...
abogado penalista para empresas en Madrid

CRIMINAL DEFENSE ATTORNEY FOR COMPANIES IN MADRID — CRIMINAL COMPLIANCE

Corporate criminal advisory and defense: criminal liability of legal entities, criminal compliance programs, internal investigations and defense of companies and executives before criminal jurisdiction.

CONTACT NOW
Empresario preocupado consulta con su abogado penalista durante una investigación tributaria. Ambos revisan documentación fiscal en un despacho moderno, con carpetas rotuladas como “Inspección” y “Propuesta de liquidación”. Imagen profesional de defensa en fase de inspección. Investigación delito contra la hacienda pública

Criminal liability of companies in Spain: art. 31 bis CP

Since Organic Law 5/2010, legal entities can be criminally liable in Spain. The model adopted by the legislature is the vicarious model: the company is criminally liable for crimes committed in its name or on its behalf by its legal representatives, directors or employees acting under its control, provided that the crime directly or indirectly favors the organization.
The Organic Law 1/2015 consolidated and expanded this system, incorporating as a complete exemption the existence of an organizational and management model that prevents the commission of crimes (art. 31 bis.2 CP), that is, the criminal compliance program. Public law entities and certain public administrations are excluded from criminal liability (art. 31 quinquies CP).

What crimes generate corporate criminal liability?

The Criminal Code establishes a closed catalog of crimes attributable to legal entities, including: money laundering (art. 302 CP), tax fraud (art. 310 bis CP), bribery (art. 288 bis CP), business corruption (art. 288 bis), fraud (art. 251 bis CP), criminal insolvency and environmental crimes (art. 327 CP).

When does your company need a corporate criminal defense attorney?

You need corporate criminal legal counsel urgently in any of these situations:
  • Your company has received a summons as a defendant in criminal proceedings
  • Police or the Tax Agency has conducted an inspection or search at your facilities
  • An employee or executive is being investigated for a crime committed in the performance of their duties
  • You want to implement a criminal compliance program that acts as a complete defense or mitigating factor
  • Your company operates in high criminal risk sectors: financial, construction, environmental, public contracting
  • You need to conduct criminal due diligence before a merger, acquisition or entry into a new market
Acting before the investigation is formalized will make the difference between a complete defense and a conviction with penalties that may result in the dissolution of the company.
CONTACT A CRIMINAL DEFENSE ATTORNEY

Penalties for legal entities: catalog of art. 33.7 CP

The art. 33.7 CP establishes the complete catalog of penalties applicable to legal entities:
  1. Fine by quotas or proportional. The fine by quotas is calculated based on profits obtained or the company’s assets (min. two quotas). The proportional fine is applied when the law expressly provides for it and takes as reference the damage caused, the benefit obtained or the value of the object of the crime.
  2. Dissolution of the legal entity. This is the most severe penalty: it implies the definitive loss of legal personality and the liquidation of the company.
  3. Suspension of activities for up to a maximum of 5 years.
  4. Closure of establishments and premises for up to 5 years.
  5. Prohibition from carrying out the activities in which the crime was committed, temporarily (up to 15 years) or permanently.
  6. Disqualification from obtaining subsidies and public contracts for up to 15 years.
  7. Judicial intervention to safeguard the rights of workers and creditors, with a maximum duration of 5 years. The judge may appoint a judicial administrator to control the company’s activity.
penas personas juridicas compliance penal Madrid

%

COMPROMETIDOS CON TU DEFENSA

ASISTENCIA AL DETENIDO

Corporate Criminal Defense Services

Comprehensive legal counsel and defense for companies facing criminal risk, from prevention to trial:

Criminal Compliance

Design and implementation of crime prevention programs. Complete defense under art. 31 bis.2 CP.

Corporate Criminal Defense

Representation of the company as defendant in criminal proceedings. Trial representation before courts and appeals courts.

Risk Mapping

Identification and assessment of specific criminal risks in the company’s sector of activity.

