance of the prevention model.
Reporting channels facilitating the detection of crimes in the company must therefore
be implemented, and all company employees must have access to the reporting
channels.
5. Establish a disciplinary system that properly penalizes infringement of the measures
established by the model. This condition must be seen in relationship with the
functions of the compliance officer and the Human Resources Department, and it must
necessarily include a reaction plan or protocol for action when a crime is committed
and the system of rules penalizing crime.
6. Run regular verifications of the model and modifications of the model when
evidence of major violations of the model is found, or when there are changes in the
organization, the control structure or the company’s business that make modifications
4
Once the reform has entered into effect, the application of this article in practice will enable us to ascertain the
exact scope of this concept.
2
necessary. Not only must a corporate compliance programme be introduced, but
follow-up reports must also be given regularly to evaluate the design of the model and
the effectiveness of the controls the company has implemented.
Another new issue introduced with this amendment of the Penal Code is the extension of
criminal liability to state-owned companies engaged in executing public policy or rendering
services of general economic interest. As of 1 July 2015, state-owned companies may be fined
under article 33.7.a) of the Penal Code, and they may placed under legal supervision under
article 33.7.g).
In article 31 bis, the reform also adds to the catalogue of crimes that entail liability.
Before the reform, legal persons could be held liable for the crime of concealment of property.
Now, article 258 ter states that legal persons may also hold criminal liability for the new crimes
of frustration of enforcement.5 Protection of enforcement procedures already used to be a
normal part of comparative law; the new provisions on concealment of property and
frustration of enforcement are designed to round out the protection of enforcement
procedures (and accordingly credit enforcement) in criminal law as well. First, concealment of
property during a judicial or administrative enforcement procedure is defined as a crime
(Penal Code, article 257); second, unauthorized use by the depositary of property under
injunction is defined as a crime (Penal Code, article 258).
Article 304 bis 5 of the Penal Code also expressly states that legal persons are criminally liable
for the new crime of illegal financing of political parties. “[H]e who receives donations or
contributions intended for a political party, federation, coalition or voter group in violation of
article 5.One of Organic Law 8/2007 of 4 July on political party financing” is punished “with a
fine of three to five times its value” (new Penal Code, article 340).
Furthermore, a new crime, corruption in business, is introduced in article 286 ter (A legal
person may also be held liable for commission of this crime under article 288). It is a
punishable crime for persons, in person or through an intermediary, to corrupt or seek to
corrupt an authority or public servant to the benefit of the perpetrators or a third party by
offering, promising or granting any undue advantage or benefit, monetary or otherwise, or to
heed requests in this respect for the purpose of acting or refraining from acting in connection
with the exercise of public functions in order to achieve or preserve a contract, business or
any other competitive advantage in the performance of international economic activities.
5
The reform subjects crimes of criminal bankruptcy to a technical revision founded on the need to establish a clear
separation between conduct that hinders or frustrates enforcement (the kind of conduct that has been traditionally
understood to refer to the crime of concealment of property) and crimes of insolvency or bankruptcy. These two
groups of crimes are now regulated in separate chapters of the Penal Code.
3
Lastly, (i) article 366 of the Penal Code is amended to expand the range of crimes against
public health to include the liability of legal persons6 (Penal Code, articles 359 to 365), (ii)
article 386 is amended so that section 5 includes liability under article 31 bis for crimes of
counterfeiting, and (iii) the new article 510 bis of the Penal Code introduces the liability of
legal persons for crimes committed on the occasion of the exercise of fundamental rights and
public freedoms guaranteed by the Constitution in relationship with provocation, hate or
violence as defined in the new wording of article 510 of the Penal Code.
Madrid, 22 April 2015.
Mar de Pedraza
Managing Partner
6
Under the pre-reform wording of the Penal Code, legal persons are liable only under article 31 bis for the crime of
drug trafficking under article 368.
4