Monday, 16 June 2014 16:42

Corruption reform in Spain: the key differences from UK Bribery Act

Often when people think of corruption they think of it as a problem of emerging markets; however, a recent study by the European Union (Special Eurobarometer 397 on Corruption) showed that corruption is considered to be a significant problem throughout Europe. 

Often when people think of corruption they think of it as a problem of emerging markets – something that does not happen in the “old world”; however, a recent study by the European Union (Special Eurobarometer 397 on Corruption) showed that corruption is considered to be a significant problem throughout Europe. 

By Andrew Henderson, The Red Flag Group, London

In Spain, the vast majority of respondents to the study thought that corruption was widespread in their country (95 percent). Most had been personally affected by it (63 percent), and many thought that it was getting worse (77 percent).

While Spain has been a signatory to the Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials since 2000, and the United Nations Convention against Corruption since 2006, the primary focus of corruption prosecutions in Spain has been against the domestic bribery of government officials.

Since 2000, there have been no convictions for overseas bribery and no investigations against corporate entities. Partly in response to pressure by the OECD, in September 2013 the Spanish government approved a reform of the Spanish Criminal Code, which changes the law relating to corruption. Under Spanish constitutional law, it is now for the Spanish Parliament to approve the reform by absolute majority. Once approved, the new law will come into force six months after publication on the Boletín Oficial del Estado.

The reform introduces substantial modifications to the existing law. For the first time, criminal liability lies with the company and the board or any representatives acting on the company’s behalf unless they can prove that they implemented the necessary risk controls (i.e. compliance programmes). The reforms also make it easier to prove bribery where the intention of the recipient is not known.

This reform is a continuing evolution of the law, as prior to 2010 there was no corporate criminal liability for corruption as part of the Spanish Criminal Code. The 2010 changes provided the transfer of liability from the legal representatives personally to the legal entity jointly or separately if the crime was for the company’s benefit. The board of a company was then responsible for any crimes committed on behalf of the company, irrespective of whether they were directly responsible. Three years later, and following many cases of corporate corruption (though no successful prosecutions), the Spanish government agreed to implement new changes to the Criminal Code.

What are the changes?

Under the proposed amendments, companies will be criminally liable for the crimes committed in their name (or on their behalf) that benefit the company, either by their authorized representatives or by those not authorised but able to commit the crime due to a lack of controls. Companies may be exempted from liability, however, if it can be shown that: 

- The board has adopted and effectively implemented organisational and management measures that include monitoring and controls to prevent offences supervision and monitoring of the newly-implemented measures have been allocated to an independent body (i.e. a compliance function) within the company with powers to control it (which can remain with the board in smaller organisations)

- An individual committed the crime by evading the company’s controls  there have been no omissions and no inadequate controls by the compliance function.

- The penalties proscribed to the entity are related to the lack of implementation of a compliance programme rather than as a result of the crime; however, they seem to need to be linked to a successful prosecution of an individual.

Differences from the United Kingdom Bribery Act’s “adequate procedures”

At the conclusion of the risk assessment,the compliance function should prioritise the areas that need attention. The next step is to determine a plan to manage those risks. At a minimum, the legislation suggests that the controls (called prevention guidelines) must:

  • Establish protocols and procedures to be able to make decisions and execute them
  • Include adequate financial resources to help avoid the crimes
  • Include a hotline or similar communication channel for reporting any potential misconduct or risk to the compliance body
  • Establish a disciplinary system that punishes breaches of the guidelines
  • be verified and modified periodically, for example when any misconduct arises or when there are significant changes in the organisation, its structure or activities.

In some ways these changes are aligned with the United Kingdom Bribery Act and its offence of “failure to prevent bribery”and concept of “adequate procedures” for preventing bribery. There are areas where the Spanish regime is lacking behind the British, however.

