In Spain, the criminal courts have sole jurisdiction to prosecute criminal corporate conduct. The investigation and prosecution of criminal offences therefore falls to the examining magistrates’ courts, which are responsible for conducting the preliminary investigation stage in criminal proceedings. In such role they are assisted by the state law enforcement bodies.

The examining magistrates’ courts conduct preliminary enquiries that are primarily aimed at gathering information and documentation that may serve as evidence (searches, interception of communications, etc.). In such enquiries they may take precautionary measures to ensure that the proceedings are conducted effectively (preventive or provisional detention, bonds or attachments).

Judges are required to investigate any indication of a crime and are not restricted as to what may be found, having broad powers for such purpose. They have a duty to ascertain the facts and circumstances that allow the conduct in question to be regarded as criminal, and then to (1) investigate the accused (identification and gathering of personal details),
(2) determine the damage caused, and (3) identify the person responsible.

Any investigative measures that violate fundamental rights (the interception of personal communications, searches of and dawn raids on private premises, etc.) may only be agreed to in exceptional circumstances and are subject to authorisation by the court. In addition, it is necessary to ascertain what criminal act is being investigated, and whether the use of such measure of investigation is justified within the context of the investigation. The court must oversee the organisation and implementation of the measure.

Occasionally, officials of the Public Prosecutor’s Office, within the scope of their duties, may carry out investigations that result in the referral of the case in question to the relevant court authority, so that the necessary proceedings may be conducted or so that it may be ruled that there is no case to answer when it is found that there are insufficient grounds for bringing any action.

Additionally, given that the role of the Public Prosecutor’s Office includes the actual filing of criminal actions, the Public Prosecutor may appear in the criminal proceedings and lead public prosecution, and may also appear at preliminary investigation stages.

Other government agencies (such as the Tax Authorities, the National Securities Market Commission, the Employment Authorities or the Bank of Spain) may bring proceedings against individuals or companies in relation to other corporate conduct, adjudge them responsible for offences provided for by law, and impose penalties. These agencies are able to require the production of documents and to question individuals, as long as there is no violation of the subject’s fundamental rights.

During any administrative proceedings conducted by such government agencies, if it is suspected that the activity constitutes a criminal offence, proceedings will be stayed and the case immediately referred to the Public Prosecutor’s Office.

The government’s criminal policy unquestionably has an impact on such prosecutorial role. Such policy is influenced not only by national needs or priorities but by the international obligations that must be fulfilled by the Spanish government; however, the effects of such policy do not extend beyond the day-to-day work of the courts and investigations.


i Self-reporting

In December 2010, Act 5/2010 of 22 June 2010 entered into force, amending Act 10/1995 of 23 November 1995 on the Criminal Code. One of the main developments of this new legislation was the inclusion for the first time of the criminal liability of legal entities.

Accordingly, under Article 31-bis of such Act, a legal entity could be held criminally liable, ‘in the cases provided for in this Code’,2 for:

  • a offences committed on its behalf or for its benefit by its legal representatives and de facto or de jure directors; and
  • b for offences committed on its behalf and for its benefit by persons who, in the fulfilment of their duties and subject to the authority of the aforementioned individuals, would have performed the criminal acts as a result of a lack of due control over them.

Notwithstanding the foregoing, the latest reform introduced by Act 1/2015 of 30 March amending the Penal Code, which entered into force on 1 July 2015, modified the above-mentioned Article 31-bis making corporate entities liable as follows:

In the cases provided for in this Code,3 legal entities will be criminally liable for the following offences:

a Offences committed for and on behalf of them and to their direct or indirect benefit, by their legal representatives or by those persons who, acting individually or as members of a body of the legal entity, are authorised to take decisions on behalf of the legal entity or have organisational or management powers therein.

b Offences committed, in the performance of corporate duties and for and on behalf of them and to their direct or indirect benefit, by those persons who, being subject to the authority of the persons referred to in the foregoing paragraph, have been able to carry out the offences as a result of the failure by the latter to fulfil their duties of supervision, monitoring and control of the activity of the former, bearing in mind the specific circumstances of the case.

