Spanish businesses often mistakenly think that having a compliance officer and a compliance programme is enough to stop them being held liable for regulatory breaches, but a change of company mindset is also crucial, says Cristina Coto, Partner at CMS Albiñana & Suárez de Lezo.
“I see too many companies treat a compliance programme as just another legal requirement – they do it, have it and then they put it in a drawer,” explains Coto. Consequently, not only do companies fail to produce an employee manual suitable for attorneys to use in court, they don’t look beyond the bureaucracy and embrace compliance as a social, ethical and cultural requirement, she adds. “There are too many companies where the director of the legal department is very interested in having the perfect compliance manual but the board of directors don’t think the same,” Coto says. “For compliance to be successful in a company, the mindset has to change at the top.” This means the role of compliance officer must be taken more seriously too, she adds.
“Companies believe that having a compliance officer is enough to be safe,” says Coto. “In reality, it’s a position that needs to be at a high level within the company, with enough autonomy to fulfil compliance objectives.” Another issue is there is still a mindset in which it is assumed that being an ethical company means being free from risk altogether, says Coto. “Sometimes when we go to Spanish companies to explain compliance and the Spanish Criminal Code, they say ‘no, that doesn’t happen here, we are a good company, we have no risk’,” she explains. “They are missing the point, risk is inherent in every company – the objective must be to identify and then mitigate or prevent risk – companies must know their risks and put all their efforts into preventing all of them.”