What is UNE 19601 and What is it for? Criminal Compliance Management

In an increasingly complex and regulated business world, organizations must maintain high levels of ethics and regulatory compliance. To achieve this, there are tools and standards that can be of great help. One of them is the UNE 19601 standard, a key reference for criminal compliance management in organizations. In this article, we will explore what the UNE 19601 standard is, what it is for, its structure and components, and the benefits of its implementation.

The UNE 19601 Standard is a Spanish standard developed by the Technical Committee for Standardization CTN 320 on Compliance and Good Governance of AENOR (Spanish Association for Standardization and Certification). This standard has become an essential reference for compliance management in modern organizations that establishes recommended practices for effective management of compliance obligations in criminal matters, including criminal risk management.

Its scope extends to companies and organizations of all types and is compatible with other standards governing management systems. This standard provides guidance on how to establish, develop, implement, evaluate, maintain and improve effective criminal compliance management systems that generate a proactive response from the organization.

Organic Law 1/2015 on the reform of the Criminal Code recognizes the existence of management and control systems as elements that can mitigate or exonerate the criminal liability of legal entities. UNE 19601 complies with the provisions of Law 1/2015 regarding the prevention and detection of crimes.

The UNE 19601 Standard lays the foundation for criminal compliance management systems and provides a solid framework for crime prevention and detection, aligning with current laws and regulations in Spain. It is divided into several fundamental sections that offer a comprehensive framework for compliance management.

• Context of the Organization: This chapter highlights the importance of understanding the context in which the organization operates. This includes identifying both external factors (such as laws, regulations, market conditions) and internal factors (organizational culture, internal structure, etc.) that influence the criminal Compliance management system. It also emphasizes the need to understand stakeholder expectations and establish the scope of the management system.
• Leadership: Here the crucial role of top management in leading and committing to the criminal Compliance management system is underlined. This involves establishing, articulating and communicating a clear criminal Compliance policy and ensuring that responsibilities and authorities are clearly defined and distributed within the company.
• Planning: It focuses on how the organization should plan its criminal Compliance management system. This includes identifying and analyzing criminal risks, as well as planning actions to mitigate these risks. Additionally, it addresses the importance of establishing clear objectives for crime prevention.
• Support Elements: Here the necessary resources to implement an effective management system are indicated. These resources include creating a Compliance culture, ensuring adequate training and awareness on the subject, establishing effective communication channels and maintaining documented information.
• Operation: It details the procedures and controls that must be implemented to effectively manage criminal risks. It includes aspects such as operational planning and control, due diligence, implementation of financial and non-financial controls, and incident management.
• Performance Evaluation: This chapter focuses on monitoring and evaluating the criminal Compliance management system. It includes monitoring and measuring performance, conducting internal audits, and periodic reviews by the criminal Compliance body and top management.
• Improvement: Finally, this chapter highlights the importance of the continuous improvement cycle of the Compliance criminal management system. It focuses on how to identify and manage non-conformities, and on the implementation of corrective actions to continuously improve the system. This section is about a continuous cycle, so to keep the system updated, all the steps described above must be carried out.

The integration of the UNE 19601 Standard into the business culture brings with it a series of strategic benefits:

1. The standard helps organizations to identify and manage risks of committing criminal offenses in advance, reducing the likelihood of legal sanctions and reputational damage. The implementation of a system that facilitates the detection of inappropriate conduct by employees, whether managers or not, is essential.
2. Potential to reduce or exempt the legal and criminal liability of legal entities in the exercise of their business activities by demonstrating the adoption of preventive and control measures in the field of regulatory compliance.
3. The implementation of an efficient system not only ensures regulatory compliance, but also contributes to a more favorable perception and improved public image of the organization. Strong and transparent regulatory compliance can enhance the organization’s image before customers, investors and stakeholders, which can increase brand value.
4. Identify the multiple regulations that may affect the organization and its operations. UNE 19601 promotes efficiency by standardizing processes and procedures, which can reduce costs and increase productivity.
5. Measurement of risks resulting from non-compliance with regulations. Preparation for regulatory non-compliance situations results in better response capacity in crisis situations, protecting business continuity.
6. The possibility of integrating this system with other management systems related to social responsibility, transparency and good business practices, such as specific anti-bribery management systems, adds additional value to the organization.
7. Complying with regulations reduces the risk of fines and sanctions, which can have a considerable financial impact.

La Norma UNE 19601 es esencial en un entorno empresarial regulado. Implementarla no solo garantiza la conformidad legal, sino que también impulsa la eficiencia y la confianza.  

El pasado 28 de abril de 2023 finalizó el plazo de validez de los certificados de Compliance Penal emitidos sin acreditación conforme a UNE 19601. Para que dichos certificados sigan estando en vigor, es necesaria su adaptación a las nuevas condiciones de acreditación  

Nuestra experiencia y compromiso en la consultoría y auditoría de compliance brindan a las organizaciones la garantía de un proceso de implementación efectivo y eficiente, con un enfoque integral. ¿Estás buscando mejorar tu cumplimiento normativo, gestionar riesgos y fortalecer su reputación? Solicita ahora mismo una demo gratuita de nuestro software y descubre cómo nuestra herramienta y equipo pueden ayudarte en el camino hacia el cumplimiento y la excelencia en el ámbito del compliance normativo.

Quizá te puede interesar:

• Compliance penal en una empresa, ¿para qué sirve y que ventajas tiene?
• Cómo gestionar Mapas de Riesgo: Penales, Éticos y Empresariales
• Compliance penal en la cadena de suministro