Speaker 0 00:00:00 I just joined rocker 18 months ago. And may my role here is mainly focused on energy sector and compliance. Uh, counseling Rocko is, uh, an international law firm that was founded, uh, almost 30 years ago by Miquel Roca. Roca is a personality well knowing his pain because he was a one out of seven. What we call the fathers of the Spanish constitution.
Speaker 1 00:00:34 Hello, and welcome to integrity through compliance AMI business success series. This podcast was created by season's compliance experts at affiliated monitors who will provide their observations on industry trends, gear to raise your awareness and to protect your brand. So grab a cup of coffee and join us as we guide you to integrity through compliance.
Speaker 2 00:01:00 Hello everyone. This is Vindy Siani from affiliated monitors, and I'm joined today with my friend and colleague and a ghost to narrows and to go say hello to everyone.
Speaker 0 00:01:12 Hi everyone. This is speaking from Madrid.
Speaker 2 00:01:16 So in a go and I go back, uh, some ways and we want to cover sort of Spain, uh, us activities with regard to compliance ethics and, uh, the new EU whistleblower initiative. And some other things that, um, we believe are, uh, very timely as we enter into 2022 first indigo, would you tell everyone a little bit about your background? So people get to know you
Speaker 0 00:01:46 Okay. Yes. Uh, sure. Uh, I have this bent, uh, as of today, the, the most of my career as a general counsel for lat multinationals in the energy and the communication sectors, I hold a low degree from a university when you were mercy updates to Bilbao Spain and a couple of masters in business. And in company law, I also have a management program for lawyers. I am a certified compliance and ethics professional internationals is 2017. I also I'm on accurately that compliant expert by WCA. There were complaining association where I am an accredited compliant expert. That means that, uh, I kind of see it in a Spanish trials to the judges regarding the analysis of the compliance programs and as well, a member of the Institute for compliant officers.
Speaker 2 00:02:53 Um, and we'll talk more about compliance coming up. So, um, you recently joined Roca tell about Roca and the firm and the kind of work that it does.
Speaker 0 00:03:03 I just joined rocker 18 months ago. And may my role here is mainly focused on energy sector and compliance. Uh, counseling Rocko is, uh, an international law firm that was founded, uh, almost 30 years ago by Miguel Roca. Nicole Roca is a personality well knowing his pain because he was a one out of seven. What we call the fathers of the Spanish constitution. They act by the Spanish constitution of the seven, uh, reporters of the constitution. Only two are still alive, two of the seven. So Miguel, uh, he decides to quit the politics and he decides to open the, the law firm. And this is a law firm that we are, uh, almost 260 professionals, eh, 50 partners. And we are mainly focusing in, uh, small and medium companies in Spain, although we have some international practice as well.
Speaker 2 00:04:14 Terrific. So affiliated monitors and Roca entered into a strategic Alliance a few months ago and looking to sort of combine our skills and our networks to expand, uh, compliance programs, compliance assessments across the Iberian peninsula. And we thought who better to do that with, uh, than indigo and Roca affiliated monitors in Spain has been around for about five, six years now. Um, and has done a lot of work with a number of entities who either did not have a compliance program or wanted affiliated to come in and assess, um, the program. Um, and it's one of the things that we have done in the U S uh, for many, many, many years. And so we're delighted to be joining Roca as we, uh, bring these services, uh, to Spain. So, so indigo let's get caught up on where what's the sort of the state of the union, if you will, of compliance in Spain, where are, where are you with compliance programs? And, yeah.
