Compliance is born in the Anglo-Saxon business world, more specifically in the financial sector, which has traditionally been subject to fairly rigorous regulation. In financial institutions, there is a need to ensure compliance with all the regulations, which are quite complex at times, and with very high penalties in case of non-compliance, so that they begin to employ departments dedicated exclusively to ensuring compliance, delimiting them from the area of legal advice that until then was the one in charge of that function.

LThe increasingly profuse and demanding regulation is not limited to the financial sector, but extends to many other sectors of the economy, which also begin to be interested in implementing their own compliance plans.

At present, the word compliance has been rapidly expanded following the reform in 2015 of our Penal Code; however, there are many other areas in the business world that can be implemented.


Focusing on the present, it should be noted that on May 18, UNE Standard 19601 on criminal compliance management systems was published, called to establish a common language of understanding in this area, in line with what is established in modern international standards.

However, what really transcended this news has gone unnoticed: the migration of linear models of compliance to “management systems”, a circumstance that implies a drastic change of mentality and approach.

We could say that a linear model sets requirements whose fulfillment is interpreted as adequate for the achievement of a given purpose. Thus, for example, when it is pointed out that the crime prevention model must be endowed with economic resources, it is met with a budget. But a “system” transcends this immediacy, for it is an interrelated set of elements that achieve together certain objectives that can not be achieved in isolation and, therefore, should not be analyzed in isolation. In a management system, the interaction between the requirements is what really contributes to achieve the objectives of the whole and gives them individual meaning, as I will explain following the thread of the same example.

An organization realizes that it has a linear system when it executes certain requirements by discipline and not by systemic logic, which leads to formulate some reflections:

What should be the amount of the compliance budget?

The UNE Standard 19601 establishes the need to set criminal compliance objectives, which can begin at a strategic level and then descend to the tactical one: we want to improve the sensitivity of compliance in a particular way in a particular region (strategy) and for this we will need to increase the local hours of training, technical assistance and hiring a zone manager (tactics). The setting of objectives of criminal compliance, necessarily triggers a series of consequences, among which there is available resources to implement them.

Therefore, the budget items will be conditioned by the objectives of compliance intended, which are quantifiable economically (especially tactical). Thus, an organization with a criminal compliance management system will not feel insecure with its criminal compliance budget, as it will have to be aligned with the criminal compliance objectives that have been imposed. Moreover, under this systemic logic, compliance objectives will also determine what information should be captured and measured to assess the degree of achievement, how and to whom they will communicate, how they will be monitored and report on their evolution to senior management and government, etc.

With this example we see that a requirement of the UNE standard affects many others, being this the underlying philosophy in the Spanish standard, when it does not regulate isolated but interrelated elements to achieve a harmonious and effective set.

For those who are not accustomed to managing in management systems, they will be struck by the large number of cross references in concepts and subjects in the UNE Standard, a circumstance that does not obey the disorder but is a result of articulating closely related requirements with the others. It is a substantially different approach to linear models, which list their components but do not delve into the relationship that exists between them, which sometimes leads to not seeing a clear individual sense or joint.