The criminal liability of a body corporate was recently incorporated into Spanish law, in Act 5 of 22 June 2010, which amended Spanish Criminal Code Act 10 of 23 November 1995.
These reforms led to the inclusion of Article 31 bis of the Spanish Criminal Code, which established the possibility of applying, as an extenuating circumstance against the criminal liability of a body corporate, the introduction of effective measures for the prevention and detection of offences that could be committed under the cover of a body corporate, measures that have materialised as what are generally known as crime prevention models.
Spanish Act 1 of 30 March 2015 amended the aforementioned Article 31 bis of the Spanish Criminal Code with the aim of introducing a technical improvement in the regulation of the criminal liability of bodies corporate, properly defining the concept of proper control and establishing that crime prevention models could be not only an extenuating factor but could also exempt bodies corporate in the case of offences committed by their legal representatives, or by persons authorised to take decisions in the body corporate’s name, or by persons who hold powers of organisation and control.
This issue has subsequently been subject to interpretation and application in line with the doctrine of the Attorney General and Spanish case law. Thus, in a number of circulars, the State Attorney General has defined certain basic concepts, such as the need to establish clearly who is responsible for the various duties and tasks associated with criminal prevention and the advisability of providing reporting channels that ensure independence and confidentiality.
In recent years, many companies and organisations have engaged in a process to review and update their monitoring systems in order to ensure that they comply with these new legal requirements, particularly as regards the contents of the Spanish Criminal Code, placing emphasis on the prevention and monitoring measures employed to prevent the potential commission of criminal acts within their organisation.
Against this background, this corporate policy for the prevention of criminal risk (“Corporate Crime Prevention Policy”) reflects the desire of the Board of Directors and Senior Management of Ibexia Cox Energy Development, S.L. (“Ibox Energy”) to develop its own system for compliance in respect of criminal matters, with the aim of monitoring and preventing criminal offences while at the same time taking account of the criteria established by prosecutors and the courts and improved corporate practices in relation to the criminal liability of bodies corporate.
This Corporate Crime Prevention Policy is aligned with Ibox Energy’s ethical culture model, the main core of which is the company’s Corporate Code of Ethics. The aims of this Code include establishing the principles and standards associated with ethical and responsible behaviour by Ibox Energy and the people belonging to the organisation, pursuant to the legislation in force and international standards and recommendations, as well as establishing a standard of due care with regard to ethical and responsible corporate conduct.
The Corporate Crime Prevention Policy makes it clear to all of Ibox Energy’s employees, associates, managers and directors, and to third parties, that Ibox Energy’s ethical corporate culture model takes a zero tolerance approach to the commission of criminal offences, with a firm commitment to monitor, prevent and combat such offences.
In line with the foregoing, the ethical model and the criminal risk management system represent a guarantee to the organisation itself, the markets and the public authorities that the duties of oversight, care and monitoring of the company’s employees, associates, managers and directors will be effectively performed by means of the establishment of suitable measures to prevent criminal offences or significantly reduce the risk that they may be committed.
An integrated system has been established for the monitoring, prevention, oversight and control of :
Any criminal offences that may be committed in the name or on behalf of Ibox Energy and to its direct or indirect benefit, either by its legal representatives or by persons who, acting individually or as members of one of Ibox Energy’s bodies, are authorised to take decisions in the company’s name or have powers of organisation or control within the company.
Any criminal offences that may be committed during the performance of Ibox Energy’s business activities, as part of and to the direct or indirect benefit of those activities, by persons who are subject to the authority of the natural persons mentioned in the preceding paragraph.
To comply with the legislation currently in force and with the company’s internal regulations.
To strengthen the implementation of an ethical culture at Ibox Energy and a commitment to the principles set out in its Corporate Code of Ethics.
To reject any behaviour that involves an unlawful act or contravenes the legislation in force.
To establish the oversight and monitoring mechanisms that are deemed most suitable, taking account of Ibox Energy’s characteristics and circumstances, to prevent offences of this nature or significantly reduce the risk that they maybe committed.
To entrust the initiative and competence to establish these oversight and monitoring mechanisms to Ibox Energy’s senior bodies, specifically its Board of Directorsand Senior Management.