As a result of these provisions, legal entities may be held to be criminally liable and must therefore ensure that they have suitable corporate compliance programmes in place that provide for the possibility of investigation of any internal wrongdoing, but there is no obligation to report the conduct discovered by the company. Under new Article 31-quater the criminal liability of a legal entity may, however, be mitigated in the following circumstances:

  • a disclosure of the offence to the authorities prior to learning that proceedings have been brought;
  • b cooperation by providing evidence to the investigation that is new and decisive for shedding light on the criminal liability;
  • c reparation or mitigation of any damage caused by the offence prior to the criminal trial; or
  • d prior to the trial, taking effective measures to prevent and detect any possible offences that could be committed in the future using the resources of the legal entity.

This would be reflected in a reduction in the penalty imposed in accordance with the rules set out by Article 66 of the Spanish Criminal Code, which is proportionate to the extent of the cooperation provided but will not totally exempt the company from liability.

In conclusion, although no obligation of self-reporting is established, it could have very positive results for the legal entity and must be decided on a case-by-case basis.

ii Internal investigations

As already indicated, as a result of the entry into force of Act 5/2010 and the introduction of the criminal liability of legal entities, an increasing number of companies are implementing corporate compliance programmes that set out suitable monitoring and control measures for preventing criminal conduct on the part of their directors, legal representatives or employees.

A very important part of a corporate compliance programme, which allows a business to ascertain whether sufficient controls are in place, is without doubt the internal investigation of any irregular conduct that becomes known within the company.

In other words, corporate compliance programmes must include specific measures for the prevention and detection of possible criminal offences. It should be stressed that the latest reform introduced by Act 1/2015 of 30 March amending the Penal Code expressly sets the requirements for an effectual, effective corporate compliance programme including reporting channels facilitating the detection of possible risks and infringements to the authority entrusted with monitoring the operation and observance of the prevention model.

For such purposes, it is becoming increasingly common for businesses to establish direct communication or reporting channels with their employees so that the latter have a means of reporting any conduct that they deem could constitute misconduct or illegal activity, or a breach or violation of laws or regulations (internal regulations of the company or legal regulations), and that has had or could have a negative impact on the business, without being afraid that disciplinary or discriminatory measures or any other actions of retaliation will be taken as a result of having reported the conduct.

In this regard, the business must establish clear and accessible communication channels that enable information to be received correctly and promptly by the relevant persons. Various different information sources may be used for warning of possible irregular conduct, for example work carried out by the internal audit department, reporting channels, exit interviews, rumours and employee satisfaction surveys.

Once possible irregular conduct is known, the company will investigate it in accordance with the rules set out in its guidelines on internal investigations. In such process, the interviewing of the persons involved, the gathering of information, the inspection – if possible, by independent third parties – of the company’s computers and servers, and the request of documentation, including any documents in the possession of third parties, etc., is fundamental.

As regards the interviewing of employees and the possibility of being accompanied by a lawyer, this will depend on the policy existing at the company regarding internal investigations. In any event, it is customary, especially at the start of the investigation, for employees to be informed in detail of the reason for the interview, but not to retain their own lawyers. The most widespread practice is guided by the provisions of employment law, consulting with the compliance officer regarding the specific case in question in order to ensure that the investigation is appropriate and proportionate, and respects the rights of all parties involved.

Professional secrecy should be maintained at all times in any documents (including communications) produced during an internal investigation, even though its scope under Spanish law is more limited than under English law. The professional secrecy of lawyers is enshrined in the right to personal privacy4 and the right to a fair defence,5 and releases them from the obligation to report events of which they are aware as a result of the explanations of their clients,6 and to testify regarding those events that the accused has disclosed in confidence to his or her lawyer as the person entrusted with his or her defence.7 Such exemption applies to the production of documents in criminal proceedings at the request of the court, and to any other measure of investigation authorised by the court for the purposes of seizure of the requested documents.

iii Whistle-blowers

The most important issue with regard to whistle-blowers is to ensure that the reported conduct is investigated correctly. In such investigation, the basic principle should be to involve as few persons as possible in order to ensure the strictest confidentiality of information. Procedures should therefore be established that allow for the confidential treatment of any complaints made through the reporting channel, preventing the lodging of anonymous complaints, and ensuring the accuracy and completeness of the information contained therein, at the same time as guaranteeing the strict confidentiality of personal data during the entire proceedings. In fact, any employee who is reported by a colleague should not be allowed to know who has reported them, since this would imply a disclosure of data that would be in breach of Article 11 of the Spanish Data Protection Act.