Firstly, the amendments to the Spanish legislation do not include a requirement for senior management to show their commitment to compliance programmes other than by funding them. While funding of programmes is important, “tone from the top” needs to be far wider than financial support. In best-practice programmes, senior management actively promote the need for compliance in all of their communications and actions. Resourcing of programmes should also be more than purely financial – access to resources such as personnel and systems within the firm is vital to a programme’s success.

Secondly, there is no explicit mention of the concept of associated persons or third parties in the Spanish regime.There is wording about authorized persons and people acting on behalf of the company, but it is not clear whether this includes third parties (whether acting as agents or otherwise) and whether only natural people and legal entities are included. In contrast, other sections in the penal code relating to foreign bribery specifically mention intermediaries. A bribery programme that does not actively consider the risks of bribes being channelled through third-party intermediaries is not likely to be considered adequate. At a minimum, the management of third parties requires a level of due diligence based on the risks posed by the partner (for example, based on the service they provide, their location or their industry) and the follow up of any issues found.

Finally, the amendments do not include  a clear requirement for training and communication. Although this might be considered implicit in the requirements, without a carefully-considered plan for training and communications the training will fail – either not enough information will be delivered or the information that is delivered will not be focused enough to effect real change.

The threat of disciplinary action in the event of a breach, while necessary, should not be the key message. A compliance programme should aim at preventing bribery rather than enforcing punishment after the fact. Since there is no specific guidance associated with the proposed legislation, the desire to implement only what is necessary without excess is likely to be a key issue for many companies. In this situation, help can be sought from external guides (like the United Kingdom Ministry of Justice or the OECD) to provide general direction. Practitioners at these organisations can also offer more specific direction or stipulate benchmarks based on their previous experience with similar companies.

Once a set of adequate procedures has been drafted, costs can be estimated and provided to the board for approval. At this point, the process considered by the legislation seems to be unclear.

If the board approves the plans but the compliance team fails to properly implement them, in the event of an incidence of bribery the company would not be held responsible. So, by failing in their duty to either recommend adequate procedures or implement them, the compliance team would have saved the company from liability (though what punishment would be meted out to the compliance team for this “successful” failure is uncertain).

If the board doesn’t approve the plans and there is an issue, the argument will become whether the proposed plans would have avoided the bribery. If the proposal for funding was excessive, the board would have been correct to reject it. But, if it was reasonable, then the rejection could lead directly to liability. It is not clear, however, whether a board would be in a better position than a compliance team to determine the adequacy of a compliance programme. The board must select its compliance team well in order to trust the risk assessment and plans that compliance proposes. The compliance team, on the other hand, must be careful to propose measures that are reasonable and achievable so as to not fail in their scope, adequacy or implementation.

What does a Spanish company need to do?

So what is likely to be considered adequate as a proposal for an antibribery compliance programme? Like most risk-based programmes, the nature of the work needed will depend very much on the type of company. Local Spanish companies will have far lower obligations placed on them than large multinationals. However, as a minimum, there should be:

  • a comprehensive risk assessment and subsequent board approval, as previously discussed, to provide a plan for the compliance programmes needed, including the metrics and goals that will be used in the annual review process – this can either be performed internally or by using outside resources to facilitate, benchmark or review
  • a code of conduct that sets out the company’s standards, the disciplinary impact of breaches and the ethical expectations on management and employees while also containing a strong message from executive that corruption will not be tolerated
  • demonstration that the senior management actively endorse the programme in their communications and actions to complement the message from executive in the code of conduct
  • documentation in the form of policies and procedures to ensure that all staff and partners are aware of what is expected of them
  • a training and communication campaign to inform staff about the code, policies and procedures
  • a hotline facility to allow reporting of suspected breaches (anonymously if needed)
  • some level of due diligence carried out on any companies that work in locations outside of Spain – due both to the legal positions in the other jurisdictions and, more importantly,to mitigate the reputational impact of any corruption breaches (domestic Spanish companies should also consider a due diligence programme as a method of better understanding their partners)
  • active monitoring of the compliance programme and a regular comprehensive review to ensure that it still meets the needs of the company.

