Spanish legal system, like that of neighboring countries, has been raising the standards of legal compliance of companies and organizations (very clearly with the 2015 reform of our Criminal Code introducing the new art. 31 bis) with greater requirements for the prevention of law non-compliance -not only to avoid criminal punishment- and reinforced sanction mechanisms-, in order to reduce the risks derived from non-compliance, although these new requirements are being adopted unevenly and the COVID-19 outbreak burst into this context.
These difficult days of sharp crisis derived from the governmental measures adopted following the state of emergency decreed on March 14, 2020, are a test on the strength of administrative and management structure of companies and organizations.
These are moments of urgent and difficult decisions that expose managers to increased risk in many aspects, also the risk of regulatory breach by making decisions or acting in violation of laws in different areas, including particularly, unduly applying rules or legal benefits in the exceptional situation.
Many allege this extraordinary situation as justification or exemption … to act ignoring the rules,, procedures, etc. sheltering in the practical impossibility to follow what many times we hear describe as “tedious, redundant or” useless “procedures that are only burdens or delays for the business dynamics, or legal documents, files of hundreds of pages that only quote laws and regulations without specific solutions or add any value… ”
However, this attitude is only understood when the management of a company has not internalized the need to ensure regulatory compliance as a value and / or has not received good advice in the design and implementation of a compliance program suitable for the company.
A good compliance program must be functional, proportionate, manageable, especially in these moments and adapt to the situation of each company or organization, not to become unfit for use and leaving the company out of controls. It is “the acid test”. If in these circumstances managers choose to throw the program in the trash and jump into action, it is because the program is simply not suitable for that organization or, what is worse, management does not consider regulatory compliance as a value in its organization and here advice, management training and awareness has failed.
Making innovative decisions, in a short time, or under difficult conditions also requires taking into account and managing the existence of the regulatory framework and its dynamics.
Thus, for example, the need to resume a productive activity without having clear protocols or equipment to protect health and occupational risks, new forms of non-contact work and respect for working hours, conciliation, privacy, etc. in contractual relationships with clients, suppliers, consumers, etc. in contracts with governmental agencies; in corporate governance and transparency in accounting and financial and non-financial information to be provided to auditors and stakeholders, and a long etcetera, which can lead to incurring in more serious law breaches and consequences translated into claims and demands and render the Company liable.
Likewise, it is evident that the compliance program must be adaptable to the new forms of work, distribution of goods or provision of services as are adopted, adjusting IT and communication tools and security protocols to the new processes adopted.
The person responsible for compliance, together with Director and management team, must act more coordinated than ever, and with the due diligence, especially at critical moments, being essential to record and trace the decision-making processes even those urgent, and the diligence applied in this, so as not to to expose the company or organization to serious consequences, even criminal, that will likely will be claimed by authorities and stakeholders – including shareholders at courts,- as return to (new) normal arrives for us all.