Some of the recommendations of the Spanish Data Protection Agency regarding the introduction of reporting channels at companies have stressed the fact that such channels must be restricted to those forms of conduct that may affect the employment relationship. They have also emphasised that the employees must be fully aware of the existence of such reporting channels and must be informed at the time any complaint is made against them.

It is therefore advisable for the compliance officer – responsible for the supervision and management of the corporate compliance programmes at the company – to be the person authorised to receive and manage the opening of the investigation of the complaints made through the ‘reporting channel’.

During the investigation, the compliance officer may have access to any of the company’s records and may hire external auditors, consultants or advisers to assist in the investigation and examination of any information resulting from such records, depending on the circumstances and nature of the reported offence.

Upon conclusion of the investigation, the compliance officer will issue a report and will be authorised to instruct the company to take any corrective measures − including, without limitation, disciplinary action − in response to a complaint.

In the event that the complaint received and the final report conclude that the reported situation may have legal implications, the compliance officer, the company and its external legal advisers will decide on what steps need to be taken and, in particular, will assess whether the situation should be reported to the authorities.

In the investigation it is presumed that the reporting parties have acted in good faith. If, however, it is shown that they have deliberately made complaints using false information for personal gain or to damage the reputation of another, disciplinary action may be taken against them, including dismissal.


i Corporate liability

As has been already explained, since the entry into force of Act 5/2010 the law has provided for the criminal liability of a corporate entity in certain cases (see Section II.i, supra).

Liability of a company for a crime may exist alongside that of an individual, and the company may also be held liable: (1) when no specific individual perpetrator of the offence has been found; or (2) when no proceedings may be brought against the individual (for example, due to lapse of liability by death or by application of the statute of limitation). This means that any mitigating and aggravating circumstances of either the company or the individual will not be affected by the other’s situation. This being the case, the joint representation and defence of the individual and the company may not be compatible since it is highly likely that conflicts of interest will arise.

In addition to such criminal liability, it should be remembered that there are certain civil obligations that arise as a result of criminal offences, so the ex delicto civil liability of companies exists directly and jointly and severally with that of the individuals8 and vicariously.9

ii Penalties

Under Article 33.7 of the Spanish Criminal Code, the penalties that may be imposed on businesses are as follows:

  • a quota-based or proportional fine;
  • b winding up of the company;
  • c suspension of company’s activities for up to five years;
  • d closure of its premises and facilities for up to five years;
  • e barring from those activities through which the offence was committed, aided or concealed;
  • f disqualification from public subsidies and assistance; and
  • g court intervention.

Article 66-bis of the Spanish Criminal Code requires that, when applying the any of the aforementioned penalties (except for fines), the judge or court consider (1) the need for the penalty to prevent the continuation of the criminal activity or its effects; (2) the economic or social consequences, especially for employees; and (3) the position within the company of the individual who failed to exercise due control.

The Spanish Criminal Code seeks to make a fine the penalty generally applicable to businesses. The process for determining the fine, in the event of a quota system, entails the court determining the applicable fine period on the basis of the circumstances indicated in the foregoing paragraph, as well as the applicable quota for each daily fine, taking into consideration the financial circumstances of the defendant. In the case of businesses, the daily quota would range from €30 to €5,000.

New Article, 31-ter 1, introduced with Act 1/2015 of 30 March amending the Penal Code, provides that when both parties (legal person and individual) are sentenced to a fine in the same case on the same charges, the size of the fine each must pay is scaled so that the resulting amount is not disproportionate to the severity of the charges.

iii Compliance programmes

It has already been noted that in July 2015, Act 1/2015 of 30 March amending the Penal Code entered into force.

As stated in the preamble to the Act, this reform,

…makes a technical improvement in the regulation of the criminal liability of legal persons, which was introduced into Spanish legislation by Act 5/2010 of 22 June. The purpose of the improvement is to outline properly the contents of ‘due control’, inasmuch as criminal liability may be based on failure to exercise due control.10

The new amendment expressly acknowledges that a legal person may be exempted from criminal liability if it has a corporate compliance programme for the prevention of crime. This acknowledgement puts an end to all discussion on the matter, and for the first time establishes the requirements that must be met by what the law terms ‘an organisation and management model for the prevention of crime’.

