

Bilanx Compliance
Who are we?
BILANX is an independent company of professional services specialised in the economic and legal aspects of advice and support to companies.
Since it was founded in 1978, we have been providing companies with a wide range of integrated advisory and business management services. Our staff is mostly of lawyers, economists and auditors, specialised in the different aspects and areas of law and economics.
At Bilanx we always work respecting our 6 key values:
Bilanx is a memberof:
What is Criminal Compliance? At what point did it become particularly relevant in Spain?
Criminal Compliance is a set of rules, instruments and procedures that are established in order to prevent, detect and investigate internally the commission of criminal actswithin a legal person.
In this way, Criminal Compliance generatesa genuinecompliance culture within the organization.
Criminal Compliance gained its leading role in Spain as a result of the reform of the Criminal Code carried out in 2010. At that time it was established, through its Article 31 bis, the criminal liability of legal entities. In this way, the classic principle of criminal law was defeated society of basel can’t (“Society cannot commit crimes””) So, and since then, the crime committed by a natural person can generate criminal liability to the legal person.


When can legal entities be held criminally liable?
When the crime is committed by the legal representatives of the legal entity or by those persons who, acting individually or as members of an organ of the legal entity, they have decision-making, organizational or control powers within the legal entity, provided that the following conditions are met simultaneously:
- The crime was committed in the name or on behalf of the legal entity.
- The crime was committed for the direct or indirect benefit of the legal entity.
When the crime is committed by persons who are subject to the authority of the legal representatives of the legal entity or to that of those persons who have decision-making, organizational or control powers within the legal entity, provided that the following conditions simultaneously concur:
- The crime was committedin the exercise of social activities.
- The crime was committed on behalf of the legal entity.
- The crime was committed for the direct or indirect benefit of the legal entity.
- The crime was committed due to a serious breach of the duties of supervision, surveillance and controlby the legal representatives of the legal entity or those persons who have decision-making, organizational or control powers within the legal entity.

What crimes can legal entities commit?
The crimes that can be imputed to a legal person constitute a numerus clausus list; that is, legal entities can only be held criminally liable for the commission of certain crimes. Most of them are criminalized in the Criminal Code.
Notwithstanding the foregoing, this list, despite being closed, includes a multitude of crimes.




What penalties can be imposed on legal entities?
The penalties that legal entities may incur are always considered degraves.
- Fine by installments or proportional.
- Dissolution of the legal entity.
- Suspension of business activities.
- Closure of premises and establishments.
- Prohibition of carrying out in the future activities in the exercise of which the crime has been committed, favored or covered up.
- Disqualification to obtain subventions and public aid.
- Disqualification from contracting with the public sector.
- Disqualification to enjoy tax benefits and incentives or Social Security.
- Judicial intervention, to safeguard the rights of workers or creditors.
On the other hand, we cannot forget that,along with the penalty for the legal entity, the corresponding penalties will be imposed on the natural persons who have committed the criminal act.


How can the criminal liability of legal entities be avoided or mitigated? The important role of Compliance Programs
The criminal liability of legal entities can be avoided or, where appropriate, mitigated, through Compliance Programs(or Regulatory Compliance Programs), which were born in Spain in 2010. However, their requirements as exempting or mitigating agents from criminal liability were established in the Criminal Code in 2015.
In fact, the Courts of Justice, in their daily practice, request legal entities criminally charged to submit Compliance Programs, in order to assess the exemption from the penalty, or the mitigation of it, where appropriate.

In addition to the possible exemption or mitigation of the penalty to the legal entity, Compliance Programs offer other benefits to organizations, among which the following stand out:
- They promote a true organizational ethical culture.
- They generate trust for investors, customers, suppliers and employees.
- They offer a good reputation of the organization.
- They create business value, as well as a competitive advantage.
When the crime has been committed by the legal representatives of the legal entity or by those persons who have decision-making, organizational or control powers within the legal entity, provided that the following requirements are met:
- The Management Body has effectively adopted and implemented, prior to the commission of the crime, Compliance Programs that include the appropriate surveillance and control measures to prevent crimes of the same nature or to significantly reduce the risk of their commission.
- Monitoring performance and compliance with the Compliance Program is implemented has been entrusted to a body of the legal entity with autonomous powers of initiative and control, or that you have entrusted to legally monitor the effectiveness of the internal controls of the legal person.
However, in the case of SMEs (PYMEs), the supervisory functions of the Compliance Program can be assumed directly by the Management Body. - The individual perpetrators have committed the crime by fraudulently evading the Compliance Program.
- There has been no omission or insufficient exercise of the functions of supervision, monitoring and controlby the body of the legal entity with autonomous powers of initiative and control or which is legally entrusted with the function of supervising the effectiveness of the internal controls of the legal entity.
When the crime has been committed by persons who are subject to the authority of the legal representatives of the legal entity or to that of those persons who have decision-making, organizational or control powers within the legal entity, provided that the following requirement is met:
- Prior to the commission of the crime, the legal entity has effectively adopted and implemented a Compliance Program that is appropriate to prevent crimes of the nature of which it was committed or to significantly reduce the risk of its commission.