Speaker 0 00:05:25 Okay. Let, let me make us sort of a background on where we are regarding that the, you have to do not eat that. Uh, eh, it is only 2010 where the criminal responsibility of legal persons becomes compulsory in this Spanish legislature. That means that before 2010, uh, the criminal, the legal person was not the creamy, nearly liable in his pain. Uh, the first five years, I mean until June, 2015, that there was no movement at all regarding compliant pro only biggest Spanish multinationals with the big international presence. They started to hire the not compliance programs, but there are regarding eh, media entities that was not really the, they need to have the compliance programs. There is a modification in this punish criminal code in 2015, that things to that, the modification companies start to think about how to obtain the, this template from liability. If they adopt a regulatory compliance, Manuel, as the, as it's called in the, in the Spanish criminal code or compliance program there, the objectives of, uh, implementing, uh, compliant programs, I think is exactly the same as a, to implement the compliance programming in the U S companies.
Speaker 0 00:07:02 I mean, you have to make an assessment of the risk of noncompliance here, that the difference regarding the us entities is that here you have to follow the Spanish criminal code and, and made a, what we call a risk map to see exactly that, those reasons, these, those risks that you have in your entity, eh, comply or not comply with the, the criminal code sections. And you'll have a list of, uh, 28 possible crimes that a company may be liable for then, uh, when you have those, uh, the, the, the, the risk mark of them, and you already have those risks, identify it. You have to do the defy as well, the opportunities to improve the company's compliance program. Yes, the, uh, drafting some policies and some, uh, Manuel's in order to take into account that they need possible infractions that have a correct team in the company, or in recent things, the, the sector where the company operates and any change in the organization or the activities that the company is performing.
Speaker 0 00:08:26 When you have a, then these already define these policies, Manuel's, eh, just start the appointing, the, the complaint officer or hearing his pain. Normally, instead of only just appointing one person, normally our, uh, uh, three persons, a compliant officer or compliance team, then you have to establish as well, eh, the reporting channel or the whistleblower channel, you have to develop, uh, an investigation system and, uh, uh, disciplinary regime that you already have it in under the Spanish law, in the labor, the Spanish law, the, the $2 that is a word labor, main law regulate the, any kind of disciplinary measures that you have to have in case there is a Rondo in the, in the entity. And after that, uh, and as well as, uh, happens in there in the U S compliance, uh, issues, uh, you have to organize the staff training and the revelry training, the refresh training, and all regarding the communication after these, uh, six years after the, the second modification of this punish criminal code, the, the Spanish Supreme court has issue about, uh, 41st solutions in relation to the liability of the, of the legal, the moral person indicating in the, in the last set of resolutions that are, would practice in a company is to implement, uh, compliant programs in order to prevent the commission of, uh, any wrongdoing or hinder, the continued, uh, actions of, uh, diversion of money or abuse of pharmacy owners that I will comply and program will have detected in case that you have to put in place the control, the prevention and students that the company compliance with the law and ethics is a key piece of the of any organization that wants to avoid unexpected surprise related to the commission of, uh, irregularity.
Speaker 0 00:10:59 That is a yes, read this actually when sentence or resolution of the Supreme court, eh, refers to the compliance programs. So they, the, the idea, and then in the latter solution of the Supreme court, they insist is the necessary in your Spain to capture their eye, the, the attention of the business community. And to make them to understand that compliance is just not another, eh, S beans expense or cost, but the product that is, uh, an investment is, uh, what they call a business benefit for the entity. And there is something that is, uh, really the last of our solutions. Making the point in that is there, this business benefit is what the entities must think about in order to put in place a compliance program.
Speaker 2 00:11:56 What happens if they don't, what's the what's the, is there a penalty or as some type of sort of nev negative impact in the, in a, in a prosecution?
Speaker 0 00:12:08 Well, the fact is that, uh, the Spanish criminal code, that's not obliged to have a compliance program. It's just a recommendation in the case that, uh, you do not have a compliance program. And, uh, that means that there is a wrongdoing and the, the wrongdoing is, uh, is detected that is investigated there. The company will be found liable for not having a compliance programs, so a fine maybe imposed to the, to the entity and as well in Spain, they're the managers, meaning the, the, the members of the board of directors will be found liable because under the Spanish, eh, eh, corporate law, they have the fiduciary duty to comply with the recommendation of the law. So in the case that, uh, you find, uh, a wrongdoing and there is not a compliant program, the company will have to take care of a, of a fine. And, uh, if the, the wrongdoing is, uh, it's a big one that the even, eh, you can have to the liquidation of the entity and as well, the, the members of the board, the managers will have as well too, to bear they're liable for not having a compliance program.