When a crime is committed by de facto or de jure directors or legal representatives11 of a legal person, the new Article 31-bis 2 of the Penal Code makes the following conditions necessary in order for the enterprise to be exempted from criminal liability:

  • a the crime prevention model must have been adopted and effectively executed prior to the commission of the crime, including monitoring and control measures fit for preventing crimes of the sort in question or for significantly reducing the risk of such crimes;
  • b the crime prevention model must have been supervised by an authority that has autonomous powers of initiative and control within the legal person (a ‘compliance officer’), although, when the legal person is ‘small’,12 supervisory functions may be assigned directly to the governing body of the legal person;
  • c the individuals who have perpetrated the crime must have fraudulently evaded the organisation and prevention models; and
  • d the authority entrusted with supervising and running the prevention model must not have failed to exercise or insufficiently exercised its supervision, monitoring and control functions.

The new Article 31-bis 4 establishes that, when the crime is committed by employees (or other persons under the authority of the de facto or de jure directors and legal representatives),13 the legal person is exempted of liability if, before the crime was committed, it did in fact adopt and effectively execute an organisation and management model adequate to prevent crimes of the sort committed or to reduce significantly the risk of the commission of such crimes.

The article goes on to say that partial accreditation of the criminal liability exemption requirements set in preceding articles will be regarded as an attenuating circumstance.

The new Article 31-bis 5 of the Penal Code sets the requirements for an effectual, effective corporate compliance programme (one which is fit to qualify the legal person for exemption from criminal liability in future). Qualifying organisation and management models must:

  • a Identify the activities in which the target crimes might be committed. In other words, before an ‘organisation and management model for the prevention of crime’ can be created, an analysis must be run that includes an in-depth examination of the company’s business, its facilities, the legislation applicable to it and to its business, etc. This analysis is what the Anglo-Saxon world calls ‘risk assessment’. The goal is to correctly identify and evaluate the company’s risk in connection with the sorts of crimes that its directors, legal representatives and employees might reasonably engage in. In short, the idea is to map out the firm’s risks.
  • b Establish the exact protocols or procedures for forming the legal person’s wishes, making its decisions and executing its decisions in connection with its wishes. Thus, the legal person is equipped with policies, clauses, protocols, and of course a good internal investigation manual, so it can detect potential criminal acts.
  • c Set up financial resource management models suitable for averting the target crimes. The governing body’s commitment to and engagement with the corporate compliance programme must be reflected in the yearly allocation of resources so that the compliance officer can effectively carry out his or her supervision, monitoring and control functions.
  • d Make it compulsory to report possible risks and infringements to the authority entrusted with monitoring the operation and observance of the prevention model. Reporting channels facilitating the detection of crimes in the company must therefore be implemented, and all company employees must have access to the reporting channels.
  • e Establish a disciplinary system that properly penalises infringement of the measures established by the model. This condition must be seen in relation to the functions of the compliance officer and the human resources department, and it must necessarily include a reaction plan or protocol for action when a crime is committed, and the system of rules penalising crime.
  • f Run regular verifications of the model and modifications of the model when evidence of major violations of the model is found, or when there are changes in the organisation, the control structure or the company’s business that make modifications necessary. Not only must a corporate compliance programme be introduced, but follow-up reports must also be given regularly to evaluate the design of the model and the effectiveness of the controls the company has implemented.

In this regard, the only guidelines so far have been provided (1) in a Circular of the State Prosecutor’s Office of 22 January 2016, issued with the aim of setting out certain rules for its officials regarding the latest reform of the Spanish Penal Code, and (2) in the recent rulings Nos. 154/2016 and 221/2016 of 29 February and 16 March 2016 of the Spanish Supreme Court defining the first criteria for interpretation of the Spanish judges regarding criminal liability of the legal entity.

It should be stressed that contrary to what has been held by the majority opinion of the Spanish Supreme Court, the State Prosecutor’s Office understood in its Circular No. 1/2016 that exemption from criminal liability on the basis of the existence of an effectual and effective corporate compliance programme is an absolutory excuse that, as such, must be proven by the legal entity invoking.

iv Prosecution of individuals

The action of the company would vary depending on whether the offences were committed before or after 24 December 2010, in other words, depending on whether the provisions on the criminal liability of legal entities are applicable. If Article 31-bis is not applicable, the coordination of all of the defences is certainly possible (and in fact, recommended) since the defence of the individual is also the defence of the company. Likewise, the payment of the employees’ legal fees is possible as the actions have been carried out by the individuals in the performance of their corporate duties. If, however, Article 31-bis is applicable, the positions of the company defence may be incompatible and the specific case must be assessed in order to determine whether the company may coordinate with the individual´s counsel and afford their legal fees.

