The reform of Spain’s Penal Code and corporate liability – Cuatrecasas Gonçalves Pereira

December 2010 saw the reform of the Spanish Penal Code introducing criminal liability for companies for the first time – this is a significant change in the basic principles of Spanish criminal law. Such changes may require substantial operational changes to businesses already operating in Spain, or those businesses which wish to operate in Spain.  Although it is quite evident that the adaptation of firms to the new corporate compliance requirements must be done slowly and with strict adherence to the highest standards of business organisation, it is also true that the implementation of appropriate control systems, regulatory enforcement and crime prevention should begin as soon as possible. Failure to do so may result in severe criminal consequences at both corporate and Director level.


Organic Law 5/2010 entered into force on 23 December, just a few weeks ago, establishing the most far-reaching reform of criminal law in Spain since the approval of the Criminal Code in 1995. This major legislative change affects numerous issues, but one of the key aspects of the reform is perhaps that of business-related criminal law.


The reformed Code introduces new offenses in the Spanish legislative system that are closely related with the world of business and entrepreneurial activity, such as mobbing, landlord harassment, investor defraudment and private-party corruption, to name but a few. Organic Law 5/2010 also substantially modifies the definition of existing property and financial, environmental, and town-planning offenses, as well as offenses against the public authorities.

However, the main innovation of the reformed Code is unquestionably that, for the first time, Spanish legislation attributes criminal liability to legal persons, with them becoming directly exposed to criminal law, and considered as capable of committing offenses and of being punished with sanctions.

The reform structures this new criminal liability applicable to legal and collective persons around a kind of criminal statute applicable to legal persons, the contents of which are scattered throughout the Code. This statute, which we could call the “criminal code for legal persons” regulates all matters relating to the new criminal liabilities, from the offenses legal persons can commit (including a list of approximately 31 offenses) to the possible mitigating circumstances and sentences applicable (ranging from fines to the dissolution of companies).

Key among the provisions of the reformed Criminal Code is the criterion adopted by the legislator to attribute criminal liability to legal persons, who may be considered fully liable for their deeds (i.e., they may be sentenced as wrong-doers) in two cases, namely: (i) if a director or representative commits an offence benefiting the legal person; and (ii) if the offence benefiting the legal person was committed by one or more of its employees, rather than by a director or representative, where the sanctionable act was made possible, because the legal person concerned did not exercise due control over its employees and their activities. This second form of liability entails consequences of enormous importance.

The inclusion in the Criminal Code of a route by which legal persons can be accused of offenses based on “due control” criteria (known in academic terms as “organizational culpability”) implies the de facto enshrinement, for the first time, in Spain of a general legislation requirement for companies to implement an effective system of supervision and control over regulatory compliance and crime prevention, frequently referred to under the rubric of corporate compliance. It is, of course, true that specific precedents, until now requiring regulatory compliance on a partial or industry basis, already exist in Spain, particularly regarding anti-money laundering provisions, prevention of mobbing in the workplace, and transparency and good governance in listed companies. However, Spanish law had never before imposed such a wide-ranging duty of compliance as that referred to here, which spans almost every branch of business activity and over 30 offenses, from tax evasion through fraud, bribery and concealment of assets to planning and environmental offenses, and private-party corruption.

Although it is evident that companies operating in Spain will need time to adapt to these new corporate compliance requirements, and that such adaptation must respect stringent entrepreneurial organization criteria, it is no less so that companies must start to implement the appropriate systems of regulatory compliance and crime prevention as soon as possible to avoid being affected by criminal law contingencies and to prevent their directors from being exposed to serious risks of personal liability arising from the reform of December 23, 2010.

Alfredo Domínguez Ruiz-Huerta is a Senior Associate of Cuatrecasas, Gonçalves Pereira’s criminal law practice and coordinator of the firm’s Corporate Compliance Group