Resolution of June 28th 2022, approved by the Joint Committee for the Relations with the Court of Auditors.

Last Monday, September 26th 2022, the Joint Committee for the Relations with the Court of Auditors published the report submitted for “Control of the degree of implementation of the models for the prevention of crimes and unethical behaviour in the state trading companies in the financial exercise 2018”. At the session held on June 28th 2022, it was agreed to assume the conclusions presented and to urge the Spanish Government to implement a set of recommendations to thirty state trading companies.

The control has been configured, primarily, as an operational and compliance task, in order to evaluate the operation of the audited companies and the degree of implementation of their respective crime prevention systems in accordance with Article 31 bis of the Criminal Code. It also aims to verify that the channels for requesting information provided in each company comply with the provisions of Act 19/2013, of December 9th, on transparency, access to public information and good governance.

Regarding the temporal scope of the audit, it has been based on the degree of implementation of the organization and crime management models that each audited company had at the close of the 2018 fiscal year, taking into account the possible extension to other periods.

The report classifies the degree of implementation of criminal prevention models or Criminal Risk Prevention (hereinafter, CRP) and ethics or integrity systems of each listed company according to the phase in which they are: “incipient”, “in development”, “implemented in initial phase”, “evolved” and “experienced”.

The report states that in order to consider a CRP model implemented, it is necessary to have adopted the following eight (8) elements: (i) Code of Ethics and/or conduct, (ii) Manual or Plan for the development of the CRP model or system, (iii) Channel for complaints and/or concerns regarding behaviour contrary to the Code, (iv) Sanctioning Regime, (v) Monitoring Body, (vi) Body that processes and resolves complaints, (vii) Diffusion of the CRP system or model, and (viii) Training to all employees on the content of the CRP.

Finally, the main recommendations are the following:

  • Carry out actions aimed at promoting a culture of ethics and compliance in the implementation of the CRP and ethics system. That is, to carry out campaigns and awareness-raising sessions for the company’s employees.
  • Incorporate the CRP system within the company’s strategic planning, as well as to include criminal and ethics risks and their respective controls within the company’s management and control processes.
  • If possible, the company’s Monitoring Body should include more than one member, in order to reduce the risk of error or fraud. It is also convenient to ensure that they have the appropriate technical and legal capacity, in addition to the due autonomy and independence in their performance, taking into account the requirements of honourability and exemplarity.
  • Carry out periodic and independent, internal and external audits of the Monitoring Body.
  • Inform about the Channel for complaints and/or concerns with the due guarantee of confidentiality; draw up a written procedure for the procedure and functioning of the channel, and publish it on the corporate website to facilitate its access to third parties.
  • Promote training: an initial general training and another by specific modules, for each department or area of the company.
  • Include in the CRP Plans an efficient procedure to obtain relevant information for the revision of the CRP system.
  • Draw up a Code of Ethics, which should contain the possible types of unethical behaviour that may occur in the company’s activities.
  • Reconcile the company’s sanctioning regime, regulated in point 5 of article 31 bis of the Penal Code, with the applicable Labor Law.
  • With respect to the ethics system, incorporate mechanisms for the renewal of prohibited conducts by the Monitoring Body.
  • Draw up specific Codes of Conduct to include the obligations of directors, employees and other members acting on behalf of the company, as well as suppliers and third parties.
  • Set out a written and internal procedure for the processing of requests for information and publish it on the website.

For the development of the aforementioned recommendations, it has been applied the Auditing Standards of the Court of Auditors, approved by the Plenary of December 23rd  2013, as well as the 2016 INTOSAI Guideline for the Audit of Corruption Prevention and the 2017 EUROSAI Guideline for the Audit of Ethics.

The Report concludes that the vast majority of listed companies have implemented an effective CRP model or system, as they have active controls in order to mitigate or minimize the criminal risks, being one of those preventive controls the existence of an ethics system within the company. In addition, it states that no breaches of special relevance have been detected with respect to the provisions for transparency platforms in Act 19/2013, of December 9th, on transparency, access to public information and good governance.

In conclusion, there is an evident need to promote a culture of business ethics and compliance in both public and private institutions to prevent the commission of corporate crimes and mitigate the criminal liability of legal entities.

The entire document is available here.


Compliance Department of Molins Defensa Penal.

Update cookies preferences