Risk map
Criminal risks specific to your sector. Not the ones from the manual.
Criminal risk map, code of ethics, whistleblowing channel compliant with Law 2/2023 and an operational compliance committee.
Since the 2015 Criminal Code reform, legal entities may face criminal liability for offences committed within them. A serious compliance programme — adopted, implemented and maintained — is the only real defence.
We work according to UNE 19601: identification and assessment of criminal risks relevant to your sector, code of ethics, whistleblowing channel compliant with Law 2/2023 (Whistleblowing Directive), compliance committee with real authority, training for managers and internal investigation procedures.
This is not a project that ends with a report: the programme is only valid if it is kept alive. That is why we offer monthly maintenance with periodic risk reviews, recurring training and drills.
By sector, with probability and impact.
Signed by management, communicated to staff.
Compliant with Law 2/2023, with confidentiality guarantees.
With real authority, calendar, and minutes.
Criminal risks specific to your sector. Not the ones from the manual.
Values and expected behaviour document, signed by management.
Compliant with Law 2/2023, with confidentiality guarantees.
Compliance committee with real authority. Recurring training for executives.
The operational detail: what we deliver as part of the engagement and what we keep active afterwards.
Criminal risk map
By sector, probability and impact, assignment to processes.
Code of ethics and procedures
Main document and derivatives (conflicts, gifts, procurement).
Active whistleblowing channel
Platform compliant with Law 2/2023.
Annual training plan
Mandatory for executives and employees in areas with criminal risk.
Active compliance committee
Real authority, resources, calendar, and minutes.
Internal investigation
Procedure with confidentiality and defence guarantees.
Since the 2015 reform, legal entities are liable. A robust programme is the only defence.
Intersects with GDPR (whistleblowing channel) and highly regulated sectors.
Yes. It is a certifiable Spanish standard. AENOR and others issue certification.
International equivalent, broader in scope. UNE 19601 + ISO 37301 when operating outside Spain.
Implementation is not mandatory, but a robust programme is the only way to exclude criminal liability.