Criminal compliance in the supply chain

With the reform of the Criminal Code of 2010, criminal liability of legal persons was introduced for the first time in Spain. Since then, companies would be liable for crimes committed by their employees and managers that resulted in a direct or indirect benefit for the entity and that could lead, as a consequence, from financial fines to the suspension of activities, or even dissolution of legal entities. 

Furthermore, in 2015, it was established that legal persons that implement crime prevention models and meet a series of requirements could have their criminal liability mitigated or even be exempted from criminal liability.

It should be noted that it is not mandatory to have a prevention of criminal offenses model, rather it is a voluntary system, but through its implementation, in addition to the aforementioned possible exemption from punishment, risk of occurrence of criminal offenses is significantly reduced, also actions and behaviors that could lead to the commission of crimes. The image and reputation of the company is preserved, increasing the trust of customers in the entities.

ISO 37301, UNE 19601 and ISO 37001, reference standards

On the other hand, rules such as the ISO 37301, UNE 19601 or ISO 37001 have been published in recent years at the same time as reforms such those of the Spanish Criminal Code in 2010 and 2015 or the reform of Criminal Code of Ecuador in 2021. These regulations are standards that establish requirements for implementing, maintaining and continuously improving a compliance management system in general, criminal compliance and anti-bribery, respectively, in organizations, with the aim of preventing commission of crimes within them. Furthermore, they are certifiable, allowing the organization to demonstrate to third parties its concern and good practice in compliance management.

One of fundamental aspects of aforementioned standards is due diligence, which states that institutions must undertake a risk analysis in order to identify those activities that could entail criminal risks that must be prevented or mitigated. It is specified that this analysis must include suppliers, subcontractors, clients, consultants, agents, distributors, etc., i.e. third parties that are related to the entity and form part of its supply chain

Third party risk assessment in the supply chain

In order to assess risks of these third parties, criteria such as existence of adverse news, countries where it operated, conflicts of interest, beneficial ownership, legal situation, ethical commitment and compliance mechanisms implemented in the third parties, reflecting their situation in terms of criminal compliance, among others, could be taken into account.

It should be noted that it is crucial to be aware of the importance of criminal compliance in the supply chain. In this regard, it should be noted that when we talk about supply chain, we are referring to all activities, participants and operations involved in the process of selling a product or providing a service. All of this is directed towards a single main objective, which is none other than to be able to satisfy the needs of users and/or clients.

Therefore, multiple third parties with whom our organization interacts may be involved and which could pose a risk as high as risk that may arise from our own organization. Examples of such third parties could be suppliers, carriers, manufacturers, as well as the technologies involved.

In view of these risks, and being aware that a company is not only responsible for its own actions, but also for those related to it, it is advisable, when implementing a criminal risk management system, to implement controls to mitigate these risks.

Possible measures that could be carried out include due diligence procedures, inclusion of contractual clauses in contracts with third parties, requesting adherence to policies and procedures with anti-corruption measures. It is also recommended that verifications and audits be carried out to analyse the state of compliance of these third parties.

Not taking into account supply chain risks and therefore not knowing the environment in which our organization operates could lead to significant reputational losses, as well as serious legal and commercial impacts”

From GlobalSUITE Solutions we offer necessary help and advice for implementation of a Criminal Compliance system. In addition, we have the GlobalSUITE® software, entirely developed by our team that allows the implementation, management and maintenance of the requirements demanded by the compliance standards in all types of organizations and sectors. Having software that helps automate the management of this system will bring multiple benefits for your company and for the Compliance Officer when working on the implementation of the system in your organisation.

More Articles