According to Article 13.6 of the Code of Conduct of Spanish Legal Practitioners, lawyers should ‘refrain from managing the affairs of a group of clients affected by the same situation, when a conflict of interest arises between them, there is the risk of violation of professional secrecy or their freedom or independence may be affected’. Such provision is consistent with the fundamental right of persons to be defended and assisted by a lawyer enshrined in Article 24 of the Spanish Constitution.

As regards measures that may be taken against employees, an effective corporate compliance programme must include a disciplinary system that suitably penalises the breach of measures established in the model. As described above, such disciplinary system is expressly provided for in Act 1/2015 of 30 March amending the Penal Code.


i Extraterritorial jurisdiction

Act 5/2010 and Act 1/2015 do not explicitly set out provisions regarding the extraterritorial jurisdiction of the Spanish courts in the event of the application of Article 31-bis of the Spanish Criminal Code. Thus, any reference to perpetrators of an offence – Spanish and foreign – contained in the rules on extraterritorial jurisdiction set out in Article 23 of the Spanish Act on the Judiciary must be extended to legal entities.

Accordingly, under Spanish criminal law the Spanish courts have jurisdiction to hear any actions for indictable and summary offences committed in the Spanish territory (principle of territoriality), notwithstanding the provisions of those international treaties to which Spain is a party. The Spanish courts may, however, also hear offences regarded under Spanish criminal law as criminal offences even though they have been committed outside the national territory, provided that those persons criminally liable are Spanish persons or foreign persons who have acquired Spanish nationality (active personality principle) after the commission of the offence and the following requirements are met:

  • a the offence is punishable in the place of enforcement;
  • b the injured party or the Public Prosecutor’s Office files a complaint or criminal complaint before the Spanish courts; and
  • c the offender has not been acquitted, pardoned or convicted abroad, or in this latter case, has not served a sentence.

Spanish criminal law also applies on an exceptional basis to offences committed outside the national territory, both when they are committed by a national and a foreign person, provided that they affect the basic interests of the state (known as the absolute principle or principle of protection of interests) or they are offences that violate the dignity of persons, are transnational offences or are offences committed in areas not subject to the sovereignty of any state (principle of universal justice).

In this regard, Spanish Act 1/2014 of 13 March on universal justice amended Spanish Act 6/1985 of 1 July on the Judiciary, specifically the wording of Article 23.4. Such amendment introduced the possibility of the Spanish courts hearing and prosecuting offences of corruption between individuals14 and offences of corruption in international business transactions,15 even though committed by Spanish or foreign persons outside the national territory, provided that one of the following circumstances arises:

  • a the proceedings are brought against a Spanish person;
  • b the proceedings are brought against a foreign citizen that normally resides in Spain;
  • c the offence has been committed by an officer, director, employee or service provider of a commercial undertaking or of a society, association, foundation or organisation that has its permanent address or registered place of business in Spain; or
  • d the offence has been committed by a legal entity, undertaking, organisation, groups or any other kind of entity or group of persons that has its permanent address or registered place of business in Spain.
ii International cooperation

Spain cooperates with other countries in law enforcement and in prosecutorial functions not only on the basis of international treaties but also following the ‘principle of reciprocity’ enshrined in Article 13 of the Spanish Constitution.

The following European legal mechanisms for international legal assistance apply in Spain:

  • a the Convention on Mutual Assistance in Criminal Matters of 20 April 1959, as amended by the Schengen Agreement, and the European Convention on Judicial Assistance of 29 May 2000; and
  • b the European Arrest Warrant regulated in the EU Council Framework Decision of 13 June 2002 and in the Spanish European Arrest Warrant Act 3/2003 (the National Court has a 24-hour service to process European arrest warrants).

In addition to the foregoing international legal cooperation (coordinated through the Spanish Ministry of Justice), the International Cooperation Unit of the Spanish Public Prosecutor’s Office is responsible for the supervision and enforcement, where applicable, of the letters rogatory addressed to or issued by the Public Prosecutor’s Office.

