ComplianceKeys#28. Compliance in the public sector: integrity and good governance as pillars of public management.
Compliance, although initially associated with the private sector, has undergone increasing integration into the public sector in recent years in response to transparency challenges. Historically, many public administrations have been exposed to recurring episodes of corruption, inefficiency and abuse of power which, beyond their specific manifestations, have eroded public confidence and highlighted structural weaknesses in control and accountability in public management. This reality has driven the evolution towards more honest and transparent models of public governance, largely promoted by the implementation of European regulations that require greater controls over the public sector, with a special emphasis on procurement and the administration of public funds.
Supreme Court Ruling 1697/1990 of 26 February already stated that Administrative Law ‘no longer aims solely to defend citizens against undue interference by public authorities, but also to achieve an Administration that provides effective public services’. But how is Compliance applied in the public sector? Is it mandatory?
In general terms, although the public sector is not subject to the criminal liability of legal entities, as established by the 2010 Criminal Code amendment, the adoption of Compliance programmes is emerging as a best practice for ensuring integrity and efficiency in public management.
However, the Criminal Code provides for a significant exception: public corporations that implement public policies or provide services of general economic interest. These entities may be held criminally liable, although the penalties are limited to fines or judicial intervention. Therefore, in these cases, the implementation of effective Compliance programmes is not only good practice, but a necessity if they wish to benefit from an exemption or mitigation of criminal liability.
In this context, public corporations have played a pioneering role in the evolution of Compliance within the public sector. Their dual regulatory framework (private and public) has led them to develop particularly rigorous programmes. Their experience shows that it is possible to integrate the efficiency of the private sector with the principles of legality, transparency and integrity that govern public action. In this way, they have established themselves as a benchmark for the rest of the public sector, demonstrating that a culture of Compliance is a key element in strengthening institutional trust and the responsible management of public resources.
Having concluded the point on hybrid corporations, it is important to highlight that, despite the absence of an express obligation for public administrations to adopt criminal Compliance programmes, Spanish legislation has established a series of control measures and obligations that are in line with national and international Compliance standards. Clear examples of this are Law 9/2013 on Transparency, which introduced key concepts such as the principles of good governance and access to public information; Royal Legislative Decree 5/2015, which establishes a code of conduct for public employees; and Royal Decree 424/2017, which regulates the legal regime for internal control in local public sector entities.
The influence of the European Union: from anti-fraud measures to the Whistleblowing Directive
The drive towards implementing Compliance measures in the public sector has also come from the European Union. For example, Regulation (EU) 1303/2013 on ERDF funds already required the implementation of ‘management and control systems in public administrations to prevent, detect and correct irregularities’. This European regulatory framework has been essential for the introduction of control measures in sensitive areas such as public procurement, the management of European funds and the fight against corruption in Spain.
Furthermore, Law 9/2017 on Public Sector Contracts, which transposes European directives, explicitly refers to the fight against corruption and the prevention of conflicts of interest. In particular, it states that contracting authorities must take measures to ensure transparency, equal treatment and non-discrimination in tendering procedures, which is in line with the principles that any Compliance programme should follow.
Following the EU approach, a key aspect in the development of public Compliance has been the integration of Anti-Fraud Action Plans (‘PMAs’) into public management, in the context of the management of Next Generation funds. Regulation (EU) 2021/241 requires Member States to adopt anti-fraud measures as a structural condition for accessing European funds. In Spain, this condition is met by the Recovery, Transformation and Resilience Plan (PRTR), which requires all beneficiary entities to have a PMA, which must be structured around the four elements of the so-called ‘anti-fraud cycle’: prevention, detection, correction and prosecution. To this end, the Plan must include, among other aspects, a risk assessment, high-level institutional statements, detection mechanisms – such as ethical or reporting channels – and staff training.
Another key element of Compliance programmes is the implementation of reporting channels or internal information systems, which have been reinforced by the European Whistleblowing Directive and Law 2/2023. The latter legislation establishes that all public sector entities must have internal reporting systems in place that allow employees and citizens to report breaches or irregularities without fear of reprisals. However, the Law establishes certain flexibilities for local authorities in municipalities with fewer than ten thousand (10,000) inhabitants and for public entities with fewer than fifty (50) employees, allowing the shared use of internal channels in these cases.
What is the future of Compliance in the public sector?
The expansion of Compliance in the public sector is shaping up to be a solid trend in the coming years. Although public administrations are not criminally liable, it is expected that, similar to the private sector and following the example of public corporations, they will continue to adopt risk-based management systems that enable the effective provision of public services, as already intended by the Supreme Court in 1990.
In particular, the General State Administration has taken a decisive step forward with the approval this year of its own Integrity System, which extends the coverage of PMAs. This development could mark the beginning of a process of progressive alignment of Compliance in the public sector with private sector standards.
In short, public Compliance is and will continue to be essential for preventing corruption, improving public management and protecting the general interest. Its gradual integration into public administrations not only has an impact on operational efficiency, but also strengthens citizens’ trust in their institutions, contributing to a more transparent, ethical and responsible model of governance.