While there are a number of questions raised by the wording of the new legislation that will need to be clarified, in effect it imposes no greater burden on Spanish companies than that imposed on foreign companies by the legislation of their countries. It is essential that companies in Spain build on the experiences of those foreign companies that have created successful corruption programmes in response to their own countries’ legislations.

Conclusion

The key message is to take the new legislation seriously in the boardroom and at the executive-management level. If there is no genuine support from the top, any actions proposed by a compliance function will be ineffective. This support may come from directors, who may have been through investigations in the past, or from those who understand the impact to reputations and to their business.

More information at www.redflaggroup.com

Iberian Lawyer
N.108 • October 2021

IL98 cover SP IL94 cover EN
 

The Latin American Lawyer
N.21 • September 2021

IL98 cover SP IL94 cover EN

IpTmtAwardsSpain 2021 300x100 finalists 1

UIAMadrid 300x100

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

UIAMadrid 300x100

IpTmtAwardsSpain 2021 300x100 finalists 1

IL LatamAwards STD 300x100 1

IPTMTAwardsPT 2021 300x250 Vincitori

IL LatamAwards STD 300x100 1

This website uses cookies

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the IberianLawyer website. However, you can change your cookie settings at any time. Learn more

I agree

What do I need to know about cookies?

A cookie is a small text file that’s stored on your computer or mobile device when you visit a website. We use them to:

  • Remember your preferences
  • Tailor our sites to your interests.

There are different types of cookies

First party cookies

These are set by the website you’re visiting. And only that website can read them.  In addition, a website might use a separate company to analyse how people are using their site. And this separate company will set their own cookie to do this.

Third party cookies

These are set by someone other than the owner of the website you’re visiting. 

Some IberianLawyer web pages may also contain content from other sites like Vimeo or Flickr, which may set their own cookies. Also, if you Share a link to a IberianLawyer page, the service you share it on (e.g. Facebook) may set a cookie on your browser.

The IberianLawyer has no control over third party cookies.

Advertising cookies

Some websites use advertising networks to show you specially targeted adverts when you visit. These networks may also be able to track your browsing across different sites.

IberianLawyer site do use advertising cookies but they won’t track your browsing outside the IberianLawyer.

Session cookies

These are stored while you’re browsing. They get deleted from your device when you close your browser e.g. Internet Explorer or Safari.

Persistent cookies

These are saved on your computer. So they don’t get deleted when you close your browser.

We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.

Other tracking technologies

Some sites use things like web beacons, clear GIFs, page tags and web bugs to understand how people are using them and target advertising at people.

They usually take the form of a small, transparent image, which is embedded in a web page or email. They work with cookies and capture data like your IP address, when you viewed the page or email, what device you were using and where you were.

How does the Iberian Lawyer use cookies?

We use different types of cookies for different things, such as:

  • Analysing how you use the IberianLawyer
  • Giving you a better, more personalised experience
  • Recognising when you’ve signed in

Strictly Necessary cookies

These cookies let you use all the different parts of Iberian Lawyer. Without them services that you have asked for cannot be provided.

Some examples of how we use these cookies are:

  • Signing into the IberianLawyer
  • Remembering previous actions such as text entered into a registration form when navigating back to a page in the same session
  • Remembering security settings which restrict access to certain content.

Performance cookies

These help us understand how people are using the IberianLawyer online, so we can make it better. And they let us try out different ideas.
We sometimes get other companies to analyse how people are using the IberianLawyer online. These companies may set their own performance cookies You can opt out of these cookies here.Some examples of how we use these cookies are:

  • To collect information about which web pages visitors go to most often so we can improve the online experience
  • Error management to make sure that the website is working properly
  • Testing designs to help improve the look and feel of the website.
Cookie nameWhat it's for
Google DoubleClick The IberianLawyer uses Google DoubleClick to measure the effectiveness of its online marketing campaigns.Opt-out of DoubleClick cookies
Google Analytics From time to time some IberianLawyer online services, including mobile apps, use Google Analytics. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us.Opt-out of Google Analytics cookies