The compliance officer’s role in a company
As noted in our previous articles (links to articles 70 and 71), the imposition of criminal liability on legal entities, as a result of the Spanish Penal Code reform, calls for proper control by the legal representatives of a company. Thus, the role of the compliance officer is vital in order to achieve strict compliance now required of companies and to implement appropriate compliance control systems and crime prevention plans. These actions will prevent a company from incurring contingencies of a criminal nature and the administrators from incurring serious risks of personal liability.
The recent reform of the Spanish Penal Code includes extenuating circumstances and liability exemptions in regards to the liability of legal entities, as long as they have adopted an effective crime prevention plan. In case of the commission of a criminal offense, a company’s exemption from liability will depend on the effective implementation of the plan (criminal compliance):
- The company will be exempt from all criminal liability if it can establish full suitability and compliance of the prevention plan
- Partial implementation of the plan will serve as a mitigating factor in sentencing
The role of the compliance officer is crucial in order to avoid any form of criminal liability, especially since the slightest incident can put the reputation of a company in jeopardy, put its practices in question, and even threaten its existence (in addition to the imposition of severe fines, an order of suspension of activity, etc.)
A crime prevention plan must contain a set of basic elements such as the existence of a compliance officer, a channel for complaints, an outline of potential risks, a codebook with sanctions, measures for amendments, etc. It is part of the duties of a compliance officer to establish such a prevention plan, keep it updated, and adapt it to the operation of the company in order to comply with the relevant audits that will be conducted by an independent consulting firm. The organizational and management plans must fulfil the following requirements (criminal compliance):
- Identify the activities within which an offense could be committed so these offenses can be prevented
- Establish protocols and procedures that demonstrate the legal entity’s will to adopt and implement the necessary measures
- Allocate appropriate financial resources to the management plan in order to effectively prevent the commission of crimes
- Make the reporting of potential risks and defaults to the administrative body responsible for overseeing the functioning of the plan mandatory
- Establish a disciplinary system that will adequately sanction the failure to comply with the measures established by the plan
- Conduct a periodic review of the plan and propose any changes that relate to newly relevant offenses, organizational changes in the control structure or business, etc.
The role of the compliance officer, however, is not limited to reducing risks so that a company can avoid penalties. The officer should also ensure the good management of the business activity in compliance with professional standards, national and international regulations, established business practices, identify and manage legal and reputational risks, and uphold the ethics, values and standards of the company.
A good compliance officer must take into account the company’s objectives when tailoring the prevention plan. The officer must also have an extensive knowledge of the field so the officer can make recommendations for the implementation of measures that, along with management-related regulations, will serve to help avoid certain risks.
Finally, the compliance officer should keep abreast of new risks that could arise in order to promptly take the appropriate corrective measures: rules and amendments, and/or training and staff development.
Laura Chetail & Nicolas Melchior