Whistleblowing Channel

Implementation of the internal whistleblowing channel and control body required by article 31 bis.2 CP.

Director Liability

Individualized defense of directors or executives under investigation for crimes committed in the exercise of their functions.

Criminal Due Diligence

Criminal audit prior to corporate transactions: mergers, acquisitions, joint ventures and new markets.
REQUEST CORPORATE CRIMINAL DEFENSE

Criminal Compliance, Penalties and Defense in Corporate Investigations

COMPLIANCE AS COMPLETE EXEMPTION
The art. 31 bis.2 CP establishes that a legal entity will be exempt from criminal liability if, before the commission of the crime, the management body has adopted and effectively implemented an organizational and management model that includes:

  • A criminal risk map adapted to the company’s activity
  • A whistleblowing channel that allows reporting of possible breaches
  • An autonomous control body with supervisory and sanctioning powers
  • Disciplinary measures for non-compliance with the program

If the crime is committed by an employee without representative powers (art. 31 bis.1.b CP), the exemption applies if the company has exercised adequate control and the program was suitable to prevent the type of crime committed. If compliance is not sufficient for complete exemption, it may operate as a mitigating factor (art. 31 quater CP), significantly reducing the penalty.

DIRECTOR LIABILITY VS COMPANY LIABILITY
The criminal liability of the legal entity is independent and compatible with the personal liability of the director, executive or employee who committed the crime (art. 31 ter CP). Both the company and the individual may be convicted simultaneously.

However, the director does not always bear criminal liability for crimes committed by company employees. Personal liability requires proving their direct participation or their intentional or negligent omission in controlling subordinates. The defense must separately analyze the position of each charged subject to avoid unjust convictions based on strict liability.

Particularly relevant are de facto directors: someone who acts as a director without being formally appointed may be charged if it is proven that they materially exercised management functions.

WHISTLEBLOWING CHANNEL AND CONTROL BODY / CRIMINAL RISK MAP
The whistleblowing channel is an essential element of the compliance program. It must guarantee the confidentiality of the whistleblower, prohibit retaliation and establish response deadlines. Since the transposition of the Whistleblowing Directive (Law 2/2023), companies with more than 50 employees are required to have this channel.

The criminal risk map identifies the crimes that the company may commit in the course of its activity, assesses their probability and impact and establishes specific controls for each risk. It cannot be generic: it must be specific to the sector and business model of the company.

The control body (Compliance Officer) must have autonomy and independence from the management body, sufficient supervisory powers and direct access to the board of directors.

DEFENSE IN CORPORATE INVESTIGATIONS
When a company is under criminal investigation, the process has its own particularities. The legal entity must be summoned as a suspect and acts through its specially designated representative (art. 786 bis LECrim), who does not have to be the director.

The most frequent investigative procedures in corporate proceedings are: searches of premises and computer systems, interception of communications, freezing of bank accounts, statement of the representative and witness testimony from employees. The defense must intervene from the first moment to:

  • Control what information is provided to the investigating judge
  • Preserve the attorney-client privilege between company and lawyer
  • Prevent employee statements from harming the company
  • Structure cooperation with justice as a mitigating factor (art. 31 quater CP)
PENALTIES FOR LEGAL ENTITIES
The art. 33.7 CP distinguishes two types of fines for legal entities:

Fine by quotas: set as a number of daily quotas (minimum 2, maximum 5 years) and each quota ranges between 30 and 5,000 euros depending on the company’s economic situation. This is the ordinary method.

Proportional fine: calculated as a multiple of the benefit obtained or damage caused (from double to quintuple). It applies when expressly provided by law, especially in economic crimes and money laundering.

Penalties of suspension of activities (up to 5 years), closure of premises (up to 5 years) and disqualification from public contracts (up to 15 years) may be more burdensome than the fine itself for business continuity. Judicial intervention involves supervision of management by a court-appointed administrator, which may extend up to 5 years.

