By: Lwy. Vinicio Moreno

Since August 2014, the application of criminal liability to the legal person has been developed in our country, typified by national criminal code, known as COIP, that stands for “Código Orgánico Integral Penal”.

We start from this milestone, almost a decade of development of casuistry in which the implications of imputation of criminal responsibility to the legal person in a range of condemnations not very numerous, however various, that courts have issued. Several of them have incorporated in-depth analysis of legal, doctrinal aspects, and comparative jurisprudential sources, since the criminal liability of legal persons in other latitudes has an older origin than in Ecuador’s legal system.

Criminal responsibility of the Legal Entity models

In Europe, certain continental countries and Great Britain, as well as the United States, adopted at the time the well-known “vicarious liability”; or “transfer” of liability of the legal entity. Specifically, Spain with the promulgation of Organic Law 5/2010, of June 22, 2010, establishes that legal persons will be criminally responsible for crimes committed in their name or on behalf of them, and for their benefit, by their representatives, and legal administrators. Under these assumptions, legal entity liability will be applicable to crimes committed in the exercise of social activities and on behalf of and for the benefit of the same, by those who, being subject to the authority of natural persons, have been able to carry out the acts due to lack of or improper control of their employees, applicable to each case. The penalties applicable in Spanish legislation contemplate, according to the seriousness of the conduct by action or omission, the following: fine by quotas or proportional; Dissolution of legal persons with loss of capacity to act in legal transactions; Suspension of activities for a period of up to five years; Closure of locations and establishments for a period of up to five years; Prohibition of carrying out activities in which a crime has been committed, favored or concealed; Disqualification to obtain subsidies and public aid and to contract with the central or local State; Judicial intervention to safeguard the rights of workers.

Several Spanish jurists consider the “vicarious liability”; or; “indirect responsibility” as a model that does not have a greater theoretical complexity, since it attributes criminal responsibility to legal persons with the verification that a crime has been committed by some member of the company or organization for the benefit or on behalf of it. That is to say, the criminal responsibility of the individual person is automatically transferred to the legal person, without requiring for this purpose that the guilt or conduct attributable to the legal person be determined. The crime committed by one of the directors or representatives of the organization is imputed without any other circumstance, to the legal person if it has acted in the business of the company or for its benefit. The guilt of the natural person is what makes the legal person guilty.

This vicarious liability model presented considerable weaknesses when defining the criminal liability of legal entities, since the courts considered that “there was guilt”; on the part of the 2 company, despite the fact that the criminal conduct of the active subject member of the organization had very little or not any relation with the activity of the company and on the other hand, the active subject that carried out the conduct did so, without observing the regulations or prevention policies applicable and developed by the company as preventive mechanisms.

From the latter, certain corrective criteria have emerged that allows a better assessment of the efforts made by the company to prevent criminal behaviors committed by its members, which generated the possibility to obtain through compliance programs, sufficient evidence of the appropriate behavior of the higher-ranking positions in the careful supervision and due care in prevention of criminal conduct. However, of which, a member of the company commits a crime even against its functions or duties.

As a result of this need to defend the company, we can speak of an evolution of the vicarious liability model, supported by the existence of a compliance program, that allows demonstrating the adoption of own risk management measures and procedures and that respond to the organizational design attached to the law. Separating the company from the illegal conduct in the context that the member acts within the framework of his powers or functions and at least partially for the benefit of the company, and ensuring that the conduct and intention of the active subject member of the organization are transferred to the company because this conduct is contrary to its internal policies and regulations, such as its Code of Ethics and internal regulations determined in its compliance program.

The most common crimes in which a legal person is declared responsible are: fraud, insolvency or fraudulent bankruptcy, damage crimes, crimes against intellectual and industrial property, crimes against competition and the market, tax crimes, crimes that affect rights of workers, nature and the environment, land use planning, falsification of certificates, bribery, influence peddling, etc. There is the emblematic case known as the State v. Christy Pontiac-GMC, Inc. where it was held that (…) “if the company must be criminally responsible, then it is clear that the crime cannot be a personal aberration of an employee acting on their behalf; criminal activity must, in some way, reflect corporate policy, in such way that it is fair to say that the activity in question was the activity of the company.”