Likewise, this unit deals with any matter relating to the EJN (European Judicial Network), IberRED (Ibero-American Network for International Legal Cooperation), Eurojust and the International Cooperation Prosecutors Network.

As regards extradition, note that Spain only grants extradition in compliance with a treaty or the law, in accordance with the principle of reciprocity. In addition, the requirement of dual criminality must be met, in other words, the offences for which extradition is requested must be regarded as a criminal offence under the criminal laws of the both states, and the sentence for such offence must be at least one year’s imprisonment. The Spanish authorities do not grant extradition for political offences.

In addition to the European Convention on Extradition, Spain is also a signatory party to a large number of bilateral treaties on extradition.

iii Local law considerations

Provisions exist under Spanish law that may restrict investigations involving multiple jurisdictions. Probably the most relevant law in this regard is the Spanish Personal Data Protection Act.

In certain cases, however, the said Act warrants and authorises the processing or transfer to third parties of personal data without the consent of the owner. In this regard, Article 11, relating to the disclosure of data to third parties, provides that the consent of the owner of the data is not necessary, inter alia, ‘when the disclosure that must be made is to the Ombudsman, the Public Prosecutor’s Office or judges or courts or the Court of Auditors, in exercise of the functions conferred thereon’.

As regards banking secrecy, this is not regarded under Spanish law as an asset or property that merits protection in itself or by itself, but as something that is merely instrumental in protecting the real legal interests that merit protection, such as privacy, free competition, business secrets or the security of the state. As a result, in recent rulings the Spanish courts have established that the lawfulness of any information protected by secrecy, either under privacy protection or the protection of a business secret, is a fundamental factor. They have also ruled that in any event there are greater interests that warrant the transfer of information to certain public persons (in addition to the interested parties) who are legally authorised to know such information, such as the government authorities responsible for tax fraud and – specifically – the Public Prosecutor’s Office and the courts in the investigation and prosecution of criminal offences.


One of the main problems that may arise in criminal proceedings in which a legal entity or company is investigated and/or accused, is the conflict of interest that can often exist between the individual and the legal entity when preparing their defence.

The Spanish Supreme Court in its recent rulings Nos. 154/2016 and 221/2016 of 29 February and 16 March 2016, respectively provides with regard to the conflict of interests that may arise when the representation of the legal entity is entrusted to one of the individuals also accused – previously investigated – as being possibly liable for the crime resulting in the criminal liability of the entity and warns ‘examining magistrates and judges’ of their obligation to ensure the due safeguarding of the right to defence of the legal entity.

Without prejudice to the Court affirming that this question cannot be solved in general, some possible formulas are offered that are used in other systems, such as:

  • a the appointment by the relevant judicial body of a public defender as occurs when there is a conflict of interest between an incapacitated person and their legal representatives or guardian (this measure is expressly provided in the Chilean system in Article 23 of ACT 20.393, which states ‘If the legal representative is not recognised, the prosecutor will ask the court to appoint a public criminal defender, who will perform the task of a guardian ad litem, representing the legal entity’);
  • b the assignment of such responsibilities to a governing body comprising independent people together with others representing the interests of third parties affected by the possible sanctions arising from the illegal act of the legal entities; or
  • c the attribution of the defence of the legal entity to the compliance officer or person responsible for the internal control system of the entity.

But what is truly relevant regarding these rulings is that the Spanish Supreme Court goes further and affirms that in those situations in which an effective infringement of the right to a defence to which the legal entity is entitled can be seen (having been represented by an individual subject to the same charge and with different and opposing interests to those of the entity), the annulment of everything done must be decreed so that it may be represented by someone outside any conflict of procedural interests with those of the entity.

All of which in order to follow the most favourable strategy for the legal entity in all its possibilities, including, as already seen, that of the important collaboration with the authorities from the beginning for the complete clarification of the facts or repair of the harm incurred by the crime.

In short, what seems undeniable is that the first criterion for interpretation of the Spanish judges regarding criminal liability of the legal entity reinforces and materialises the idea that ‘the set of rights that can be invoked by the legal entity [in this case, the right to a defence], arising from its procedural status as defendant, that is, with the necessary modifications, cannot be different to that held by the individual who is charged with committing a criminal act.’