To entrust the duties of overseeing the operation of and compliance with the prevention model to the Chief Legal and Compliance Officer, granting him or her independent powers of initiative and control.
To establish the means required to identify offences that should have been prevented on the basis of the risk associated with the activities engaged in.
To ensure that the entire organisation has both the material and the human resources required to oversee the operation of and compliance with this Corporate Crime Prevention Policy in an effective and proactive way.
To train all of the members of the Ibox Energy organisation and make them aware of the criminal risk attached to the performance of their duties, as well as informing them of the initiatives and tools that Ibox Energy has introduced in order to manage criminal risk effectively and prevent its commission.
To establish that it is the duty of all the organisation’s members to report any potential risks or breaches to the internal bodies charged with overseeing the operation and observance of the prevention model.
To investigate any complaint about allegedly criminal offences or breaches, ensuring maximum confidentiality for the individuals involved, pursuant at all times to the provisions of the legislation in force.
To inform and work together with the authorities in relation to allegedly criminal acts, to cooperate with the authorities in investigating such acts and to provide evidence in order to clarify any criminal liability arising from such acts.
To adopt suitable measures to repair or reduce any damage caused by any criminal act.
To punish any person who has committed an offence or breached the internal regulations during the performance of his or her duties at Ibox Energy.
Regularly to review the model and make any appropriate changes that may be required in order to adapt it to any changes made to the legislation, the organisation or the business activities engaged in by Ibox Energy.
This Corporate Crime Prevention Policy applies to all the employees, associates, managers and directors of Ibox Energy and its dependent companies in Spain.
The Ibox Energy group companies that are domiciled outside Spain will prepare their own crime prevention policy, based on the legal requirements and best market practices that apply in the territories in which they operate.
Any Ibox Energy employees, associates, managers and directors who are bound by other sector-related, corporate or employment regulations or by rules originating from any other legal provision in Spain shall also comply with the provisions in question.
4.1. Board of Directors
Ibox Energy’s Board of Directors has made it a strategic priority to incorporate a set of demanding ethical standards as part of its Corporate Governance measures which go beyond mere compliance with the letter of its Code of Ethics. These experiences provide the basis for the decisions and activities of Ibox Energy’s employees, associates, managers and directors, with the aim of ensuring that the entire organisation maintains ethical standards of conduct in its business activities.
Ibox Energy’s Board of Directors regards the incorporation of this Corporate Crime Prevention Policy as part of its ethical model as an essential requirement, in order to identify and prevent any breach of the law.
Therefore, the Corporate Crime Prevention Policy is the result of the Ibox Energy Board of Directors’ firm commitment to promote, develop and implement a system that will ensure compliance with the applicable legislation, rules and regulations and, in particular, identify any criminal risk and prevent unlawful conduct.
For this reason, through its approval of this Corporate Crime Prevention Policy, the Board of Directors has prepared and implemented an organisational and management model that includes a range of oversight and monitoring measures that it deems suitable to prevent criminal offences or significantly reduce the risk that they may be committed, bearing in mind the individual characteristics and circumstances of Ibox Energy.
The Board of Directors assumes responsibility for the following duties with regard to the said model:
Overseeing compliance with the legislation, rules and regulations that apply to Ibox Energy’s business activities.
Adopting, developing, maintaining and continually improving the organisational and management model for the prevention of criminal offences at Ibox Energy.
Ensuring that the Corporate Crime Prevention Policy and the model that it implements is properly integrated into Ibox Energy’s corporate ethical culture model, of which it forms an essential part.
4.2. Senior management
Ibox Energy’s Senior Management endorses the undertaking made by the Board of Directors and assumes responsibility for leading the development, implementation and execution of this Corporate Crime Prevention Policy throughout the organisation.
Ibox Energy’s Senior Management will perform the following duties:
Ensuring that the requirements set out in the Policy are incorporated in all operational processes and procedures.
Offering appropriate and sufficient resources for the effective execution of this Corporate Crime Prevention Policy.
Guiding and assisting employees with the aim of ensuring effective observance and implementation of the model.
4.3. Legal and Compliance Department (ChiefLegal and Compliance Officer)
This is the division of Ibox Energy’s corporate Senior Management that is charged with generating and reinforcing a general culture of compliance with the regulations (both in terms of the law and the company’s own internal regulations) and, in particular, performing duties relating to the design, documentation, updating and monitoring of this Corporate Crime Prevention Policy.