Speaker 2 00:13:38 So in some ways it's similar to what goes on in the U S however, we don't have any specific legal requirements to have a compliance program, although under the U S sentencing guidelines and the DOJ guidance, um, there are certainly considerations as to whether or not a company has a compliance program and how effective it is. Right. So, so let's, let's, let's talk a little bit about, so you've sort of set the stage here in terms of the requirement under the code to have a compliance program. Let's talk about, um, how a company can determine whether or not that program works, right. I mean, it's one thing as you, and I know to have a written program, there's another thing to have a program that works and is effective and is doing the things that you described, right. Which are somewhat similar to what goes on in the U S give me some sense of that.
Speaker 0 00:14:33 Well, uh, hearing this thing, what the, to see if you have a proper compliance program and the compliance program is working, it's only seen in the case that is a wrongdoing, and you have the criminal visiting the NTT and see if the, the wrongdoing was already covered by the compliance program. And there is, uh, a whole system that, uh, can, uh, check that the, the program is working. I used to work for it to habit because, eh, that wrongdoing, eh, it's already drafted or restroom in the program. What I mean is that, uh, if, uh, there is only a paper compliance program and anything that is reflected in the, in the compliance program, when really I run doing happen, there is no, uh, red light, so alarms or whatever in the organization that is a clear sign that the program is, is, is not working that the today.
Speaker 0 00:15:47 Well, yesterday there was a, uh, a new scene in, in Spain related to the COO of, uh, one of the largest Spanish entities that the, the electricity, the electric, the electricity distribution entity, and producer of electricity, the as well, the CEO for Figerola, there is not only the CEO. He has the two roles under the same hat because this person is the CEO and the president of the board, eh, he wants to do well in front of the, the Spanish audience here in FNL here in Madrid in order to declare, and then an investigation that in 2000, I don't know, 2004 or 2014, eh, there was, uh, some invoices, a baby stroller to a former, eh, eh, set of, I mean, it's a, like in the national police that they have, uh, like, uh, a high level in the Spanish police that these, uh, this gentleman, after he is working at work as a policeman, he offered his services as a inspector for big corporation in his pants.
Speaker 0 00:17:14 So this person, uh, he declare that deeper. Rola asked him to investigate, uh, some, uh, individuals in, uh, in entities that are competitors of favored Rola and as well in, uh, in our project for a wind farm, no, it was not a wind farm. I think it was, uh, uh, another kind of, uh, production, uh, entity that there was some rejection for the local town hold too, to permit to build up that installation. And, uh, either they say that, uh, make some payments in order to convince the members of these, uh, local don't hold to authorize the construction of the, of the plant. So, eh, here is a good example that, uh, the compliance program really work because, eh, the internal compliance program detected that there was eight invoices that was not, uh, following the procedures of the entity and those site in bushes, they, they didn't have four day was not paying exactly the survey that the invoice was reflected. So in this case, the program work it and even defy that the dose eight invoices was not, uh, properly proceed. The, the, the systems in the referral indicates that, uh, that they, the CEO of may be able to hide those 18 voices. There will be a good example of how a compliance program is not working, or is a paper compliance program as, uh, as women's. Yeah.
Speaker 2 00:19:18 So it's a, it's very interesting, um, in terms of effectiveness, right. And how it shows itself. And I know that, that you and affiliated monitor Spain, and then, uh, AMI in the U S has done a lot of work assessing these compliance programs. Right. Um, and, and, and so, as you know, um, uh, in October Lisa Monaco, the deputy, uh, us attorney general made her pronouncements about number one, you know, sort of the reenergizing of monitoring, and that's sort of a more us based, uh, issue. Um, but she also sort of, uh, put out the, uh, subtle warning that companies should be very careful in re-evaluating their programs and strengthening their programs, you know, just in case DOJ ever comes knocking, what impact does a pronouncement by DOJ in the us have on companies in Spain? I mean, I would think it would affect multinationals, right. That do business in the U S and they are the ones that perhaps their eyes tend to go up when they hear that kind of thing. But does it have any impact, you know, in the compliance world, in, in Spain?
