This document is not intended to be a doctrinal analysis on the matter, but instead a first approach to the most basic elements of Compliance. Such elements, depending on the specific characteristics of each company, will be developed to a greater or lesser extent and one way or another.
Essentially, Compliance is that activity carried out within a legal entity aimed at ensuring the fulfilling of each and every one of the legal requirements that apply to it. Likewise, Compliance also observes the principles of conduct and guidelines internally assumed by each company.
Considering the previous definition, many of the activities carried out could be framed within the term Compliance. However, the main activity and which in practice will be known as Corporate Compliance is the one dedicated to avoid, on behalf of the legal person (employees, administrators and business partners), the unfulfillment of any of the legal obligations that are applicable and their negative consequences (compensation, fines, penalties, management costs, criminal convictions, reputational damage, etc.).
At this point, we wonder how can the development of an activity/function be achieved that fulfills the purpose contained in the previous paragraph? The answer to this question is constantly evolving, as the systems and methods used for this purpose are created and updated frequently. However, we can determine the following fundamental basis of Corporate Compliance:
- The determination of the company own principles of conduct and its assumption by the company staff in their day-to-day professional activity.
- To identify the legal requirements that are applicable to the legal entity and analysis of its business activity in relation to said requirements to determine, on the one hand, if there is a risk of non-compliance with any of them and, on the other, how probably it is that such risk will materialize and, if so, the impact it would have on the company (monetary, reputational, etc.).
- To manage such risks in the most appropriate way for the legal entity through the implementation of a policies, procedures and control measures aimed at mitigating them and avoiding the commission of illicit acts by the staff of the company.
- The appointment of a person with sufficient power and independence to be able to manage the Corporate Compliance of the company effectively and free of conditions.
- To establish a whistleblower channel through which possible illegal acts and other breaches can be detected and managed.
- To carry out training and periodic communications related to the elements of Corporate Compliance so that all employees are up to date. Likewise, frequently monitor and review the risk assessment and the mitigation capacity of the established control measures.
Depending on the size (turnover, number of employees, business partners, etc.) and the sector of activity to which the company is dedicated, it should be implemented a more or less extensive Compliance Management System with a focus on one or other specific measures depending on the company’s needs.
In this way, an eventual investment in the deployment of a Compliance Management System adapted to the needs of the legal entity will have a return that will be reflected in the reduction of unfulfillments (expenses associated with the management of their negative consequences) and increase of its attractiveness in terms of attracting talent, business partners and new clients.
The information contained in this note should not be considered in itself as specific advice on the subject under discussion, but only as a first approximation to the subject matter, and it is therefore advisable that the recipients of this note obtain professional advice on their particular case before adopting specific measures or actions.
- Main tax measures introduced by the State General Budget Law for 2022Buigas14 de January de 2022
- What is Compliance?Buigas5 de January de 2022
- Royal Decree-Law 32/2021 of 28 December: Labour ReformBuigas30 de December de 2021