Criminal Liability of Companies Under Spanish Law: What is the Real Impact on Directors & Officers Coverage?
The financial crisis has triggered a number of criminal investigations against companies and their directors. In light of these developments, this section provides an overview of the recently introduced Spanish regulation concerning criminal liability of companies and the real impact this reform will have on directors and officers (D&O) policies.
A significant reform of the Spanish Criminal Code (SCC) took effect on December 23, 2010, by means of Organic Law 5/2010 of June 22, 2010.
The law allows companies in Spain, with the exception of government-owned entities, to be held criminally liable for certain crimes committed by their directors or employees. This is a significant change from the country’s longstanding tradition of not assigning criminal liability to companies.
Pursuant to Section 31 bis of the SCC, companies can be held criminally liable in the following cases: for crimes committed in their names and for their benefit by their legal representatives, their directors and their de facto directors, and for offenses committed for their benefit by employees performing functions without adequate control or supervision by the company.
Under the new rules, the criminal liability of the individual and that of the company remain absolutely independent from each other. This means that a company may still be held criminally liable even if the individuals involved are not.
The criminal responsibility of directors is regulated in Section 31.1 of the SCC, which has not been changed. The law continues to make directors personally liable if their company meets the conditions, qualities or relations required to be an active subject of the crime at hand - even if they as individuals do not meet these requirements. However, this provision of the SCC should not be understood to be an automatic attribution of criminal liability to directors by the mere fact that a crime has been committed, nor as a case of strict liability. The individual responsibility of the director must be proved.
In summary, the criminal responsibility of directors is regulated in Section 31.1 of the SCC, and companies are now regulated for the first time in Section 31 bis of the SCC.
Another key point of this reform is the creation of new criminal offenses, the establishment of new modalities in already existing crimes and the increase of penalties. The offenses for which a company may be held liable include, but are not limited to, the following: fraud, bribery and corruption, money laundering, falsification of financial information, punishable insolvencies, the discovery and disclosure of secrets, offenses against environmental resources and workplace mobbing.
Section 31 bis of the SCC expressly provides that criminal offenses should result from a company’s lack of “due control” over its employees. That means that the law punishes a company for an internal lack of control that allows its employees to commit crimes. The company is responsible for not exerting the “due control” necessary to avoid those crimes.
Compliance Programs and Internal Controls
The wording of Section 31 bis of the SCC suggests that a company may prove it has introduced reasonably tight internal controls and plans to prevent criminal offenses in the corporate organization. In such a case, there may be room to argue that a company should be exempt from liability if an employee craftily avoids its controls to commit a crime.
Section 31 bis of the SCC does not expressly mention a lack of control that allows the company’s directors or representatives to commit a crime as a basis for the criminal liability of companies. Arguably, the existence of corporate compliance programs to prevent criminal conduct does not exclude the criminal liability of a company if one of its directors or representatives commits a crime. Yet most observers maintain that directors’ actions committed outside of corporate policy, as set forth in existing specific corporate compliance protocols, do not necessarily mean the company should be held criminally liable.
There is no specific regulation concerning whether due control or a company’s diligence will exclude the company’s criminal liability as envisaged in Section 31 bis of the SCC. Furthermore, the courts have not yet set forth any solid doctrine on this matter. As a safeguard, and to avoid potential liability for the actions of employees and directors, companies have implemented crime prevention and compliance programs in order to adapt themselves to the SCC.
The existence of a criminal compliance program is useful not only for minimizing the risk of employees and directors committing a crime, but also for use in a defense strategy when a company is accused of a crime.
For a court to allow a company to be exempt from criminal liability because of its compliance program, a company should be able to demonstrate that it conducts regular compliance risk assessments and compliance program reviews. It also should be in a condition to review and update its own compliance programs. In this context, a company must periodically assess the risk of incurring criminal liability due to the actions of directors or employees and update this risk in every sphere of its business. The company must engage in these efforts to continually improve performance.
Following the general rule that a crime may be a source of civil liability, the company’s criminal liability may give rise to civil liability as well. Formerly, as a general rule, a company could only be civilly liable, but never criminally liable. One notable exception was that a company was liable on a joint and several basis for payment of a fine imposed on a director (under paragraph 2 of Section 31 of the SSC, now repealed by the reform). This means that a company facing these circumstances would now be subject to a criminal penalty (normally a fine) and would also be required to indemnify the injured party.
Finally, the penalties for companies that violate the SCC are serious and include fines; being wound-up; disqualification from public procurement; court action; and temporary closure of the business, premises and establishments.
Impact of Reform on D&O Coverage
There has been some bustle in the Spanish insurance market about the reform and its impact on the potential liability of directors and officers. But what is the real impact on D&O coverage?
The obvious conclusion is that the reform broadly widens the scope of criminal liability. It is widened, firstly, for companies themselves - in fact, companies are criminally liable for the first time while directors had previously been subject to criminal liability. It is also widened for the directors and officers of companies as a result of newly established criminal offenses, new modalities within existing crimes and aggravated penalties. Criminal risk is definitely wider.
However, it is also clear that losses resulting from acts perpetrated in bad faith by the insured are excluded from coverage (Section 19, Insurance Contract Act 1980). To that extent, the coverage position for D&O remains unchanged since intentional criminal acts or omissions are not covered. It should be noted that certain policies in the Spanish market cover specific items such as administrative fines, which are uninsurable according to the law.
Therefore, how does the new criminal context impact D&O policies? Arguably, the new crimes and new modalities of already existing crimes noted in the SCC may lead to an increase in criminal litigation against both companies and directors and officers. Among other reasons, claimants favor this criminal liability option because criminal proceedings exert more pressure on defendants and allow for wider investigations.
Moreover, defense costs for directors and officers will be higher if criminal proceedings become more frequent as expected. Some insurance carriers, especially those providing coverage to small and medium-sized companies, are providing a predetermined allocation of defense costs with a 20 percent deductible for the defense of claims against the company and the directors. These carriers require a joint defense for the company and the directors, which could lead to conflicts between the company and its directors under the new criminal liability scenario. Under normal conditions, defense costs are reimbursable to an insurer if the insured is convicted for an intentional crime. However, there are policies in the market that effectively waive this requirement.
Additionally, two types of bonds (fianzas) may be set up: bails and civil bonds. The latter would cover the civil liability arising from criminal offense. Again, the sums involved may increase in light of the new law.
Regarding fines, they can be civil, regulatory (administrative) or criminal in nature. Generally, the insurability of fines is contrary to public policy and to the principle of individual penalties in the sense that they cannot be “passed on” to another person. This is the official position of the Insurance Supervisory Authority.
However, there are arguments to allow the insurability of fines. In the case of fines for criminal activity, which are typical when companies and directors are convicted, unintentional crimes arising out of serious imprudence may be insurable. In addition, in cases of regulatory fines, the principle of proportionality requires authorities to consider the existence or degree of intent. This suggests that fines for negligent - but not intentional - conduct are possible and that this type of fine may be insurable.
Finally, in closing, insurers need to consider the position of companies and the covers they can expect on general liability policies.