Corporate compliance annual report
should be warned that if they are
found to be non-compliant by a
regulator that extra revenue could
be “clawed back”. In addition,
the partner says there is a lack
of enforcement in relation to
compliance in Portugal, partly
because there are few prosecutors
specialised in the relevant fields
of financial crime. Meanwhile,
Salazar Casanova says that the
majority of companies in Portugal
are small and medium-sized
enterprises, so it can be difficult to
“convince them to spend money
on compliance”.
With regard
to the issue of
Clients face the
how smaller
challenge of preventing
companies are
impacted by
reputational damages.
compliance,
Paulo de Sá e Cunha
another partner
Cuatrecasas
remarks that
“60 per cent of
the rules may
not make sense
[for smaller
companies] – the
laws are not tailored to all types of
potentially say the business did
companies”.
not act in accordance with your
The first step for clients
own compliance programme”.
concerned about the issue of
However, Salinas adds that
compliance is a risk assessment,
smaller companies often complain
one partner explains. “Clients have
that they have to comply with
to understand the specific risks
many onerous regulations that are
associated with their industry – the
not really applicable to smaller
main problem is in less regulated
businesses. Despite this, Salinas
sectors where it can be difficult
says that businesses that are not
to sell compliance to clients.”
compliant face reputational risks
Directors need to understand that
as well as potentially having their
being a member of a board is a
company shut down.
“risky bus iness”, lawyers say.
The law in relation to
“We need to explain to directors
compliance is much clearer in
that they are personally liable for
Spain than it is in Portugal,
fines imposed on a company –
according to Sá e Cunha. “In
for example, fines in relation to
Portugal, we try to block liability,
breaches of labour rules.”
but in Spain the law helps
The risk of facing litigation
litigators,” he adds. One of the
– as well as financial risks
key issues related to compliance
and reputational risks – are
is that, especially with regard to
“increasing every day,” lawyers
financial institutions, “compliance
say. Furthermore, there is a lack
doesn’t generate revenue,”
of “adequate early detection”
says one partner. “So there is a
of potential compliance-related
constant stress between business
risks. In addition, businesses
and compliance – another major
that are non-compliant are at
struggle is the culture, you need
risk of a backlash from their
to train staff in compliance.”
clients, with customers likely to
However, the partner adds that if
be less collaborative if they find
clients believe that by not-being
out about regulatory breaches,
compliant they will be able to
lawyers warn.
generate more revenue, they
media,” he says. Clients need to
see compliance programmes as
“potential litigation problems,” Sá
e Cunha adds. It is for this reason,
according to one partner, that
litigators are “in a better position
[than lawyers from other practice
areas] to evaluate compliance
risks”.
CCA Ontier partner Henrique
Salinas says that, in cases of
suspected non-compliance,
regulators want to “really check
there is a compliance programme,
because then they could
“
www.iberianlawyer.com
”
Spain: What are currently the
biggest compliance-related risks
clients face?
“Not having a corporate compliance
model implemented may mean not
having identified the risks a company
may be facing in the performance of its
business activities and consequently,
not being completely compliant with the
law. Infringements of the law may imply
civil, administrative and labour-related
liabilities, while criminal liability is one
of the most significant risks companies,
its directors and employees may be
facing. Having a tailor-made corporate
compliance model significantly reduces
the risk of liabilities emerging.” Vanessa
Fernández Lledó, partner, Gómez-Acebo
& Pombo
“Any company, regardless of its size,
nature or business activity, needs to be
provided with a compliance management
system that is proportional to its risks
and facilitates the spread of a compliance
culture. In Spain, the amendments to
the Criminal Code made in 2010 and
2015 include an obligation for all Spanish
companies to have a model for identifying,
preventing and managing criminal
risks in a proper way. In this regard,
organisations need to understand that a
suitable compliance management system,
proportional to its internal and external
circumstances, may be able to identify
all kinds of risks if it is correctly deployed
and regularly updated.” Alain Casanovas,
head of legal compliance services (Spain),
KPMG Abogados
“Legal entities have criminal liability and
are likely to be accountable for the crimes
committed by directors and/or employees
of the company. Such criminal risks are
likely to be reduced and/or eliminated
by implementing a criminal compliance
programme.” Xavier Altirriba Vives,
partner, Roca Junyent
“The biggest compliance-related risk
in Spain is the criminal liability of legal
entities and the new European regulation
related to privacy and data protection. In
addition to that, companies who outsource
part of their services face an additional
compliance risk because they could
be seriously harmed by a third party’s
failure. All these compliance-related risks
could imply serious consequences for a
company and its directors, with serious
penalties, economic fines and reputational
damages.” Nieves Briz, partner, Jausas
May / June 2017 • IBERIAN LAWYER • 43