In this evolutionary line, the first possibility arises to mitigate the actions and intentions of the member and the company and that generate certain exceptions in the application of vicarious responsibility. Which resulted in the courts recognizing as a defense argument the fact that “when there is an evident and significant disconnect between the mens rea of the company and that of the business agent”.

On the other hand, the US prosecutors recognized in the application of its policies and action guidelines that compliance plans constitute a “due diligence test”; which generated a new trend that admits that the responsibility of the company is independent of the responsibility of the vicarious model or of transfer of guilt.

Compliance Plans and criminal risk management

A more current model is the one that has to do with criminal risk management, understood as a set of techniques or procedures associated with corporate management with a certain complexity and risk levels. From Criminal Law perspective, it is known as “technical rules”; and the relationship that exists between the legal and criminal consequences that are attributed to compliance or non-compliance with said rules, creating a duty of care for the members of the organization and the responsibility that falls on natural persons.

The company assumes the duty to prevent all criminal conduct that may be committed in the development of its activity, it is about preventing what some authors such as Gruner call the “defective performance”; of business activity, which is related to the content and structure that a compliance program can have. Beyond the formal, the fact that the company aims all its efforts to prevent illegal conduct results in the legal person not being guilty of the conduct carried out by its members in the criminal sphere, which generates an eventual exclusion of liability. regarding their own conduct, related to the duty of care of the legal person.

European criminal dogmatic advocates that it is everyone’s obligation to avoid harm to third parties, for which the duty to adequately organize behavior is generated, and thus prevent unauthorized harm from occurring to others.

In specific cases, it must be proven whether the action of the active subject, member of the organization has acted on his own behalf or if he had an authorization granted by the representative of the company to act on behalf of the company. The court must determine whether the subject acted within the framework of its established powers or not. What is sought in the logic of attribution of legal responsibility in relation to the connection between the act of another and the subject on whom the sanction falls, which would justify that the harmful measure is attributable to the company or the natural person.

In Spanish legislation, the company that has a compliance program implemented represents a circumstance of exempting liability of the legal person.

In our country, Criminal Code in its article 49 defines responsibility of legal persons, determining that crimes committed by these will be for their own benefit or that of their associates, whether by action or omission of those who exercise ownership, control, attorneys, principals and all those who have a direct or indirect legal relationship of administration, direction and supervision and who comply with orders or instructions of natural persons who are part of its structure.

In our legislation, criminal liability of natural persons is separated, and it is handled independently of the criminal liability of the legal person, which underlies the event that it is impossible to identify a natural person who has committed the crime.

The general mitigating circumstances applicable to the criminal types, established in article 45 numeral 7 of the aforementioned legal body, are applicable to legal persons.

a) Spontaneously having denounced or confessed to the commission of the crime before the formulation of charges with which the tax investigation begins, or during its development, provided that it has not been formally known about its initiation.
b) Collaborate with the investigation by providing elements and evidence, new and decisive, before it begins, during its development or even during the trial stage.
c) Comprehensively repair the damage caused by the commission of the crime, before the trial stage.
d) Have implemented, before the commission of the crime, integrity systems, standards, programs and/or compliance, prevention, management and/or supervision policies, in charge 4 of an autonomous body department in larger legal persons, or a responsible person in the case of small and medium-sized companies, whose operation is incorporated into all managerial, managerial levels, advisors, administrative, representative and operational of the organization.

The systems of integrity, norms, programs and/or political of fulfillment, prevention, direction and/or supervision, they will have to incorporate the following minimal requisites, without detriment to the dispositions of the Regulation that is dictated for the effect, and of other specific norms:

1. Identification, detection and administration of activities in which risk appears;
2. Internal control panel with persons in charge for processes that represent risk;
3. Supervision and monitoring continued, internally and independent evaluations of systems, programs and policies, protocols or procedures for the adoption and execution of social decisions;
4. Models of financial management;
5. Channel of denunciations;
6. Code of Ethics;
7. Programs of training of the personnel;
8. Mechanisms of internal investigation;
9. Obligation to inform the manager of fulfillment about possible risks or non-performances;
10. Norms to disciplinary sanction violations of the system; and,
11. Programs know your client or due diligence.

Lastly, it is necessary to stress the condition of attenuant attributed to the fact of which the company should have implemented in a technical way a compliance program of fulfillment and this one should be applied; depending on his size, on the responsibility of a person or organ of the organization, as well as the importance of applying mechanisms of due diligence that allow to know their clients.