Compliance refers to the set of processes, policies, and controls that companies implement to ensure they operate in accordance with applicable laws, regulations, and ethical standards.
In Spain, its importance increased significantly after the reform of the Criminal Code (Article 31 bis), which introduced corporate criminal liability. Since then, having an effective compliance system can mean the difference between facing penalties or avoiding legal responsibility.
Is compliance mandatory?
There is no universal law requiring every company to have a formal “compliance department.” However, companies are required to:
- Prevent legal and criminal risks
- Comply with sector-specific regulations
- Implement internal whistleblowing channels (mandatory for companies with more than 50 employees under Law 2/2023)
In highly regulated sectors such as finance, insurance, and public companies, compliance is effectively mandatory.
Key functions of compliance
A robust compliance system includes:
- Risk identification and assessment
- Internal policy development (code of conduct, anti-corruption, conflicts of interest)
- Employee training
- Monitoring and internal audits
- Whistleblowing channel management
- Investigation of incidents
- Implementation of corrective actions
The objective is clear: anticipate and prevent risks before they materialize.
Who manages compliance?
Depending on company size:
Large companies:
- Compliance Officer
- Legal department
- Internal audit
SMEs:
- Management team
- External advisors
The ideal profile combines legal expertise, risk management, and business understanding.
Real cases in Spain and Europe
Volkswagen (Germany – Dieselgate)
Emissions manipulation led to multi-billion-euro fines, highlighting failures in internal controls.
Siemens (Europe)
Following a major corruption scandal, the company implemented one of the most advanced compliance systems globally.
Public procurement in Spain
Public entities (such as regional governments) must operate through tender processes, ensuring transparency, competition, and compliance.
Technology and compliance: a necessary evolution
Manual compliance management is no longer viable at scale. GRC (Governance, Risk & Compliance) platforms provide:
- Centralized data management
- Automated risk assessments
- Full traceability
- Reduced human error
- Scalability without increasing operational costs
Practical example
A company working with public tenders:
Without digital tools:
- Manual processes
- Higher risk of errors
- Limited control
With a specialized platform:
- Centralized control
- Continuous auditing
- Documented evidence
Result:
greater legal security and reduced operational burden
Conclusion
Compliance is no longer just a legal requirement—it is a strategic asset.
Companies that implement it effectively:
- Reduce financial and criminal risks
- Improve operational efficiency
- Strengthen their market positioning
The key lies in combining processes, organizational culture, and technology.