News

The implementation of organizational and management models for crime prevention implicitly involve the adoption, by companies’ management bodies, of strategic decisions aimed at promoting ethical culture and regulatory compliance in organizations. They not only provide protection for the legal entity in the event of criminal proceedings, but also allow the company’s activity to be organized and managed preventing risks from materializing, in this case criminal risks, with an obvious environmental, social and governance (ESG) impact.

Within the regulatory areas affecting sustainability, the criminal area is noted for its transversality and is the last resort. Thus, crime prevention models can be considered a significant indicator of the management of ESG factors currently required of sustainable companies.

This is the view of Beatriz Bustamante, principal associate of the Garrigues Litigation and Arbitration Department, and Juan Pablo Regojo, director of the Compliance Unit of the Nueva Pescanova Group, who have analyzed the Models of organization and management in companies for crime prevention from a practical perspective, in a new edition of The Garrigues Sustainable Dialogs, moderated by Gabriel Castro, Litigation and Arbitration partner at the firm.

Origin of criminal compliance in Spain

Criminal compliance became established in Spain with the 2010 reform of the Criminal Code, article 31 bis of which introduced the possibility of companies committing offenses. However, that reform, as Bustamante recalled, “was very limited, there was no further implementation and companies were very doubtful about how to apply it”. For that reason, in a subsequent reform, in 2015, “the system of criminal liability of companies was developed and the final incentive was included: to establish conditions the fulfillment and proof of which could exempt a company from criminal liability”.

The necessary coexistence of sustainability and compliance arose with Law 11/2018 on the Nonfinancial Information Statement (NFIS). As pointed out by Regojo, it was a milestone which “imposed a widespread obligation to issue an NFIS”, to which listed companies and businesses in regulated sectors subject to supervision of the CNMV (National Securities Market Commission) and of Banco de España were already accustomed: “Companies of that kind handled with a certain ease the correlation or the coexistence of compliance and sustainability functions. But the 2018 legislation posed a formidable challenge for companies that had not been doing so. It was then that the corporation realized the importance of compliance, since the NFIS largely feeds of the system of compliance”. In his opinion, “it was easier for organizations which in 2018 already had a minimally robust criminal compliance function to arrange and provide a system for preparing their NFIS. The relationship between sustainability and compliance became more necessary than ever”.

Juan Pablo Regojo also pointed out that one of the things that has most helped compliance was the fact that the NFIS must be checked by an independent third party: “It is a way of auditing your own system of compliance and is a very useful tool”. He also emphasized the transparency required by the NFIS: “It clearly lays you bare before your stakeholders. It places on record that we are trying to do things right”.

In this respect, he pointed out that sustainability forms part of the corporate DNA of Nueva Pescanova, which has a sustainability program based on four pillars: planet, persons, product and communities. “We ensure, in our entire value chain, observance of ethical and legal requirements, both of hard and soft law, in which the compliance function and our compliance system are interlinked with sustainability and ESG factors”.

Trials and challenges when implementing a compliance model

Gabriel Castro asked Regojo about the principal challenges or difficulties in his experience when implementing criminal compliance models: “The first thing is to adequately locate the risks within the entire risk management system of a multinational like ours, with different challenges in each country. Being guided by internationally accepted instruments has helped us a lot for that purpose. We have tried to create our own internal compliance system, at corporate level, that works and can be used in every country and then adapt it to the specific needs of each jurisdiction. That is the great challenge: to standardize the different requirements of each country”, the Nueva Pescanova executive replied. He added that “the other great challenge is to create a corporate culture of compliance, of ethics in the organization; that criminal compliance is present in decision-making and in business, as just another risk that the management body must take into account when taking decisions”.

The keys for implementing good criminal compliance

“Every compliance system rests on two pillars: the diagnosis (to what risks is the company exposed due to its activity) and how those risks are dealt with (the measures that contribute to avoiding them)”, Beatriz Bustamante noted. “When a company decides to do its homework in relation to prevention, criminal compliance is a good place to start. It is also a coherent and transversal framework in relation to other non-criminal regulatory frameworks”, she pointed out.

Bustamante emphasized that companies must implement and be able to prove to a possible third party that the organization has a prevention culture in relation to the criminal risks to which they are exposed due to their activity. In this sense, the 2015 reform established the roadmap with the elements that crime prevention models must contain so that the company can be exempt from criminal liability in judicial proceedings. “This roadmap can be adopted as a reference framework to avoid the commission of offenses within companies although it can also allow these grounds for exemption to be availed of”, she noted.

Crime prevention models are thus linked to ESG principles

As regards the link between criminal compliance and ESG principles, Beatriz Bustamante pointed out that “in crime prevention models, compliance constitutes a very significant indicator of companies’ behavior in relation to the abbreviations ESG. The E, the environment, in the context of the criminal compliance model concerns the identification of the risks arising from environmental offenses, and more than identifying them, how one combats them. The S imposes on companies requirements which, in the criminal area, concern the prevention of risks related to a series of offenses for which companies can be criminally liable, such as human trafficking, violations of moral integrity, etc.; and others that are closely concerned with this S, but for the commission of which companies cannot be held criminally liable, although they are normally considered in crime prevention frameworks: violations of workers’ rights, and more specifically, of health and safety. And, finally, the G is linked to the organizational model, who does what in relation to crime prevention in organizations. It is not only the compliance body that must supervise the functioning and observance of the criminal compliance model implemented, but also, in a well-considered system of organization and management of criminal risks, all concerned must assume roles in relation to crime prevention”.

Juan Pablo Regojo emphasized that “compliance avails of proof of sustainability as measures for monitoring and prevention of compliance risks. Sustainability greatly helps compliance to prevent those risks. The compliance function is currently valued, not only as a mechanism for defending the legal entity if it is the subject of investigation in criminal proceedings, but also because of the help that it offers to sustainable development objectives, to ESG principles”.

In conclusion, he highlighted “the need for compliance models to be approached by companies from a sustainability perspective and taking ESG factors into account, which also allow, in the case of multinationals, the different regulatory requirements of the various countries to be standardized, since ESG criteria are universal and global and do not depend on the local rules of each country”.