Cristina Prados: "Companies with poor compliance advice can suffer reputational damage"

Cristina Prados, CEO of the company CP Compliance and Legal Privacy, is dedicated to an essential subject for the business world, Regulatory Compliance, known as Compliance. The current global context favors a series of contexts that can trigger legal actions against companies, affecting their reputation and ethics. To face these new challenges, Compliance appears, which Cristina will tell us about.

In a simple way, what is Compliance?

“Compliance” or regulatory compliance is the set of measures, processes and internal regulations that serve to detect and prevent risks in the business activity itself, that is, they are processes adaptable to the type of legal entity. We can talk about Prevention of Money Laundering and financing of terrorism, but also about equality plans and harassment protocols, for example.

Why would a company implement a regulatory compliance program?

The benefits of having Compliance for the company are multiple. Firstly, it detects possible risks and avoids internal incidents that could lead to sanctions for the company providing greater security in all processes. On the other hand, it improves the internal management of the company and detects errors early. A very important point and even more so in today's society, where business competition is so great, is the improvement in reputation and trust for the company that has a regulatory compliance system. This is because in the eyes of society, having ethical behavior favors the perception of the company and at the same time favors relationships with its own clients, suppliers, other companies... Finally, in the event of a possible criminal breach that may be carried out by any asset of the entity, at a legal level, having a Compliance system and that, even so, they have transgressed it, can favor the result of criminal liability.

What are the main risks in companies today?

Companies find themselves in a context in which the risks to be assumed have to be minimal because if they materialize, they can entail serious sanctions and penalties and a great loss in the company's reputation. The risks vary depending on the business activity, but in general terms, they can range from economic practices, such as money laundering and financing of terrorism, bribery, fraud, corruption, embezzlement, to issues of a environmental, such as pollution, the use of harmful chemicals... Failure to comply with national standards, agreements and regulations, quality standards or information security. Violations of personal data protection also represent significant risks. As well as other aspects of health and safety at work, sexual harassment, gender equality.

Where are the regulations in Andorra?

Andorra does not have regulatory compliance regulated in the Penal Code as such, but we find it in different specific regulations. Law 37/2021 of December 16, modifying Law 14/2017, of June 22, on the Prevention and Fight against Money Laundering and the Financing of Terrorism, first of all, Law 29/2021 of 28 October Qualified Data Protection. On the other hand, Law 6/2022 for the effective application of the right to equal treatment and opportunities and non-discrimination between women and men and European standards in different matters.

How do you work from your company in the face of a company that wants to adapt its procedures to Regulatory Compliance?

Adaptation to regulations is one of the services we offer to CP Compliance and Legal Privacy, in which we initially evaluate the company's risks, the probability that these will materialize and an action plan is put in place. Next, we create the procedures, here we find the transversal and specific policies for each company that will be applied to its operation. Finally, monitoring is carried out, staff training…

Do you also offer the Compliance Officer service? What exactly?

The Compliance Officer is an advisor on the subject, he is the person who works to identify the obligations to which the company must respond, coordinate internal processes and procedures, will respond to their workers, implement the measures and controls for compliance. monitoring of risks and incidents, will carry out complaint systems, reports, controls...

You have mentioned that you train your staff. Is it important for them to know internal regulatory compliance?

Without a doubt, it is of no use to apply compliance processes and regulations if the people who have to carry them out do not have knowledge. Regulatory compliance is directly aimed at the control and proper functioning of the activities of all the company's assets. To see an example, we apply a KYC protocol, which means “Know Your Customer”, which is a questionnaire that will allow us to get to know the client and detect risks in reference to their activity, whether due to money laundering, or other possible illicit activities. . If the person who checks in the client does not know the importance of this document or how to fill it out, we will lose this first layer of protection for the company.

What sanctions would we be talking about?

The resulting penalties may vary depending on the law violated. Serious infractions in legal entities in relation to the Prevention and fight against money laundering and financing of terrorism are fines from 600 to 15,000 euros for minor infractions, from 15,001 euros to 90,000 euros for serious ones, and from €90,001 to 1,000. 000 euros for very serious sanctions. Without prejudice to the fact that written warnings, temporary restrictions on certain types of operations and/or the revocation or modification of the authorization for the corresponding activity may also be applicable. Furthermore, if a senior official can be accused of committing the crime, whether intentionally or negligently, fines of 300 to 300,000 euros may also be imposed depending on the severity of the crime.

Regarding the Law on the effective application of the right to equal treatment and opportunities and non-discrimination between women and men, we would speak of sanctions of 100 to 24,000 euros for non-compliance with the mandatory measures.

Regarding data protection, we can talk in more detail in another interview, but they can range from 500 to 100,000 euros.

 

Do you want to be up to date with corporate news?
Join our monthly newsletter and find out all the news about the firm
Continue reading...