Speaker 0 00:20:32 Well, uh, as you, as you mentioned, as you said, uh, of course the DOJ pronouncements, they have a big impact in multinationals and as well in, in Spanish entities that they have some business in the us. And of course the us entities that they have businesses in Spain, but, uh, regarding these, eh, Lisa Monaco, eh, I don't know to say the conclusion so pronouncement or wherever I, I take advantage of the, the last five points of the, of the, of the pronouncement and the first of the last five point, he mentioned that, uh, the companies need activity to, to review the compliance programs two-inch to ensure that they are, they quite tightly monitor and remediate the misconduct and so on. So, and the, what the amaze me regarding the difference between how compliance work in the us and in Spain is that, uh, Ms. Monarchal takes for granted that all companies already have a compliance program.
Speaker 0 00:21:47 So they say that the all companies to needs to review their compliance program. So there is taken for granted that anyone, any company, or really have a compliant program. And here, when you read the, let's see the, it's not really a parallel, because this is a member of the Supreme court, the Spanish Supreme court of the S uh, of the second chamber or the Spanish Supreme court is called, eh, eh, it's called, sorry. Eh, within the Morrow within tomorrow is, uh, I think he's 60 years old judge of the, as I mentioned, the second term of the Supreme court, um, probably is the Spanish judge who has to read them the most on, on compliant issues. He has a thousand of, uh, complaint articles, and he's the, they all thought of many resolution of the Supreme court regarding the complaint issue in Spain and, eh, Biphentin Morrow on all his articles.
Speaker 0 00:22:52 He steals talking about, uh, that the Spanish entities should have a compliance program as a business benefit. So I think that that's the main difference between what the DOJ is doing in the us and the OTA. Well, the Spanish DOJ, if you allow me to say that is doing regarding what the entities sort of having in compliance parole from a S three example, a commercial point of view in, in the, in, in, in Roca, in the law firm, what we learn from the market is, uh, there are only two scenarios while there are three scenarios where the companies in Spain are buying compliant, assessment or compliant. Uh, consulting one is, uh, if you are a multinational and you will have in, in the us, the second is thinner. Of course, here, I include all the listed entities. I think that there are no listed entity in Spain without that compliance program.
Speaker 0 00:23:56 And think that in his pain, we have around 150, 160 listed entities. The second is eh, companies that they are facing, eh, some problems. So I'm doing some irregularities when they have so many other modalities and the, the court or the judge, or the police has arrived to NDT, they call the lawyer. So, um, normally they call a criminal lawyer and the criminal lawyer things have out a complaint expert in order to clear up the situation, because here that is true that, uh, if there is any irregularity or wrongdoing in identity, and at the same time that you call the police gets into the company, and at the same time, you call a compliance expert, you will reduce the sanction of the entity just in that moment. So that is something that the, it is good for the Spanish entities, but it's not good for people who are trying to sell, uh, compliance services because they, they know that they have that opportunity.
Speaker 0 00:25:07 And the third that I wanted to mention is when there is a non-Spanish entity or a bigger multinational Spanish entity that is trying to, to merge or to acquire during DP, because in all the due diligence of the law in the last law firms, they are ready, uh, a section in the duty to Yens questionnaire for everything compliance. So you don't have anything to just call the compliant, uh, counsel in order to have, or I'm going to, I'm sending my entity, or I'm sending a part of my entity, and I need to have something in compliance in order to fulfill the .
