
Criminal Lawyers in Criminal Compliance for SMEs
Criminal compliance is no longer just for large corporations. Programs tailored to the reality of Spanish SMEs to prevent criminal liability for the company and its directors
Last updated:
Criminal Compliance for SMEs: Concept, Modalities, Benefits and Defense (Art. 31 bis CP)
Criminal compliance for SMEs is the adaptation of crime prevention models from Art. 31 bis CP to the dimensions, resources and specific risks of small and medium-sized enterprises. Since the introduction of corporate criminal liability by Organic Law 5/2010, reformed by Organic Law 1/2015 and expanded by Organic Law 14/2022, SMEs are fully exposed to fines, closure, contracting prohibition and even dissolution for crimes committed within them. Supreme Court doctrine has consolidated the principle that a real, effective and living compliance model exonerates the legal entity from criminal liability, even if the crime was committed. The UNE 19601 standard establishes technical standards and ISO 37301 offers the international framework.
Adapted Modalities for SMEs
The compliance modalities adapted to SMEs contemplate simplified but effective structures. Art. 31 bis 3 CP expressly allows that, in small-sized companies (those that may present an abbreviated profit and loss account under Art. 258 of the Consolidated Text of the Corporate Enterprises Act), the supervisory body functions be assumed by the governing body itself. Adapted modalities include: sectoral risk map focused on typical crimes of the SME sector (construction: labor/environmental/urban planning; hospitality: labor/cash money laundering; technological: cybercrime/intellectual property; industry: environmental/labor safety); simplified decision-making protocols; internal whistleblowing channel (mandatory for companies with more than 50 workers under Act 2/2023); code of ethics and anti-corruption, anti-money laundering and data protection policies; periodic training of employees and managers.
Benefits for the SME
The technical benefits for the SME are significant and quantifiable. First, exoneration or attenuation of criminal liability: a compliance program meeting the six requirements of Art. 31 bis 5 CP can completely eliminate the SME's criminal liability. Second, director protection: compliance documents the due diligence of the governing body, serving as exculpatory evidence in individual investigations for unfair administration, tax fraud or labor crimes. Third, access to public contracting: Public Sector Contracts Act 9/2017 prohibits contracting with convicted companies; without compliance, a conviction destroys the business. Fourth, contractual requirements: banks, large clients, insurers and digital platforms already require compliance programs via contractual clauses. Fifth, compliance with GDPR, LOPDGDD and Act 2/2023 on whistleblower protection, unavoidable for companies with more than 50 employees.
Defence Strategy
The technical defense in criminal investigations of SMEs rests on four consolidated axes. First, proof of ex ante effectiveness of compliance: documentation of program adoption prior to the criminal act (governing body minutes, allocated budget, training delivered, active whistleblowing channel). Second, fraudulent circumvention of the model: case-law admits exoneration when the individual perpetrator fraudulently circumvented the model's controls. Third, autonomy and sufficiency of the supervisory body: even in SMEs where the director assumes these functions, it must be proven they acted with criteria of functional independence and diligence. Fourth, external certification under UNE 19601 and ISO 37301: although it does not exonerate per se, it significantly reinforces the presumption of effectiveness at trial.
Current Forensic Practice
In current forensic practice, SMEs are increasingly the target of criminal investigations by the AEAT, the Labor Inspectorate, the SEPRONA, the UDEF and the Anti-Corruption Prosecutor's Office. Act 2/2023 on Whistleblower Protection, Organic Law 14/2022 reforming embezzlement, Organic Law 1/2025 on Justice Service Efficiency, the EU Regulations DSA, MiCA, AI Act and NIS2 and consolidated Supreme Court case-law on cosmetic compliance configure a demanding regulatory framework. The cost of implementing a compliance program in an SME ranges between €3,000 and €30,000 depending on size, against criminal fines that can reach five times the benefit obtained or several hundred thousand euros. At Alonso Sala, with more than 15 years of experience in economic criminal law, we design compliance programs adapted to SMEs from a forensic perspective: we know how they are attacked at trial and configure them to withstand the most demanding judicial scrutiny. We accompany the SME in risk audit, implementation, training, periodic monitoring and, when necessary, defense in criminal investigations.
Most Common Criminal Risks in SMEs by Sector
| Sector | Main Criminal Risks |
|---|---|
| Construction | Labor, environmental, urban planning crimes, tax fraud |
| Hospitality / Catering | Labor exploitation, cash fraud, money laundering |
| International Trade | Money laundering, bribery of officials, customs evasion |
| Technology / Software | Cybercrime, intellectual property, data misuse |
| Manufacturing | Environmental and labor crimes, damages |
| Financial Sector | Money laundering, tax crimes, fraud, insider trading |
Our SME Compliance Program
Risk Audit
Identification of the specific criminal risks of your company according to sector, size, and activity.
Program Drafting
Drafting of the Organization and Management Model (MOG) and prevention policies tailored to your company.
Training
Specific training for directors and employees on crime prevention and the internal reporting channel.
Supervision
Designation of the compliance body and periodic monitoring of the program to maintain its effectiveness.
Economic Criminal Law in Spain: Tax Fraud, Money Laundering and Corporate Crimes
Economic criminal law encompasses the most severe financial penalties in the Spanish Criminal Code. Tax fraud over €120,000 (Art. 305 CP), money laundering (Art. 301 CP), and corporate crimes (Art. 290-297 CP) are complex offenses where defense requires a combination of criminal law expertise and deep accounting/financial knowledge.
Penalty Comparison: Economic Offenses
| Offense | Threshold | Penalty |
|---|---|---|
| Tax Fraud (Art. 305) | >€120,000 | 1 – 5 years + fine x6 |
| Aggravated Tax Fraud | >€600,000 | 2 – 6 years |
| Money Laundering (Art. 301) | Any amount | 6 months – 6 years |
| Aggravated Laundering | Organized/financial system | Up to 9 years |
| Corporate Crime (Art. 290) | Balance sheet falsification | 1 – 3 years |
| Punishable Insolvency (Art. 259) | Fraudulent bankruptcy | 1 – 4 years |
Key Defense Strategies
Tax Regularization Defense (Art. 305.4 CP)
Pay the full tax debt before charges are formally filed and the crime is extinguished. This is the most powerful complete defense in tax fraud cases.
Challenge the €120K Threshold
The tax authority's calculation method is often contestable. Independent forensic accounting can challenge the assessed figure below the criminal threshold.
Money Laundering 'Self-laundering' Issues
Spanish courts have debated whether the primary offender can also be convicted of laundering their own proceeds. Challenge the double jeopardy implications.
Corporate Crime: Harm to Company vs. Shareholders
Art. 295 corporate crimes require actual financial harm to the company or its members. Demonstrate that any loss was speculative or absent.
FAQs on SME Criminal Compliance
Are SMEs required to have a criminal compliance program? expand_more
What happens if my company is criminally convicted? expand_more
Does criminal compliance also protect the director? expand_more
What crimes are most common in SMEs? expand_more
How can I prepare for a tax inspection that could become criminal? expand_more
Do SMEs need criminal compliance? expand_more
Is an SME's compliance different from a large company's? expand_more
Can the sole director be the compliance officer? expand_more
Is a whistleblowing channel mandatory for SMEs? expand_more
What criminal risks does an SME face? expand_more
Does compliance protect against the manager's personal liability? expand_more
Do subcontractors need compliance? expand_more
Is the risk map mandatory? expand_more
Do I need criminal law advice to implement compliance? expand_more
Advanced Criminal Defense
Our firm approaches each procedure with rigorous evidentiary analysis and proactive defense strategy.
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.