Frequently Asked Questions About Corporate Criminal Liability

Corporate criminal liability raises questions among directors, executives and legal departments. These are the most common issues:
  • Act before the investigation begins. Criminal compliance only operates as an exemption if it was implemented before the commission of the crime.

  • Separate the defenses. The company and its executives must have independent legal representation if their interests may diverge.

  • Do not cooperate without prior legal advice. Cooperation with justice can be a mitigating factor, but it must be managed strategically.

  • Preserve all internal documentation. Emails, board minutes, audit reports and whistleblowing channel records are central evidence in any proceeding.

Can a company go to criminal trial?

Yes. Since Organic Law 5/2010, legal entities are passive subjects of criminal proceedings in Spain. The company can be investigated, charged and convicted criminally regardless of what happens with its directors or employees. It acts in the proceedings through a specially designated representative (art. 786 bis LECrim), distinct from the defense attorney.

What crimes can be attributed to a company?

The Criminal Code establishes a closed catalog of crimes attributable to legal entities. The most relevant in practice are: money laundering (art. 302 CP), tax fraud (art. 310 bis CP), bribery and corruption (art. 286 bis and 288 bis CP), fraud (art. 251 bis CP), punishable insolvencies (art. 261 bis CP), crimes against workers (art. 318 CP) and environmental crimes (art. 327 CP). Outside of this catalog, the company cannot be convicted.

Does criminal compliance completely exempt the company?

It can do so if it meets all the requirements of art. 31 bis.2 CP: updated risk map, operational whistleblowing channel, autonomous control body and disciplinary measures. If the program is not sufficient for complete exemption, it can act as a mitigating factor under art. 31 quater CP, significantly reducing the sentence. A generic or outdated program produces none of these effects.

Is the company liable even if the crime was committed by an employee without powers?

Yes, if the crime benefited the company and it did not exercise adequate control over that employee (art. 31 bis.1.b CP). The difference from the case where the crime is committed by the director is that the burden of proof varies: when an employee acts, the Public Prosecutor must prove that the company did not supervise sufficiently. A well-implemented compliance program can demonstrate that control and exclude liability.

What is the difference between criminal compliance and regulatory compliance?

Regulatory compliance deals with compliance with sectoral regulations (GDPR, AML, financial regulations) and its breach generates administrative sanctions. Criminal compliance goes further: its specific purpose is to prevent the commission of crimes and, when properly implemented, acts as an exemption or mitigating factor for the company’s criminal liability before the courts. They are complementary but not substitutable: having good regulatory compliance does not equal having effective criminal compliance.

Why Choose a Criminal Defense Attorney Specialized in Corporate Defense

Criminal liability of legal entities is a field that requires the combination of deep knowledge of Criminal Law and the real functioning of companies. A general practice attorney may be unaware of the criteria that prosecutors and courts apply to assess whether a compliance program is genuinely effective or merely formal.
At our firm, corporate criminal defense includes both prevention —design and implementation of criminal compliance programs tailored to each company— and active defense when the company is already under investigation. We know the practice of the Anti-Corruption Prosecutor’s Office and the Anti-Drug Prosecutor’s Office, corporate investigation techniques of the Judicial Police and the most recent jurisprudential criteria of the Supreme Court on the effectiveness of compliance as an exemption.

We work with companies of all sizes, from SMEs to large corporations, in high criminal risk sectors: financial, real estate, construction, energy and public contracting.

If your company has received a court summons, is under investigation or you want to implement an effective criminal compliance program, contact our criminal defense law firm in Madrid.

Request a consultation with a corporate criminal defense attorney in Madrid

We will study your case and tell you exactly what you are facing.

CONTACT NOW

OUR BLOG

Legal articles on criminal compliance, corporate criminal liability and economic crimes

Identity Theft Defense: Falsely Accused of Fraud

Identity Theft Defense: Falsely Accused of Fraud

When you receive a summons as a suspect in a fraud case that you did not commit, you are likely a victim of identity theft. In 2023, cybercriminals committed 470,388 computer fraud cases in Spain; therefore, we must be very careful with the information we share...

leer más