There have not been enough sentences regarding corporate risk and compliance management by companies in Spain. This is basically because, even if the introduction of legal entities criminal responsibility occurred in 2010, Spain’s judicial procedure is very slow and most of the cases are still under investigation; only a few of them have been tried. That being said, and while some provincial courts have issued sentences concerning this matter, the leading case law comes from cases that the Supreme Court has reached.
So far, the Supreme Court has only issued a few sentences. The most important are the following.
Sentence No. 514/2015, 2 September 2015
The first ruling, dictated on 2 September 2015, was related to a fraud crime and concerned the criminal responsibility of companies. It indicated that any conviction of a company must comply with the basic principles of criminal law. Hence, the importance of this judgment is that it considers that companies are subject to the application of the principles of criminal law within a criminal proceeding where an individual is affected. However, the failure risk and compliance management was not assessed.
Sentence No. 154/2016, 29 February 2016
On 29 February 2016, the Supreme Court issued a sentence that, in relation to a drugs offence case where there were no compliance measures, states that constitutional rights and guarantees also apply to legal persons. Moreover, it indicates that the nature of criminal liability of companies is of self-responsibility meaning that, unlike the state prosecutor’s criteria, which understand that a compliance system is configured as an absolute excuse, the presence of appropriate mechanisms of control implies the very inexistence of the crime.
The judgment also considers that the accusing parties should prove that there were not any instruments of compliance to avoid the commission of the crime and, additionally, that liability has to be established on the basis of the analysis of whether the offence committed by the individual under the wing of the legal entity (body corporate or legal person) has been facilitated by the absence of a ‘culture of respect for law’, which should be demonstrated in concrete ways (tangible manifestations or forms) of surveillance and control.
Sentence date no. 221/2016, 16 March 2016
According to another acquittal sentence dictated on 16 March 2016, the public prosecutor should make the same prosecutor effort for legal persons as for individuals, as they are subject to two different prosecutions, each being liable for their own offence. Even if the system is vicarious, that does not mean that criminal principles become secondary - all of the guarantees must be fulfilled.
Sentence date no. 516/2016, 13 June 2016
On 13 June 2016, another sentence from the Supreme Court rejected an appeal against an acquittal because, at the time when the offences were committed, article 31-bis had not been signed. There was no criminal liability allocated to the legal person from the prosecuting parties. It also states that an accusation against the legal person does not exclude the liability of the individual acting as its representative where there are elements of participation of the individual.
Sentence date no. 445/2017, 21 June 2017
Another illuminating sentence was the one issued on 21 June 2017. Although it was not the case or even a key point of the resolution, the Supreme Court highlighted that, in order to convict a legal person, the crime must have been committed not only in the course of corporate business and for its account but also to its direct or indirect benefit. Therefore, the legal person cannot be held criminally liable if it was aggrieved and adversely affected by the crime, even when it was committed in the course of corporate business and for its account.
Sentence No. 583/2017, 19 July 2017
The sentence issued on 19 July 2017 has not been seen as being as important as those previously mentioned. However, it sheds a light on different issues. It rules about a legal person’s domicile, standing that its scope is the one stipulated by article 554.4 of the Criminal Procedure Act, whether or not the legal person is being investigated by a court.
The sentence also implies that mitigating circumstance consisting of undue delays might be applied to legal persons (a question which had not been clear for commentary). Moreover, the resolution points out that in order to set aside the legal persons’ right to presumption of innocence it is necessary to prove beyond a reasonable doubt three items:
- the crime has been committed on its behalf by:
- (i) their legal representatives;
- (ii) by parties who, acting individually or as members of a body of the legal person, are authorised to take decisions in the name of the legal person or hold powers of organisation or control within said legal person; or
- (iii) by parties subject to the authority of natural person referred to in (i) and (ii);
- the crime has been committed to their direct or indirect benefit; and
- the legal person has not implemented organisational and management models according to conditions established under article 31-bis 5 CC (see question 7).
Sentence No. 316/2018, 28 June 2018
The Supreme Court rendered a sentence on 28 June 2018 which highlighted that directors and officers liability insurance can require the insured to implement a compliance program. With this ruling, the insurers guarantee the reduction of the risk of the duty to indemnify, by lowering the possibilities that the commission of a criminal offence. However, the key point of this resolution is that the Supreme Court demonstrated that it is aware of the growing importance of the compliance programs in the insurance sector and, in general terms, in mercantile traffic. It is the first resolution that refers to third parties compliance.
Sentence No. 489/2018, 23 October 2018
The judgment handed down on 23 October 2018 directly ruled on companies’ faculty of control on their employees regarding the commission of criminal offenses. The sentence embraced the jurisprudential doctrine of the European Court of Human Rights on the control of electronic communications at work (the so-called Bărbulescu II doctrine).
The European resolution can be seen just as a crystallisation of the doctrine of Spanish Constitutional Court on the same issue. However, the latter only applies on labour jurisdiction while the former does not distinguish. Therefore, the importance of the commented sentence lies in the fact that criminal jurisdiction now counts with basic but clear criteria.
A lack of a reasonable expectation of privacy is the keystone of accessing to companies’ electronic means used by employees. To sum up, in cases where the employee accepted and signed a company’s internal policy, the content of which warned about the prohibition of the private use of professional assets, as well as the company’s faculty of controlling the proper use of such assets, the employee would have no reasonable expectation of privacy when using the corporate assets (even when it contained private information).
Sentence No. 506/2018, 25 October 2018
Last but not least, the Supreme Court issued a sentence on 25 October 2018 that ruled that even if the conviction of the legal person does not require a previous conviction of an individual, corporate criminal liability is not completely detached from individual criminal liability. Thus, if the acts of the individual are not unlawful, no corporate criminality can be imposed.
Back to top