Speaker 2 00:25:52 It's very interesting. Uh, the, the three different sort of approaches, it's not, again, dissimilar to what we're seeing in the U S but, but going back to, um, Lisa Monaco's pronouncement, what we have seen in the us, um, is a lot of companies reaching out, um, to have an independent come in and do the assessment of their programs. I think, um, uh, you and I have talked about it over the years, that it's very difficult for a company, a compliance officer or compliance committee, uh, to assess yourself, you know, and even having an internal audit function, try to look at compliance. It doesn't have the kind of depth of experience with compliance to be able to effectively assess, you know, how well the compliance program is drafted, whether it's comprehensive, whether or not there are gaps and whether or not it has been effectively implemented.
Speaker 2 00:26:44 So we're seeing that, you know, as a direct result, that there has been a lot more incentive for companies to invest in their compliance program, through having an independent, uh, like an affiliated monitors come in and to do that kind of work. So, you know, with that, I know that that's part of the strategic Alliance that we have with Roca, and that is to be able to offer these services, you know, to, uh, companies, um, in Spain and the Iberian peninsula, what do you see as the benefits? You know, why would a company, um, in Spain want to bring in an independent to do that assessment kind of work? And I know this, this is what we've done in the past.
Speaker 0 00:27:28 Oh, okay. Well, I think that the dosha entities that there, they already have the compliance programs in place. Eh, they will have the benefit of having, uh, an independent assessment in order to prove, uh, in front of the stakeholders or in order to prove in front of the, of the authorities. And now, regardless we know all the issues about sustainability and the invest, the impact or impact investment and all the ESE, eh, regarding those investors, it is, uh, good to have these, uh, this independent assessment of the compliance program. Uh, before I mentioned that, uh, there is not compulsory to having a compliance program and the Spanish law, but, uh, there are some exceptions. One of the steps are the guardian, the, that the, the, the Spanish called the obliger subjects in the prevention of money laundering and terrorist financing law. Did you are, uh, the subject, you have to have a compliance program as well.
Speaker 0 00:28:52 For instance, in, uh, India football, professional teams for football, I mean, soccer, professional teams in Spain, uh, they are the first division and the second division during, I think there are 48 teams or 44 teams, those 44 teams in order to play those leaks, they need to have a compliance program. And, uh, we, the then non-financial reporting that is an obligation that comes from a European directive for 2014, the non financial reporting ablaze and the 20, 20, 21 shortly until 2020 all entities, more than 500 employees, they have to report about non-financial issues from, from now. I mean, the, the 2020 year, when you have to present in front of the commercial account or financial statements of 2021, all companies have more than 250 employees, they have to report regarding their non-financial issues in one of these non-financial issues that, uh, comes, as I mentioned from, and the 2014 detective, do you have to report regarding what the, your entity is doing in, uh, anti-bribery and corruption in, in your company. So here you already have, you are an entity of more than 250 employees in Europe, millionaire Spain. In this case here, you already have a legal obligation that in your financial statement, you have to report about what are you doing regarding anti-bribery and corruption. So here, the independent assessment is, eh, is a clear benefit for those entities that already have these, these obligation.
Speaker 2 00:31:07 W so one of the things that I think is also important as we talk about independence is the fact that, you know, based upon all of the assessments that we've done of companies over the years, we can benchmark, you know, good practices that we've seen in other organizations to help strengthen the programs that we're assessing. Right. And I think that companies really appreciate that, you know, um, because they want to learn, they want to do the right thing, especially if the board and the senior leadership in the company is committed to getting this right, to hear how things work in other organizations I think is quite important, right. Um, I want to move on because we're running out of time, but I wanted to talk a little bit, uh, indigo about the new EU directive, uh, regarding whistleblowers. And, uh, if you can just talk a little bit about that, but that's tie it then back to sort of the hotlines and the whistleblower programs that exist in companies under their compliance programs.