As described previously in this chapter, the most significant developments to be noted are the entry into force last July of Act 1/2015 of 30 March amending Act 10/1995 of 23 November 1995 on the Criminal Code, the issuing of Circular No. 1/2016 of the State Prosecutor’s Office on 22 January 2016, and the recent rulings Nos. 154/2016 and 221/2016 of 29 February and 16 March 2016 of the Spanish Supreme Court defining the first criterion for interpretation of the Spanish judges regarding criminal liability of the legal entity.

More rulings from the Supreme Court will be rendered, their wording being extremely important.


1 Mar de Pedraza is the managing partner and Cristina de Andrés is a senior associate at De Pedraza Abogados.

2 At that time an entity could be held to be criminally liable only in the following cases: illegal trafficking of organs (Article 156-bis); trafficking of human beings (Article 177-bis); offences relating to prostitution and the corruption of minors (Title VII, Chapter V); the discovery and disclosure of secrets (Article 197.3); fraud (Title XIII, Chapter VI, Section 1); criminal insolvency (Title XIII, Chapter VII); intellectual and industrial property offences; market and consumer-related offences and the new offence of corruption between private parties (commercial bribery) provided for in Article 286-bis (all of which are included under Title XIII, Chapter XI); money laundering (Article 302); tax and social security offences (Title XIV); offences against the rights of foreign citizens and clandestine immigration (Title XV-bis); offences relating to the development and use of land (Article 319); the cases described in Articles 325 and 326 in relation to offences against natural resources and the environment; offences relating to facilities for the storage or disposal of toxic waste (Article 328); the spillage or emission of materials or ionising radiations or the exposure of people to such materials or radiations (Article 343); the handling of materials, equipment or devices that could have devastating effects (Article 348.3); offences against public health involving the growing, manufacture or trafficking of drugs provided for in Articles 368 and 369; the forgery of credit cards, debit cards or cheques and documents in general (Article 399.1-bis); bribery (Title XIX, Chapter V); influence peddling (Title XIX, Chapter VI); offences of corruption in international trade transactions (Article 445); the possession, trafficking and storage of weapons, munitions or explosives; and terrorism offences (Title XXII, Chapter V).

3 Act 1/2015 of 30 March also adds to the catalogue of crimes that entail liability. Thus, (1) new Article 258-ter of the Penal Code states that legal persons may also hold criminal liability for the new crimes of frustration of enforcement; (2) Article 304-bis 5 also expressly states that legal entities are criminally liable for the new crime of illegal financing of political parties; (3) Article 288 provides that legal persons may also hold criminal liability for the new offence corruption in business introduced in new Article 286-ter; (4) for its part, Article 366 of the Penal Code is amended to expand the range of crimes against public health to include the liability of legal persons (Penal Code, Articles 359–365); (5) Article 386 is amended so that Section 5 includes liability under Article 31-bis for crimes of counterfeiting; and (6) the new Article 510-bis of the Penal Code introduces the liability of legal persons for crimes committed on the occasion of the exercise of fundamental rights and public freedoms guaranteed by the Constitution in relationship with provocation, hate or violence as defined in the new wording of Article 510 of the Penal Code.

4 Article 18.1 of the Spanish Constitution.

5 Article 24 of the Spanish Constitution.

6 Article 263 of the Spanish Criminal Procedure Act.

7 Article 416.2 and 707 of the Spanish Criminal Procedure Act.

8 Article 116.3 of the Criminal Code.

9 Article 120 of the Criminal Code.

10 This is done following the text of Italian Legislative Decree 231/2001 of 8 June on ‘Discipline in the administrative liability of legal persons, companies and associations even where legal personality is lacking, according to the rule in Section 11 of the Act of 29 September 2000, No. 300’.

11 As seen above, the new Article 31-bis 1a changes the previous wording to ‘legal representatives or those persons who, acting individually or as members of a body of the legal person, are authorised to take decisions in the name of the legal person or hold organisation and control faculties within the legal person’.

12 According to the rewording of Article 31-bis 3 of the Penal Code, ‘small’ legal persons are those that are authorised by law to submit profit and loss accounts.

13 The application of this article in practice (once the reform be in force) will enable us to ascertain the exact scope of this concept.

14 Article 286-bis of the Spanish Criminal Code.

15 Article 286-ter of the Spanish Criminal Code.