Compliance 2017 Compliance_2017 - Page 7

Corporate compliance annual report should be warned that if they are found to be non-compliant by a regulator that extra revenue could be “clawed back”. In addition, the partner says there is a lack of enforcement in relation to compliance in Portugal, partly because there are few prosecutors specialised in the relevant fields of financial crime. Meanwhile, Salazar Casanova says that the majority of companies in Portugal are small and medium-sized enterprises, so it can be difficult to “convince them to spend money on compliance”. With regard to the issue of Clients face the how smaller challenge of preventing companies are impacted by reputational damages. compliance, Paulo de Sá e Cunha another partner Cuatrecasas remarks that “60 per cent of the rules may not make sense [for smaller companies] – the laws are not tailored to all types of potentially say the business did companies”. not act in accordance with your The first step for clients own compliance programme”. concerned about the issue of However, Salinas adds that compliance is a risk assessment, smaller companies often complain one partner explains. “Clients have that they have to comply with to understand the specific risks many onerous regulations that are associated with their industry – the not really applicable to smaller main problem is in less regulated businesses. Despite this, Salinas sectors where it can be difficult says that businesses that are not to sell compliance to clients.” compliant face reputational risks Directors need to understand that as well as potentially having their being a member of a board is a company shut down. “risky bus iness”, lawyers say. The law in relation to “We need to explain to directors compliance is much clearer in that they are personally liable for Spain than it is in Portugal, fines imposed on a company – according to Sá e Cunha. “In for example, fines in relation to Portugal, we try to block liability, breaches of labour rules.” but in Spain the law helps The risk of facing litigation litigators,” he adds. One of the – as well as financial risks key issues related to compliance and reputational risks – are is that, especially with regard to “increasing every day,” lawyers financial institutions, “compliance say. Furthermore, there is a lack doesn’t generate revenue,” of “adequate early detection” says one partner. “So there is a of potential compliance-related constant stress between business risks. In addition, businesses and compliance – another major that are non-compliant are at struggle is the culture, you need risk of a backlash from their to train staff in compliance.” clients, with customers likely to However, the partner adds that if be less collaborative if they find clients believe that by not-being out about regulatory breaches, compliant they will be able to lawyers warn. generate more revenue, they media,” he says. Clients need to see compliance programmes as “potential litigation problems,” Sá e Cunha adds. It is for this reason, according to one partner, that litigators are “in a better position [than lawyers from other practice areas] to evaluate compliance risks”. CCA Ontier partner Henrique Salinas says that, in cases of suspected non-compliance, regulators want to “really check there is a compliance programme, because then they could “ www.iberianlawyer.com ” Spain: What are currently the biggest compliance-related risks clients face? “Not having a corporate compliance model implemented may mean not having identified the risks a company may be facing in the performance of its business activities and consequently, not being completely compliant with the law. Infringements of the law may imply civil, administrative and labour-related liabilities, while criminal liability is one of the most significant risks companies, its directors and employees may be facing. Having a tailor-made corporate compliance model significantly reduces the risk of liabilities emerging.” Vanessa Fernández Lledó, partner, Gómez-Acebo & Pombo “Any company, regardless of its size, nature or business activity, needs to be provided with a compliance management system that is proportional to its risks and facilitates the spread of a compliance culture. In Spain, the amendments to the Criminal Code made in 2010 and 2015 include an obligation for all Spanish companies to have a model for identifying, preventing and managing criminal risks in a proper way. In this regard, organisations need to understand that a suitable compliance management system, proportional to its internal and external circumstances, may be able to identify all kinds of risks if it is correctly deployed and regularly updated.” Alain Casanovas, head of legal compliance services (Spain), KPMG Abogados “Legal entities have criminal liability and are likely to be accountable for the crimes committed by directors and/or employees of the company. Such criminal risks are likely to be reduced and/or eliminated by implementing a criminal compliance programme.” Xavier Altirriba Vives, partner, Roca Junyent “The biggest compliance-related risk in Spain is the criminal liability of legal entities and the new European regulation related to privacy and data protection. In addition to that, companies who outsource part of their services face an additional compliance risk because they could be seriously harmed by a third party’s failure. All these compliance-related risks could imply serious consequences for a company and its directors, with serious penalties, economic fines and reputational damages.” Nieves Briz, partner, Jausas May / June 2017 • IBERIAN LAWYER • 43