Compliance programs have been gaining more and more importance in our country due to their usefulness in relation to Criminal Law and other areas such as Public Law. Two legislative developments are worth noting that have contributed to the promotion of these policies within companies:
- Law 9/2017, of 8 November, on Public Sector Contracts, which includes a prohibition on contracting with companies whose administrators or representatives have been sanctioned for serious infringements of Competition Law. However, this prohibition will not apply when the company proves payment or commitment to pay the sanction imposed and adopts appropriate technical, organisational and personnel measures to prevent the commission of future administrative infringements, i.e. a compliance programme.
- The recently adopted Directive 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of individuals who report infringements of European Union Law, also known as the "Whistleblowing Directive". Although this rule is pending transposition into Spanish law, it will contribute to greater awareness of criminal and administrative offences.
According to the National Commission of Markets and Competition (hereinafter, the "CNMC"), in order for compliance programs to be truly effective, they must guarantee a real commitment to compliance that can be transferred to all workers of a company so that they can detect possible infringements of Competition in the performance of their duties.
While the assessment of the criteria to be considered for the development and implementation of a compliance program should be done on a case-by-case basis, the following are the criteria that the CNMC considers generally appropriate for effective compliance programs.
A. Involvement of the company's administrative bodies and/or senior management.
For the compliance programme to be effective, senior management must be fully involved. Therefore, it is advisable that they clearly, firmly and publicly state the importance of compliance with the program rules, not only from a legal point of view but also as a cultural element of the company and of the responsibility that the company has towards third parties.
B. Effective training.
The training strategy must be accessible, adaptable, verifiable and measurable. That is to say, a standard strategy, with basic notions, is not considered effective. The strategy must be modified according to the circumstances that may arise and is therefore adapted to the reality of the company.
C. Existence of a complaints channel.
In line with the above, if an effective training programme is in place, the effectiveness of the complaints channel will be enhanced. However, these channels must maintain the anonymity of the complainants since, without this, the possible reprisals that they could suffer would not contribute to their use.
D. Independence and autonomy of the person responsible for the design and control of compliance policies.
A person should be appointed to design and implement the compliance programme. This person is known as the "compliance officer". The compliance officer must have sufficient human and financial resources to fulfil his/her duties and must act independently. An example of the latter would be to be able to report directly to the governing body.
E. Identification of risks and design of protocols or control mechanisms.
Any programme must be able to assess the risks to which the company in question is exposed. This is known as a "risk map" and should at least indicate (i) the business areas, business processes and people of the company most exposed to possible infringements; (ii) the likelihood that the particular infringement will occur and (iii) the impact that the infringement would have on the company and its staff. It is advisable that the risk map contains measures to ensure the monitoring or control of compliance with the compliance program. In addition, this should be constantly updated.
F. Design of the internal procedure for the management of complaints and the management of violation detection.
Compliance programs should include mechanisms to enable: (i) to seek advice in relation to a practice about which there is doubt and, in addition, to have it resolved as a matter of urgency and (ii) to warn of suspected or established breaches.
G. Designing a transparent and effective disciplinary system.
A system must be designed that contains predictable and transparent measures for all members of the organisation. It is advisable that it includes not only disciplinary measures but also incentives aimed at compliance or collaboration within the programme.
Having established the criteria that can lead a company to design and implement an effective compliance program, the CNMC has also assessed the effects of both the programs implemented prior to the detection of the violation (ex-ante compliance programs) and those implemented or improved once the company has been investigated (ex-post compliance programs). In this sense, the CNMC understands that the prior existence or implementation of a subsequent program after the initiation of an investigation by the competent authority, can be considered as a mitigating element of liability. In any case, an ex-ante programme will normally be more positively valued than an ex-post one. One of the measures that could be applied as a result of the existence of such programmes would be a leniency programme that could involve immunity or reduction of fines, as well as circumvention of the prohibition on contracting with public administrations.
The guide also includes an annex with examples of commonly accepted indicators for examining the effectiveness of a compliance programme.
For all these reasons, with the publication of this document, the CNMC is moving forward on the path to implementing a culture of compliance with the provisions of Competition Law in the various companies and organizations in our country through the implementation of programs that prevent or detect in time the commission of infringements in this area.