Speaker 0 00:32:09 Okay. This is a directive for 2019, and the idea of these directors is because in the 27 Aus states, there was a lot of different regulation regarding the wisher Grover channel or the ethic channels. They decide to wrap up all those regulation and just make a only, and only regulation for all day, the European union, eh, the directive, uh, give, uh, the countries two years to implement the directive in the, in the local legislation. And as of the end of 2021 only two out of the 27 AAU member states, Harold, really, eh, implementing their latest relation, the, the directive regarding the whistleblower and the two states are, uh, I see them mark and Sweden. What are the fundamental principles of the directive? And before that, the two things that are important to know is that the UN here, any entity, the directive said before December 20, 21 have more than 250 employees, they should have the channel implement in their organization.
Speaker 0 00:33:29 And these obligation reviews two entities with more than 55 of employee after 2023, December, 2023. Okay. So the, the fundamental principles of the directive, eh, and I think that all of them are very common for, for the U S are the confidentiality of the identity of the whistle blower, the anonymous whistle blowing, and then not retaliation. There is, uh, the confirmation of receipt, any reports who will be proceed within seven days, uh, there is a contact person, eh, who has started the investigation. There is an impartial person that maybe from me, how the company, or outside the company to manage the channel, does it channel, there will be a follow up the DC contact person make any informed to the, the complainant regarding at least in, uh, in that reasonable periods of Dane. And in no case more than three months from the, uh, Nolan knowledgement have received, this will be a reporting and a follow up to include the clear and accessible information or how to report to the competent authorities and what appropriate to official institutions or agencies. And of course you have to comply with the GDPR, the general data protection regulation, and every organization must keep records of the report and the investigation on time. And of course respecting any confidentiality requirements.
Speaker 2 00:35:27 So with that, um, it sounds like it is, um, sort of requiring companies to either implement a whistleblower and, or strengthen the program that they have. Right. That's the notion. Um, and, and where what's the status in Spain and Portugal with this new directive of, are they ready for it?
Speaker 0 00:35:49 Well, the, the idea here is, uh, is exactly the same. As we mentioned before, the big multinationals, they already have the, the, these ethic channels, the smaller medium entities. There are some that they have, eh, the ethic channels, but the here, the, the good news for how to compliance is getting in this smaller million entities is that now you have this obligation to have fine ethic channels regarding the non-financial information. You have to disclose information regarding, eh, anti-bribery and corruption issues. And there is another, eh, scenario that I didn't mention is regarding, uh, maybe you heard about the, the next generation financial aid from the you the, the consent or the EU to member states, these, eh, financial aid, what they are looking for is to, to recover for the pandemic, to recover the economy and as well to, to help with the climate change issues. And, uh, any entity who asked for these, uh, funds they have to, to comply with, uh, to comply annually. We started report regarding the anti-bribery and corruption issues. So now you have another source of obligation regarding that, uh, the benefit of having, uh, independent assessment regarding your compliance program.
Speaker 2 00:37:35 We're we're at a time, um, this has been terrific. Um, any takeaways that you want to leave with the audience?
Speaker 0 00:37:43 Uh, well, I think that the takeaway is that, uh, it is time to, uh, to Bassey Nate for the compliance in his pain.
Speaker 2 00:37:52 I think you're right. So, um, thank you so much, indigo. It's been terrific speaking with you, and we look forward to speaking with you again. Thank you all. Thanks.
Speaker 0 00:38:03 Bye bye.
Speaker 1 00:38:04 Thank you for joining affiliate monitors podcast, integrity through compliance, analyze business success series. Today's segment is just a sample of the subject matter expertise captured by AMS compliance professionals. Go to our
[email protected] to view the comprehensive list of industry and in-house talent. AMI has available to enhance professional and business integrity programs and controls. Also with us on LinkedIn to receive updates and trends in the areas of enforcement and compliance. If you have any questions about today's podcast or would like to learn more, please contact
[email protected]. Our affiliated monitors podcast, production team of Dolores SIADH, our compliance associate, and Dan Barton, our editor and podcast music composer. Look forward to you joining us again for our next installment of integrity, through compliance, AMI business success series.
