Corporate compliance

We manage tax compliance for the security of your business. You won’t have to worry not even for a minute about managing your company’s taxes in Spain (Madrid and Barcelona) since we will have it all under control for you. No matter if it is tax credit, tax refund, tax rebate, tax deductions, tax payment, or any other tax services.

The Spanish Criminal Code amendment (Organic Law 5/2010, of 22 June) foresaw the criminal liability of legal entities, including both actions carried out by their directors and executives, and by any other company employee. At Henry Towers your safety and compliance is our number 1 concern. We want to ensure your business is safe and compliant, and we therefore cover all aspects of Spanish legislation to ensure you can focus on your business without risk of incompliance. With Henry Towers, being compliant is not a problem

Content photo




  • Information
  • Validating



  • Processing
  • Requirements



  • Completion
  • Status

Each legal practice area has specific aspects of compliance, but at Henry Towers we want to make it easy for you. We can develop a full compliance program for you by identifying corporate actions with potential risk of criminal liability, analyzing the controls implemented, developing a legal defense manual and training your teams. We are committed to providing an efficient service to maximize your business potential while keeping you compliant, and all the process will be as easy as ABC.

Information gathering and context understanding about corporate compliance.

Our team will work with you and your teams to understand the business context, corporate actions, and controls in place, so we can appropriately assess strategic alternatives and recommendations for you and your business. Having a comprehensive understanding is critical in order to coordinate with other divisions that are potentially implicated.

Execution process of Corporate Compliance.

Henry Towers’ experienced lawyers will develop a criminal risk matrix through inventory and classification of such risks. We will support the roll-out of improved controls and actions to mitigate risks and provide the training required as per the identified risks. We will draft and roll-out a Legal Defense Manual for your company. We can also support you in identifying and training a corporate compliance officer for your business.

Corporate Compliance Report

We will agree with you how often you would like us to inform you and your team about the progress made on the assignment, and elaborate a final report at the end of our service. A maintenance service is also highly recommended in order to keep the Corporate Defense Manual updated as well as to train new associates.

Aligned with the new Penal Code, this establishes the requirements for implementing a criminal compliance management system with the aim of preventing crime and reducing criminal risk in organizations and thereby fostering an ethical and compliance culture.

Organizations that correctly implement this standardized model may be able to see their criminal responsibility lessened or even be exempted by demonstrating due diligence and best practices in preventing and detecting crimes committed within them.

UNE 19601, drawn up with the participation and consensus of leading experts representing the legal profession and the different interest groups in the area of ​​criminal compliance, will be certifiable by an independent third party.

After almost two years of work and the result of the consensus of leading experts representing the different interest groups in the area of ​​criminal compliance, the Spanish Association for Standardization (UNE) has published on Thursday May 18 the Spanish Standard UNE 19601 Management Systems Of criminal compliance.

Requirements with guidance for use:

  • This Standard, developed within the entity responsible for the development of technical standards in Spain, establishes the requirements to implement, maintain and continuously improve a system of management of criminal compliance in organizations with the aim of preventing crimes within them and reducing criminal risk, through the promotion of an ethical compliance culture.
  • The UNE 19601 responds to the new scenario and the high interest for criminal compliance after the reform of the Criminal Code of 2010 that introduces in Spanish law the criminal responsibility of legal persons; But above all it responds to the latest reform of the Criminal Code of 2015 which indicates that legal persons who have implemented crime prevention models and meet a series of requirements may be exempted from criminal responsibility.
  • The UNE 19601 mentions requirements that comply with what is indicated by the Penal Code for crime management and prevention models, but also goes further, incorporating globally accepted best practice in compliance.

Among the requirements, the Standard states that organizations must:

  • Identify, analyze and evaluate criminal risks.
  • Have adequate financial resources sufficient to achieve the objectives of the model.
  • Use procedures to inform of potentially criminal behavior.
  • Adopt disciplinary actions if there are breaches of the elements of the management system.
  • Supervise the system by the criminal compliance body.
  • Create a culture that integrates the policy and compliance management system.

This Standard has been prepared within the Technical Subcommittee on Standardization of UNE, CTN 307 / SC1 Compliance Management Systems and Anti-Corruption Management Systems, which has involved 36 members, experts representing the different stakeholders in the field of criminal compliance; Among these are the main Associations for the compliance function ASCOM and CUMPLEN, companies, AA.PP., consultants and law firms, universities, NGOs Transparency International and the Spanish Network of the United Nations Global Compact, consumer associations or trade unions.

This group has been working since 2013 on international standardization projects such as ISO 37001 on anti-bribery management systems. Guidance requirements for its use were published in October 2016. This document has recently been incorporated into the Spanish catalogue of standards such as UNE-ISO 37001, after adopting the official translation into Spanish of the standard by ISO (International Organization for Standardization).

The system established by the UNE 19601 presents the so-called High Level structure, common to all international ISO standards of management systems, making it easy to integrate into other management systems; For example, those described in the UNE-ISO 19600 Compliance Management Systems. Guidelines or in UNE-ISO 37001.

The mere implementation of the UNE Standard 19601 will not entail the automatic exoneration or attenuation of the criminal responsibility of the legal person, but it can constitute a fundamental element to prove that it acted diligently before the crime was committed and that it used the best practice, according to standardized and consensual models to create a culture of prevention that significantly reduced the risk of these crimes being committed.

