Start of main content

Labour compliance: The importance of corporate risk identification, analysis and management procedures

| Publications | Employment Law and Social Security

The importance of Procedures for the identification, analysis and Management of Corporate Risks

Our criminal justice system has been amended on two occasions: the first was in 2010, while the second was in 2015 (OL 2/2015). These reforms included the introduction of criminal responsibility for legal entities. With this important introduction, commercial companies took their first steps to adopting measures that could provide information on regulatory compliance in their day-to-day operations and internal organisation, in order to quantify and demarcate criminal responsibility in the event of regulatory non-compliance.

A number of behaviours are penalised in the Penal Code (more than 20 carry corporate criminal liability). Acts or omissions that are in contravention of the Law shall entail different responsibilities, which will first be refined in the presence of managers and directors.

In labour compliance, the aim is to prevent and manage risks in companies that result from breaches of regulations in each of their day-to-day operations.

We highlight labour compliance from two different perspectives: (i) one relating to what companies should do to ensure that they meet their substantive obligations, all relating to human resources management and its relevant policies in this area, and (ii) from the point of view of management personnel and employees, set out clear obligations in terms of compliance in-house in the organisation of the business.

In labour compliance, we must highlight different functions: (i) the compliance function, which determines the degree of compliance with each labour regulation applicable under the law; (ii) the prevention function, which is aimed at prevention to minimise risk; and the third function, (iii) the compliance function. The aim of this function is to demarcate different labour practices designed to ensure appropriate compliance with regulations, with a special emphasis on improving the working environment and relations in the workplace.

Labour compliance management systems

First, we must be familiar with the actual situation in the workplace. The best way to access real information (and, therefore, to develop the management system we require) is through labour due diligence (a labour audit).

With the picture of the situation we are to provide, we will design the labour management system. As a starting point, we can use the requirements for the implementation of a system for the management of international labour compliance standards in place for the management of general regulatory compliance and for managing compliance with labour regulations, including International Labour Organization (ILO) agreements. We must also highlight regulations that are certifiable by a recommended external entity (including ISO31000). These are advisable for organisations with an intensive regulatory framework in which non-compliance with obligations can jeopardise the reputation and survival of the organisation.

We must structure them into procedures that guarantee that entities have a suitable organisational structure, identify the responsibilities of the administrative body and ensure that employees have the level of professional training required for their respective positions.

Within a business it is not unusual to find different internal procedures, management tools, protocols for action, corporate responsibility manuals, codes of conduct and, in short, tools that have been created with no sense of order or collaboration between them, with no general focus and with no cohesion between them to ensure ordered compliance and parties responsible.

To develop labour compliance management systems, we must take into account the compendium of domestic and international regulations, highlighting integration into a single code of conduct or code of ethics. In it, we will assess various situations relating to labour relations, company personnel and regulations applicable.

We can differentiate the structure of labour compliance in several steps which should be considered complementary and related to each other as the various components of a single process. These are general steps unique to the implementation of protocols for action. As a result, the following steps will be proposed in this area:

a) Identification and analysis of regulatory risks, combined at all times with procedures that regulate the conduct of members of its board of directors, employees, agents and proxies and which identify lines of responsibility, which must be transparent and coherent:

It is a regulatory analysis phase in which we must demarcate labour regulations to be adhered to, demarcating the various areas of compliance with the content and classification required by law. We analyse potential breaches of regulations and risks, and demarcate responsibilities in each of the identified areas of regulation.

b)   Risk map and internal procedures:

We shall assess risks, classifying each of them and quantifying their contingency. It is basic to complete the first step to which we refer, providing a detailed description of mandatory regulations, based at all times on an individualised case for each company, since each company must be assessed individually.

Being familiar with the particular situation to be analysed, we identify the mandatory regulations and prepare a risk map. This map will include classification and the appropriate resources to combat these risks.

We must use a global organisation and develop a single risk map for reach organisation.

We refer to the phase for the development of internal procedures to address conflicts of interest in situations where circumstances can (or do) give rise to such conflicts, and procedures to manage them. We will prepare a basic labour compliance manual, in order to eliminate or minimise risk.

When the entity is part of a group, said policies and procedures must take into account any circumstance that, due to the structure and activities of other entities in the group, could give the impression of a conflict of interest.

c) Training and follow-up:

This section refers to ongoing personnel training and evaluation procedures designed to ensure efficient management and compliance with labour regulations.

In this respect, these procedures must contain periodical evaluations of employees subject to compliance with regulations in place, so that the appropriate training and experience required of personnel are assessed on a periodical basis.

In this regard, the same procedures, the regulations that result from these procedures and the planning of appropriate training must contain the list of personnel subject to each procedure with the relevant training, assessing the level of success at all times.  It is vital to put in place internal control measures that allow us to confirm up-to-date information on the knowledge of our employees in internal controls and instructions.

Procedures must be put in place to reduce the risks resulting from sudden and/or fortuitous organisational changes, and thus to guarantee the continuity and regularity of activities and compliance.

Of particular note is the oft-cited Judgement of the High Court of the Basque Country of 12 April 2016, Rec. 512/2016, which classifies the dismissal of an employee as permissible or not permissible. The conduct of the employee refers to ongoing episodes of sexual discrimination and chauvinist and xenophobic comments, which constitutes workplace harassment.