Advising and providing specialist support to the Board of Directors, the Senior Management and the rest of the organisation with regard to compliance with the legislation in force, the company’s own internal regulations and the Code of Ethics.
Overseeing the operation, implementation, development and communication of the Corporate Crime Prevention Policy and monitoring compliance.
Proposing any necessary changes or updates to the Crime Prevention Programme and, in particular, any improvements that should be undertaken.
Promoting and coordinating reviews and updates of the Corporate Crime Prevention Policy.
Defining the aims, scope and priorities of the model used to evaluate the Corporate Crime Prevention Policy.
Receiving any suggestions made in relation to the Corporate Crime Prevention Policy and giving these suggestions the appropriate consideration.
Directing and following up internal investigations into actions, situations or events that are suspicious, irregular or allegedly criminal.
Examining and following up cases in which the authorities have initiated court proceedings that may affect Ibox Energy or any members of its organisation.
Promoting and overseeing the resolution of incidents and implementing and following up any recommendations that may have been submitted for the improvement of the Corporate Crime Prevention Policy.
Regularly informing the Board of Directors and the Senior Management about the operation of the Corporate Crime Prevention Policy.
5.1. Specific duties (employees, managers, directors and associates)
To inform your immediate superior or the Chief Legal and Compliance Officer of any risk or allegedly criminal behaviour by any member of the organisation during their internal activities or relations with third parties.
Not to prevent or hinder the disclosure or investigation of allegedly criminal activities.
5.2. Preventative measures
These measures are as follows:
5.2.1. Identification of criminal risk associated with financial activities.
5.2.2. Communications with and training of personnel.
5.3. Measures for detection
All employees, associates, managers or directors of Ibox Energy who become aware of any violation of the undertakings made in Ibox Energy’s Corporate Code of Ethics Code, or of any of Ibox Energy’s internal standards, policies or procedures, or of the legislation in force, including violations that might allegedly be deemed criminal, are obliged to report the behaviour in question to the company in the proper manner using the Whistleblowing Hotline.
The Whistleblowing Hotline may also be used by third parties that interact with Ibox Energy and/or any private individual who becomes aware of any violation of the kind described in the preceding paragraph. Such third parties have the option of using the Hotline to report the circumstances in question.
Communications via the Whistleblowing Hotline will be made using the email address made available for this purpose by Ibox Energy, as shown on the company’s website, and they must at least contain the following information:l
Full name and a way in which the person using the Hotline can be contacted, either via email or by telephone.
The way in which the person using the Hotline is connected with Ibox Energy.
The reason for making the report.
Proof or evidence of the facts or circumstances reported, including any documentary evidence.
Making a report via the Whistleblowing Hotline will ensure that the identity of the person making the report remains confidential and that they will not suffer any penalties or reprisals, provided that they do not act maliciously or fraudulently or with the aim of spreading information that is false or that may cause harm to the image, honour or good name of any other person.
5.4. Forms of response
These are as follows:
An internal investigation is carried out, in the event that potentially criminal acts, internal fraud or other irregularities are detected.
The results of the investigation are reported to the Board of Directors.
Where appropriate, a proposal is made for the filing of legal proceedings.
Where appropriate, the results of the internal investigation are reported to the competent authorities.
The controls and processes are improved, new controls are implemented and existing policies and procedures are updated.
The application of a disciplinary regime is proposed.
Once a report has been made via the Whistleblowing Hotline, the Chief Legal and Compliance Officer will be notified and register the report. He/she will then inform members of Senior Management or the Board of Directors as deemed appropriate, bearing in mind the seriousness of the substance of the report and the specific people, divisions or activities affected, and he/she will direct the internal investigation, proposing the most suitable response depending on the results of that investigation.
5.4.2. Disciplinary system
Ibox Energy may adopt the disciplinary measures that apply, pursuant to the penalty rules set out in the relevant collective bargaining agreements and the provisions of employment law, to any behaviour, events or situations that involve a criminal offence or a breach of the specific duty to inform the monitoring bodies of any offence that may have been detected, or the duty not to prevent or hinder the disclosure of offences, notwithstanding any other civil or criminal liability that may arise from the behaviour, events or situations in question.