This standard shall be certifiable by an independent third party; a way to ensure it is applied effectively. Circular 1/2016 of the State Attorney General's Office on the reform of the Criminal Code considers that the certifications can be valued as an additional element of the effectiveness of the models in exempting criminal entities that have implemented models from criminal responsibility for crime prevention.

What value does a good compliance program bring to my organization?

A compliance program is an instrument that avoids transferring the criminal responsibility of the crimes committed by the administrator or by the employees. But it is much more than a firewall. It is an instrument that provides the following advantages:

  • The exemption or attenuation of criminal liability.
  • Internal economies. That is, to avoid fines and penalties for the company.
  • Crime prevention.
  • Crime detection.
  • Culture of legality to the organization.

What does the culture of compliance bring to my company?

A set of beliefs, values, norms and actions that demand a remarkable degree of harmony between respect for the law, moral convictions and cultural traditions.

What special knowledge does a compliance officer need?

The Compliance officer should be knowledgeable about the content and scope of their duties.  Failure to do so is to assume the risk of criminal liability for crimes committed within the company. The absence of this knowledge should be supplemented with the assistance and guidance of a compliance lawyer.

What crimes can be committed by the employees of a company whose criminal responsibility can be answered by the company itself and its administrator?

The catalog of criminal types that can be committed by the employees of a business organization is very broad. A good part of these crimes can be committed by an employee without having a true conscience of incurring in a criminal offense. More than 25 crimes. The most common, would be:

  • Crimes against privacy and computer raids. Art. 197.
  • Punishable insolvencies. Art. 261 bis.
  • Upgrades of goods. Art. 261 bis.
  • Own and improper scams. Art. 251 bis.
  • Computer damage. Art. 264
  • Discovery and disclosure of secrets. Art. 278 to 280.
  • Crimes against consumers. Art. 288.
  • Misleading advertising. Art. 282.
  • Fraudulent billing. Art. 283.
  • Insider trading. Art. 284.3 and 285.
  • Crimes against the Public Treasury. Art. 310. Bis
  • Crimes against Social Security. Art. 310 bis.
  • Crimes on land use. Art. 319.
  • Crimes against natural resources and the environment. Art. 327 and 328.
  • Crimes against health. Art. 361.

Can small companies justify themselves in the principle of proportionality so as not to dedicate resources to the implementation of their compliance program?

The principle of proportionality justifies having a model of compliance adapted to the internal and external circumstances of the company. But in no case justifies not applying the principles of effective compliance.

The principle of proportionality cannot support irresponsible management.

What are the advantages and disadvantages of an SME in relation to a large company in terms of compliance?

An SME enjoys a great advantage over the large company: its dimension allows its managing body a closer supervision of the operations carried out by the company. So it is that the Compliance Officer of the SME does not find it difficult to know what is happening within the company and can detect the irregularities and correct the risks quickly and effectively. The small company is more accessible to the awareness of the employees. The disadvantage of the SME is that the resources available to make them available to a compliance program are limited compared to those available to the large company

What can SMEs do to reduce levels of exposure to compliance risks?

The level of exposure to compliance risks is significantly reduced in the SME to the extent that compliance management is under the control and supervision of the property and it is in excellent conditions to influence the management of the company, providing the ethical and compliance culture to its employees.

In any case, in order to reduce the levels of exposure to criminal risks, there is no other way than to implement an effective compliance manual (never a standard booklet), designate a compliance officer, and maintain adequate controls for the monitoring and supervision of Risk behaviors.

What role does the external lawyer play in the SME when implementing compliance?

The external lawyer of an SME tends to focus on the corporate form and its corporate structure, being habitual that its intervention has a reactive and punctual character.

It is on the occasion of the reform of the Criminal Code in the matter of criminal liability of commercial companies that the role of the lawyer becomes proactive and takes on a corporate dimension of great relevance. It is the specialist lawyer that you must trust to perform an analysis of the functional areas of the company and its various business units. It will be from this analysis that can help you effectively develop a regulatory body of compliance, through appropriate interaction with employees of your company.

It will be the lawyer who will value that each area of ​​your company constitutes a small universe of legal responsibilities.



Is it advisable for employees to sign the Company Policies and the Code of Ethics?

The company must take care of disseminating the Company Policies contained in the Compliance and the Code of Conduct, so as to ensure that they are known by all its employees. A good practice is, in addition to making them known, to record in writing that they are known by their recipients, as well as being accepted by all by signing the document containing them.

The advantage of having the signature is twofold: a) no one can plead ignorance and b) the signed document will constitute evidence before a court.

Is it advisable for the supervision, monitoring and control reports to be in writing?

The written report facilitates the proof that the supervisory function has been carried out, if necessary. In addition, the written report made according to a predetermined protocol contributes greatly to the execution of the action plans in the face of irregularities or incidents observed.

How often should the Compliance review be carried out?

There is nothing established as standard. However, 3 key moments of Compliance review can be established:

  • A minimum periodic biannual or annual review.
  • When changes occur in the company or in the environment.
  • Where there has been a breach of regulations.
Gerente de Derecho Corporativo
Gerente de Derecho Corporativo

Our process is designed to gather a full comprehensive understanding of the business and the litigation or procedure, in order to design a plan for your review and approval and keep you informed of the improvements and success of the process.

Gerente de Derecho Corporativo at Henry Towers