As a consequence of the conduct described above, the company dismisses the employee due to disciplinary reasons under the provisions of the applicable collective agreements, the Workers’ Statute and the company Code of Ethics. The Labour Court of San Sebastián has dismissed the wrongful termination lawsuit filed by the employee and declared the disciplinary dismissal within the law.

The judgement has not been ratified by the SCJ, which considers the appeal for reversal filed by the employee and declares the dismissal wrongful, given that the company circumvented its own internal procedure in place for claims of, and investigations into, violations of the code of ethics. In this respect, the employee (i) did not receive advance notice or (ii) have the opportunity to put their case.

Said decision declares the dismissal to be inadmissible due to the confirmed failure of the company to comply with formal procedures that were regulated internally, and which must be adhered to at all times. According to judicial doctrine, compliance with the internal procedure put in place by the company in situations that result in the imposition of sanctions, and where said non-compliance results in the dismissal as being considered wrongful, is mandatory, even in light of the gravity of the facts mentioned.

Therefore, our conclusion is that under no circumstances will it be of use to put in place internal policies designed to ensure the necessary compliance with ethics within a company if it does not include a tool with which to guarantee effective compliance with these policies. While suitable protocols are essential, it is even more important to ensure compliance on each occasion that arises within a business organisation on a day-to-day basis.

With regards to the judgement referred to above, which has been echoed in various legal fora as a result of the conclusion that it provides us with and which has a direct effect on labour compliance, we raise various unknowns, such as the possible consequences of failures to comply with protocols and/or internal regulations, a possible situation that could see the declaration of the violation of a fundamental right. We must emphasise the recommendation to review each code and internal regulation, and to firmly guarantee compliance with the same.

Functions of the Compliance Officer in labour regulations

As we have said above, labour compliance refers to the prevention and management of risks associated with a breach of labour regulations within the business. The main areas of action are: ensuring that employment conditions within Spain and overseas are in accordance with the law and codes, the definition and oversight of standards in terms of gender equality and non-discrimination, personal data protection, the prevention of crime in the workplace, workplace risk prevention and health in the workplace.

The most recent penal regulation referred to above, which is a product of the reform of 2010 and the recent regulation of 2015, makes no specific provision for the role of a Compliance Officer. What must be pointed out is the creation of the duty of conduct and of care that could result in this position. It is the regulation itself which is an essential condition for applying the exemption of a company from criminal liability.

In this regard, we declare that our legal system contains no express reference to the role. On the other hand, the incumbent would exercise mandatory roles that constitute mandatory commitments for the business, and which are required to ensure that the business is exempt of criminal liability.

Companies must specify the role of the Compliance Officer, instituting its roles and responsibilities and, in any event, granting them sufficient powers to exercise the role entrusted to them (the supervision and monitoring of regulatory compliance by the business).

In the area of labour compliance, we point out what would be the main functions of the Compliance Officer: 

  • Analyse the regulations and collective agreements applicable to the company being audited, in order to verify the legal framework applicable in the company.

  • Compilation of the result of the labour audit on the actual legal-labour and social security situation of the audited company or group of companies. Observance of each corrective measure that could be applied to ensure that the company complies with regulations.

  • Establish each control system and mechanism, in order to avoid or minimise the risks derived from a failure to comply with regulations.

  • Confront the degree of compliance of the company with each area recognised and regulated that they must comply with in applicable legislation and collective agreements.

  • In terms of shift patterns, effective work, schedules and conditions of employment, they must confirm the degree of compliance of the business, at all times in compliance with applicable legislation and collective agreements.

  • Test the degree of compliance of the business in respect of the substantial modification of conditions of employment and the suspension of employment contracts. Determine whether or not these have been carried out in accordance with applicable legislation and collective agreements.

  • Test social security compliance as it relates to registration and the appropriateness of contributions made by the company to the social security system, at all times in accordance with strict regulations in place in the last four years since each evaluation.

  • In terms of labour risk prevention, one must verify the important adaptation of steps aimed at prevention (prevention plan, risk evaluation, prevention planning, work teams, employee training, emergency measures, information, consultation and the participation of employees and health protection) to current legislation in this area.

  • Confirm the existence of legal representation of employees and the existence of conflict in the business at the time of the audit.

In this regard, the importance of the Compliance Officer is clear: their presence is mandatory as an essential requisite in order to establish, formulate and implement the Regulatory Compliance Program.


A failure to comply with current labour legislation can result in the imposition of heavy legal sanctions, certain labour decisions being declared null or against the law, economic losses and a loss of reputation. In this regard, procedures must be set out that, as a minimum, ensure that labour obligations are being met, free of material errors.

The main objective of the person responsible of appointed as the Compliance Officer must be to put in place a process to measure compliance with labour regulations. This could be called a “Compliance Program” which is based on establishing protocols and procedures that certify the adequate design of activities intended, in this case, to ensure regulatory-labour compliance in the broadest sense.

We have a specific labour regulatory framework, notable for its wide variety of regulations and various regulations applicable in this area. This requires effective mechanisms for control that allow the company to ascertain the degree of compliance with each of its labour obligations.

A compliance management system must contain regulations ratified within the company and risk control methods. It must also include permanent, compulsory actions with a focus on specific compliance without exceptions.



For further information, please contact:

Alfredo Aspra

Soraya Muñoz

End of main content