On the other hand, the Criminal Code establishes that if the requirements cited in both cases can only be partially credited,this circumstance will be assessed for the purposes of mitigatingthe penalty.
What requirements must Compliance Programs meet to act as mechanisms exempting or mitigating the criminal liability of legal entities?
- They mustidentify the activities in the scope of which the crimes to be prevented can be committed.
- They must establish the protocols or procedures that specify the process of formation of the will of the legal entity,decision-making and execution thereof in relation to them.
- They must have adequate financial resources management models to prevent the commission of the crimes to be prevented.
- They must establish a disciplinary system that adequately punishes non-compliance with the measures established in the Compliance Program.
- They should include the realization of a regular verification of the program itself, as well as a possible modification of the same when relevant violations of its provisions are revealed, or when important changes occur in the organization, in the control structure or in the activity carried out by the legal entity.

Do SMEs (PYMEs) also need a Criminal Compliance System?
Of course I do. It is often believed that Criminal Compliance only affects large multinationals and listed companies. However, this conception is erroneous, because there are also criminal risks in an SME (PYME). Such risks are inherent in the development of any economic activity and are independent of the size of the organization.
Notwithstanding the foregoing, it is true that the preparation of Compliance Programs must take into account the particularities of the organization in question. In this sense, the programs must be personalized:they must be developed taking into account the specific circumstances of the organization, such as its size, the sector of activity or the geographical area in which it operates.
In fact, the Attorney General’s Office of the State dictates that the Compliance Program must be prepared considering the uniqueness of the organization. Therefore, generalist Compliance Programs do not operate as exemptions or mitigations from the criminal liability of the legal entity.

What Criminal Compliance services do we offer?
At Bilanx we offer a comprehensive and personalized Criminal Compliance service, which consists of the preparation and complete management of the Compliance Program. This management covers implementation, monitoring and updating.
Therefore, the service we offer at Bilanx aims to establish an authentic compliance culture in the organization, with the aim of preventing the commission of criminal acts.


Criminal Compliance Programs are prepared and managed taking into account the requirements established by:
- The Article31band following of the Criminal Code.
- The Circular of the Attorney General’s Office 1/2016, of January 22, on the criminal liability of legal entities in accordance with the reform of the Criminal Code made by Organic Law 1/2015.
- The Jurisprudence of the Supreme Court.
Likewise, Criminal Compliance Programs are prepared and managed through the application of the technical standards that exist on Compliance Management Systems, which are created by expert organizations, both global and national.

We use, preferably, the rule UNE19601“2017 “Criminal Compliance Management Systems. Requirements with guidance for their use” . This standard was created by the Spanish Association for Standardization, and constitutes the most important Spanish reference framework in the field of Criminal Compliance. This is so for the following reasons:
- It is aligned with the requirements for the preparation and management of Compliance Programs established in the Spanish Penal Code.
- It allowsto adopt, implement, maintain and improve a Criminal Compliance Management System.
- It iscertifiable. In this sense, certification is a process by which it is demonstrated, through an expert and independent third party, and objectively and impartially, that the specific Compliance Program meets the requirements of the reference standard (in this case, it would be the UNE 19601).
- Certification is not mandatory, but it does offer certain guarantees for the purposes of assessing the suitability of the Compliance Program.
Notwithstanding the foregoing, we also apply the following technical standards on Criminal Compliance Management Systems:
- ISO 37301:2020 Standard “Compliance Management Systems. Guideline”:ISO 37301:2020 Standard “Compliance Management Systems. Guideline”:
It constitutes the international standard par excellence to comply with general legality. It was published in October 2020, and comes to replace the ISO 19600:2014 Standard “Compliance Management System. Guideline”.
ISO 37301, unlike ISO 19600, is certifiable.
- Standard UNE 19602“2019 “Tax Compliance Management Systems. Requirements with guidance for use”:
It is the Spanish reference standard for the tax field. It is certifiable and can be integrated into the UNE 19601 policy.
- ISO 37001: 2016 Standard “Anti-Bribery Management Systems. Requirements with guidance for use”:
It is the international reference standard for the field of bribery. It iscertifiable.

