Financial Crime World

Compliance and Risk Management: A Must for Spanish Banks

In today’s complex financial landscape, Spanish banks must prioritize compliance and risk management to avoid potential legal consequences and reputational damage. In this article, we will explore the legal framework governing corporate risk and compliance management in Spain, highlighting the requirements and obligations that banks must adhere to.

The legal framework governing corporate risk and compliance management in Spain is laid down in Article 31-bis of the Spanish Criminal Code (CC), which introduces criminal liability for legal entities. This provision requires any legal entity wishing to invoke exoneration from corporate liability or a mitigating circumstance to have a corporate compliance system in place.

Compliance System Requirements

The compliance system must meet specific requirements, including:

  • Identifying activities prone to criminal activity
  • Establishing protocols and procedures for decision-making
  • Managing financial resources
  • Reporting risks and breaches
  • Conducting periodic reviews

Listed Companies

Listed companies are subject to the Good Governance Code of Listed Companies (2015), which outlines basic principles for corporate compliance systems using a “comply or explain” approach. While considered “soft law,” this code provides valuable guidance for listed companies.

Relevant Laws and Regulations

Several laws and regulations specifically address corporate risk and compliance management in Spain, including:

  • Article 31-bis of the CC
  • Law 10/2010 on prevention of money laundering and terrorist financing
  • Royal Decree 304/2014 on regulation of anti-money laundering and terrorist financing
  • Article 193.2 of the Stock Market Act
  • Circular 1/2014 of the National Stock Exchange Commission (CNMV) for investment services companies

International Standards and Guidelines

Standards and guidelines governing risk and compliance management processes include:

  • ISO 31000:2009 on risk management
  • ISO 19600:2014 on compliance management
  • ISO 37001:2016 on anti-bribery management systems
  • UNE 19601:2017 on criminal compliance management systems based on the CC

Risk and Compliance Governance Obligations

Undertakings domiciled or operating in Spain are subject to risk and compliance governance obligations, as Spanish courts have jurisdiction over crimes committed in the country regardless of the nationality of the originator. Key risk and compliance management obligations include:

  • Identifying activities prone to criminal activity
  • Establishing protocols and procedures for decision-making
  • Managing financial resources
  • Reporting risks and breaches
  • Conducting periodic reviews

Conclusion

In light of these requirements, Spanish banks must prioritize compliance and risk management to avoid potential legal consequences and reputational damage. By understanding the legal framework and regulatory requirements governing corporate risk and compliance management in Spain, banks can ensure they are adequately equipped to manage risks and maintain a strong reputation in the market.

By following best practices and adhering to the relevant laws and regulations, Spanish banks can mitigate risks and ensure compliance with the law, ultimately protecting their interests and reputation.