Criminal compliance in Spain: 10 years after the reform of the Criminal Code

Legal
WRITTEN BY Albert Folk Codinas
04 Feb, 2026 — 1 min
Criminal compliance in Spain: 10 years after the reform of the Criminal Code

Criminal compliance has become a key issue for companies in Spain. Since the reform of the Criminal Code in 2015, legal entities can be held criminally liable for crimes committed by their managers or employees.

This liability can lead to severe penalties, including the dissolution of the company, which has made criminal risk prevention plans an essential tool.

What is criminal compliance and why is it key for companies?

Criminal compliance is the tool that allows companies to prevent crimes within their organization and protect themselves from criminal liability.

Its objective is to identify the criminal risks associated with the company's activity and establish internal measures to prevent crimes from being committed.

Its correct implementation can exempt or, at least, mitigate the criminal liability of the legal entity.

Criminal liability of legal entities

Companies can face serious penalties, including dissolution, if they do not have effective internal measures in place. A well-implemented criminal compliance plan can:

  • Partially or totally exempt criminal liability.
  • Avoid financial and administrative penalties.
  • Improve internal control and supervision processes.

How to design an effective criminal risk prevention plan

To be effective, a plan must be based on a detailed analysis of the organization, including:

  • The structure of the company and decision-making processes.
  • The roles and responsibilities of managers and employees.
  • The specific criminal risks associated with each area or process.

Based on this analysis, the plan should include:

  • Action protocols and control mechanisms.
  • Confidential and secure reporting channels.
  • Disciplinary systems.
  • Supervision by a body or manager with sufficient autonomy and resources.

The role of ISO standards in criminal compliance

ISO standards play an important role as benchmarks for the design and maintenance of compliance plans.

Standards such as ISO 19600 (now replaced by ISO 37301) on compliance management systems, or ISO 37001 on anti-bribery management systems, provide a structured and internationally recognized framework for the design, implementation, and maintenance of compliance plans.

Although they do not guarantee exemption from criminal liability, these standards serve as proof of diligence and of the company's commitment to crime prevention.

In recent years, these plans have evolved from being a legal obligation to becoming a strategic tool for strengthening the company's reputation.

The importance of reviewing and updating criminal compliance

Both criminal law and ISO standards emphasize the need for prevention plans to be dynamic. This means that they must be reviewed and updated periodically, adapting to regulatory changes, developments in business activity, and new risks that may arise.

Benefits of an adequate criminal compliance plan

Implementing an effective plan not only protects the company legally, but also:

  • Improves corporate image.
  • Builds trust among customers, partners, and suppliers.
  • Optimizes internal processes and corporate culture.

Related news

Ensuring the criminal liability of companies

Albert Folk Codinas
Albert Folk Codinas
Lawyer specializing in Commercial Law, Bankruptcy Law, Criminal Compliance, and Procedural Law
Legal
02 Nov, 2023 — 3 min
Ensuring the criminal liability of companies