The highly regulated environment in which today’s companies operate is characterised by a wide range of legal requirements, a certain judicial vagueness, and a lack of clear criteria regarding the criminal liability of legal entities. As a result, corporate legal departments and corporate compliance officers – the executives responsible for ensuring compliance with the law – are tasked with preventing, detecting and addressing infractions. A fundamental part of this role is to raise awareness and provide internal training on regulatory matters, in addition to continuously updating legal knowledge, monitoring and analysing regulatory environments and understanding the associated risks. These were just a few of the key points raised at “Challenges and Trends in Corporate Compliance: Main Practical Issues”, a panel discussion held on ESADE’s Madrid campus and organised in collaboration with the Wolters Kluwer Foundation. The panellists at this event were Elisabeth González, Director of Legal and Compliance at Morgan Stanley; Carlos Zabala, Counsel Litigation and Dispute Resolution at Clifford Chance; and Lidón Safont, Director of Compliance at Telefónica Spain.

Prevention, detection and correction measures

According to Elisabeth González, the greatest risk of regulatory noncompliance in organisations has to do with “the complex regulatory environment, which is characterised by various legal gaps and widespread uncertainty, as well as the coexistence of multiple jurisdictions in terms of application of regulations”. It is therefore necessary, she argued, “to undertake a daily analysis of the legal environment and its potential impacts”. Ms. González added, however, that “ignorance of the law is no excuse for noncompliance”. In her view, the role of the compliance officer is “to protect employees, the company and, by extension, society, by keeping us in the safe zone”. In order to perform this role effectively, Ms. González argued, the compliance officer must operate “independently of the business areas she supervises”, “have enough resources to contract audits and outsource” and, especially, “have the backing of the management team”.

As prevention measures, Lidón Safont highlighted “creating internal policies, keeping your finger on the pulse of current regulations, and performing consulting, training and internal communication work, as well as assessment, monitoring and risk analysis”. She also noted that “Telefónica was the first IBEX-35 company in Spain to obtain certification in criminal compliance”. According to Ms. Safont, the audits that take place during the certification procedure “have helped to simplify processes and make our work methods more robust”. She added: “In order to keep our certification, we must continue to identify opportunities for improvement and continuous learning.”

The panellists agreed that it is important for companies to make tools for reporting irregularities available to employees, as well as to the general public. On the topic of anonymous reporting – which is envisaged in the Organic Law on Data Protection that will come into force in May 2018 – Carlos Zabala warned: “We should not confuse the concepts of anonymous reporting and the protection of whistleblower anonymity.” In the compliance world, Mr. Zabala noted, “If we receive one or several anonymous complaints that could be traced back to the same cause, we can dismiss the anonymous report and initiate an investigation to rule out a possible breach of the law.” Ms. González observed, however, that “it makes no sense to promote the figure of the whistleblower if we do not establish guarantees and a protection system” because the failure to do so would be “inconsistent with the principle of transparency”. In response to regulatory violations by company employees, the role of the compliance officer is to “mitigate the possible consequences of noncompliance”, explained Ms. Safont.

The event also featured the participation of David Velázquez, Lecturer of Criminal Law and Director of the Master in Legal Practice at ESADE Law School, and Rosalinda Díaz, President of the Wolters Kluwer Foundation.