Corporate compliance annual report
Spanish SMEs struggling to adapt to criminal code
reforms
Many companies do not invest enough time creating decent compliance programmes, with some
mistakenly thinking ‘cut and pasting’ a programme is sufficient
María Hernández
Spanish companies, particularly small
to medium-sized enterprises (SMEs),
are still struggling to meet increasingly
onerous corporate compliance standards.
Reforms to the criminal code, which
came into force in 2015, have significantly
raised the profile of compliance and made
it a key part of any corporate defence
against criminal liability. However,
most companies have yet to adapt to
meet these new requirements, warns
María Hernández, partner at Eversheds
Sutherland and head of the firm’s Spanish
corporate compliance department.
“My view is zero risk will never exist
because a corporation cannot get into the
mind of someone who wants to break
the law, but what they must do is show
that they did as much as possible to
train staff,” says Hernández. “One of the
mistakes that companies make is having
a strong culture of compliance, but failing
to document anything – you need to prove
what you did, and you need to provide
the evidence that you made a lot of effort.”
While companies increasingly
recognise that they must act on
compliance – especially given the
monetary sanctions and reputational
damage that might occur if things go
wrong – many don’t invest enough
time in creating a decent compliance
programme. “The number one mistake is
that companies think they can copy and
paste a corporate compliance programme
and then they think they have a
programme,” says Hernández. “You need
to tailor your own programme and you
need to communicate it to, and train,
your employees and third parties.”
The importance of tailoring a
programme is especially important in
industries that interact with third parties.
One example is the hospitality industry –
for example, the criminal risk that could
arise if prostitutes use hotel rooms for
their business.
“Clients need to realise that third
parties are the ones that can leave
companies exposed to certain crimes,”
says Hernández. “So third party
programmes are very important.”
New data protection and anti-money laundering
regulations raising awareness of need to be compliant
Henrique Salinas
Recent regulatory developments related
to data protection and anti-money
laundering are increasing awareness
of corporate compliance among clients
in Portugal, according to CCA Ontier
partner Henrique Salinas.
The EU´s General Data Protection
Regulation and its fourth Anti-Money
Laundering Directive are driving
an increase in demand for corporate
compliance services in Portugal,
although many corporates still fail to
appreciate the importance of having a
strong compliance function, Salinas says.
“A lot of companies aren’t aware of the
importance of corporate compliance and
they only have a compliance officer if it
is mandatory.”
Regulated sectors including banking
and finance and life sciences have
traditionally had a better understanding
of compliance issues, but awareness
is growing in all areas of business,
Salinas remarks. Changes to the Spanish
46 • IBERIAN LAWYER • May / June 2017
Criminal Code – which introduced
criminal liability for directors – have
had an impact on the Portuguese
market, he adds. “This kind of
provision does not exist in Portugal,
but we have close business ties with
Spain and we often work with Spanish
clients who need to adapt their
compliance programmes to Portuguese
legislation.”
The risks faced by clients range
from financial penalties to criminal
proceedings or even the suspension
of their activity, Salinas says. The
impact of reputational damage can be
significant, says Salinas, who points
to EDP – Energias de Portugal´s stock
market troubles as an example of the
impact of non-compliance on even well-
established businesses. “The fines are
substantial, and with the most serious
offences, companies face a temporary
suspension of activity or even the
shutting down of the company.”
www.iberianlawyer.com