The Criminal Compliance Programs are designed and managed in a fully personalized and proportionate, taking into account the internal and external circumstances of the organization, such as its size, the sector of activity to which it is dedicated, the geographical area in which it operates or the type of suppliers with which it relates.
To achieve the aforementioned customization, we carry out an exhaustive analysis of the organization, both its business and regulatory context.
The Compliance Manual it is one of the minimum contents of the Compliance Program. It constitutes an guide that contains the set of instructions and procedures of the fundamental aspects of the Compliance System Criminal.
The Compliance Manual helps to understand the operation of the Compliance System and educates all members of the organization about its practical use.

- Context and leadership of the organization and company policies
- Compliance Body and Compliance Officer
- Training program for managers and employees of the organization
- Risk map
- Code of Ethics and Conduct
- Periodic communication channels
- Financial resources management model to prevent the commission of criminal acts
- Protocols of post-criminal actions
- Internal investigation
- Sanctioning regime
- Monitoring of the Compliance Program
- Updating the Compliance Program


- IMPLEMENTATION OF THE COMPLIANCE PROGRAM:
Implementation of the selected controls to reduce the criminal risks detected in the organization. These controls can be financial or non-financial.
- MONITORING OF THE COMPLIANCE PROGRAM:
Evaluation, through the performance of audits, of the effectiveness of the Cumplimiento, basado en la información recopilada previamente.
- UPDATING THE COMPLIANCE PROGRAM:
Modification of the content of the Compliance Program, as a result of the detection of irregularities or alterations that affect the criminal risks of the organization.


Why is training important for the members of the organization?
Because the success of the Compliance Programdepends, to a large extent, on the degree of training and sensitization of the members of the organization, including the workers.
It is of little use to have a perfect Compliance Program if its recipients do not know what the obligations arising from it are.
What service do we offer?
Bilanx offers a training service adapted to the needs of the organization, taking into account the profile of its recipients, including employees.

The advantages of our service are, mainly, the following:
- Concreteness, with an impact on the most relevant aspects.
- Dynamism, with the facilitation of practical examples adjusted to reality.
- Update, taking into consideration and informing of regulatory developments.
- Evaluation, with the provision of tests, to assess the knowledge acquired.
- Flexibility, taking into account the situation we are living due to Covid-19. Possibility of carrying out the trainings through videoconferences.
What is a whistleblowing channel?
A complaint channel is the internal means by which the people of the organization must communicate the detected irregularitiesto the Compliance Officer. The communication of a ”non-conformity” of the Compliance System must give rise to a internal investigation, in order to discover the authorship and the circumstances of the fact.
What service do we offer?
Bilanx offers a comprehensive, personalized service with all the legal guarantees of the management of the internal complaints channel, including the internal investigation procedure.

The advantages of our service are, mainly, the following:
- Achieving high levels of independence.
- Ease of use ofthe complaint channel.
- Effectivenessin the discovery of the author and the circumstances of the fact.
- Security in communications, guaranteeing the confidentiality of the complainant and the investigation.
- A significant reduction in the risk of violating the fundamental rights of suspects in the course of the internal investigation. This avoids possible harmful consequences for the organization.
What is a certification?
Certification is a process by which it is demonstrated that the Compliance Programthat we offer complies with the requirements of the reference standard (such as the UNE 19601:2017 standard).
Certification is not mandatory, but it does offer certain guarantees for the purposes of assessing the suitability of the Compliance Program.
What service do we offer?
Bilanx offers a complete service of processing the certification of the Compliance Program carried out by a third independent expert who actsobjectively and impartially.

The advantages of our service are, mainly, the following:
- Obtaining the certification.
- Issuance of certification by recognizedcertification companies.
- Efficiency and professionalismin the certification process.