Administrative Sanctioning Compliance | ISO 37301
We are members of the Experts Commitee that transposes ISO 37301 of CMS (Compliance Management System) to Spain. Such ISO, that relieves its predecessor, ISO 19600, seeks compliance that is not only in the criminal field, reflecting a holistic conception of Compliance that has been imposed not only at the international level, but also at the national level, as evidenced in Circular 1/2016 of the State Attorney General’s Office that stresses that corporations must “comply with the legality in general and, of course, with criminal legality but not only with it”.
Thus, we articulate CMSs based on the virtuous circle of Compliance, where that the risks (inherent/residual) are first detected and evaluated, then, and based on risk analysis, identify and evaluate mitigating controls, define risk owners, articulate integration formulas to the organization’s processes, train human capital and monitor, take appropriate corrective actions and then periodically return to the beginning, reassessing risks and restarting the compliance cycle (PDCA, Deming Cycle).
Digital transformation has driven the digitization of the operation of many business lines and even the entirety of some companies. At this point, not only is an analysis of the new digital operation required from the point of view of risks and regulatory compliance, but it must also be very aware of compliance with the most cross-cutting and generic aspects of digital activity: the protection of personal data and privacy under the GDPR (General Data Protection Regulation of the European Union) and the Law on Protection of Personal Data and Guarantee of Digital Rights (Law 3/2018, of December 5).
Money laundering Prevention
This specialty of Compliance has its fundamental pillar in Law 10/2010 for the Prevention of Money Laundering and Terrorist financing (LPBCFT), as well as in the European Directives that harmonize its application in Europe. It is a clear example of the division of the punitive power of the State between the administrative and the criminal route: non-compliance of an obligated subject may entail administrative sanctions and also criminal liability for individuals and companies (Article 301 and concordants of the Criminal Code). For subjects bound by the LPBCFT, contemplating and managing the requirements of this rule is part of the core of their CMS, and at the same time it is a measure for the prevention and control of crimes related to the commission of corrupt practices.
Labour Compliance not only refers to compliance with labour risk prevention regulations, and includes other relevant aspects such as working conditions, gender equality and non-discrimination or the protection of workers’ personal data, and teleworking, among others. The constant changes in labour matters force a permanent revision of all aspects related to Labour Compliance.
Tax Compliance is one of the most dynamic fields of regulatory compliance. Its constant evolution and multiple normative sources at national and international level imply a constant monitoring of this section. At Fortuny Legal, when we draw up our Tax and Fiscal Compliance plans, we are very aware of the DAC 6 regulations, the UNE 19602 for Tax Compliance Management Systems, the generic Good Practices Codes -such as the Tax Authority’s-, and the applicable specific Good Practice Codes, such as those of Professional Associations and Bars or the European Taxpayer’s Code.
In order to design prevention and control measures to mitigate the consequences arising from non-compliance with environmental regulations, we start from the Law on Environmental Responsibility and the analysis of environmental risks in the light of this regulations in the operation of our customers, paying special attention to environmental liabilities in due diligence processes.
Public Health Compliance
Naturally, public health is a priority for the legislator, which is intensely reflected in the normative level. The Supreme Court itself recalls that “public health, as such, does not constitute a real entity of a biological nature, but rather a verbal way of pointing out a danger that is not permitted within the social order”. Crimes against public health, which are punishable under Article 363 of the Criminal Code, affect all types of businesses whose activities could potentially affect this highly protected legal asset. Thus, from an environmental crime to the lack of compliance with control requirements in agrifood companies, including a spill, the casuistry is very broad and requires a rigorous and tailored analysis of the operations of the legal entity in order to mitigate the high risks to which they are exposed in the development of their activity.
Specialists in Compliance and Corporate Criminal Defense. Prevention, reaction, training. Members of the Experts Committee that transposes ISO 37301 of CMS, and of the Board of Directors of the Association of Compliance Professionals (Cumplen).