With the reform of the Criminal Code of 2010, the criminal liability of legal personswas introduced for the first time in Spain. Since then, companies would be liable for those crimes committed by their workers and managers that resulted in a direct or indirect benefit for the entity and that could entail, as a consequence, from economic fines, to the suspension of activities, or even the dissolution of the legal entity.
Likewise, in 2015 it was established that legal entities that implement crime prevention models and comply with a series of requirements could see their criminal responsibility mitigated or even be exempted from it.
It should be noted that it is not mandatory to have a model for the prevention of criminal offenses, but it is a voluntary system, but through its implementation, in addition to the aforementioned possible exemption from penalty, The risk of occurrence of actions and behaviors that could lead to the commission of crimes is significantly reduced, the image and reputation of the company is preserved, increasing customer confidence in the entities.
ISO 37301, UNE 19601 and ISO 37001, reference standards
On the other hand, rules such as the ISO 37301, UNE 19601 or ISO 37001 have been published in recent years at the same time that there have been reforms such as those of the Criminal Code of Spain in 2010 and 2015 or the reform of the Penal Code of Ecuador in the year 2021. These norms are erected as standards that establish the requirements to implement, maintain and continuously improve a compliance management system in general, criminal compliance and anti-bribery respectively, in organizations, with the aim of preventing the commission of crimes within them. In addition, they are certifiable, allowing the organization to demonstrate to third parties its concern and good work in the management of compliance
One of the fundamental aspects of the aforementioned rules isdue diligence,which states that entities must undertake a risk analysis in order to identify those activities that could entail criminal risks that must be prevented or mitigated. It is specified that this analysis must include suppliers, subcontractors, customers, consultants, agents, distributors, etc. that is, third parties that are related to the entity and that are part of its supply chain.
The assessment of third-party risks in the supply chain
In order to assess the risks of these third parties, criteria such as the existence of adverse news, countries where it operates, conflicts of interest, beneficial ownership, legal situation, ethical commitment and compliance mechanisms implemented in third parties, and that reflect the situation of these in matters of criminal compliance, could be taken into account, among others.
It should be noted that it is crucial to be aware of the importance of criminal compliance in the supply chain. In this sense, it should be noted that when we talk about supply chain we refer to all the activities, interveners, and operations that are involved in order to carry out the process of selling a product or providing a service. All this aimed at a single main objective, which is none other than to be able to satisfy the needs of users and / or customers.
Therefore, multiple third parties with whom our organization relates may intervene and that could pose a risk as high as that which may arise from our own organization. An example of these third parties could be the suppliers, carriers, manufacturers, as well as the technologies involved.
In view of these risks, and Being aware that the company is not only responsible for its own actions, but also of those who relate to it, it is convenient when implementing a criminal risk management system, to proceed with controls to mitigate such risks.
Among the possible measures that could be carried out are, carrying out due diligence procedures, inclusion of contractual clauses in contracts with third parties, request for adherence to policies and procedures with anti-corruption measures. Likewise, it is recommended to provide for verifications and audits to analyze the compliance status of these third parties.
Not taking into account the risks emanating from the supply chain and therefore not knowing the environment in which our organization operates, could lead to significant reputational losses, as well as serious legal and commercial impacts.”
From GlobalSuite Solutions we offer the help and advice necessary for the implementation of a Criminal Compliance system. In addition, we have the GlobalSuite® software, entirely developed by our team that allows the implementation, management and maintenance of the requirements demanded by compliance standards in all types of organizations and sectors. Having software that helps automate the management of this system will mean multiple benefits for your company and for the Compliance Officer when working on the implementation of the system in your organization.