Implementing regulatory compliance models in organizations contributes to exemption from criminal liability for neglecting due vigilance and is, above all, a strategic ally for the implementation of an ethical culture that respects the deepest values of the entity.
Consequently, a regulatory and compliance program for ecclesiastical entities is a necessity that is increasingly unavoidable.
This was one of the main messages sent in the ForumWord Alain Casanovas, head of services for the company, and Alain Casanovas, head of Legal Compliance at KPMG Spain, and Diego Zalbidea, Professor of Canon Law in the Faculty of Canon Law at the University of Navarra. A colloquium organized by the magazine Palabra, which took place in a central Madrid branch of Banco Sabadell.
That forum left the attendees with the desire to further specify an eventual model of complianceThis was achieved last June, virtually, with dozens of participants posing numerous questions to the speakers themselves. The theme of the ForumWord has been Implementation of a compliance program in an ecclesiastical entity. Case study.
Presented the webinar The director of Palabra, Alfonso Riobó, gave the floor to the director of Religious Institutions of Banco Sabadell, Santiago Portas, and then to the speakers. The technical coordinator of the session was the IT manager of the Archdiocese of Burgos, José Luis Pascual, with the collaboration of the Centro Académico Romano Fundación (CARF).
Numerous people participated, both from Spain and from various countries in the Americas. Among them were leaders of ecclesial entities: episcopal conferences, dioceses, consecrated life, associations, movements and other institutions, as well as lawyers, professors and other interested parties.
Case method: an imaginary diocese
The training session was preceded by a practical case study (".case study"The case was articulated around the institutional scheme and the activities carried out by an imaginary diocese, developed by entities of different order and category. The case was articulated around the institutional scheme and the activities carried out by an imaginary diocese, developed by entities of different order and category. The diocese designed was of a medium-large type; for example, as an indication, it consisted of 315 parishes with 280 priests, and 1,145 employees in organizations throughout its perimeter of consolidation. For ecclesiastical organizations other than the diocese, the case presented served in any case as a paradigm.
Based on these data, the work leading to the implementation of compliance programs for the various activities was proposed. The first and fundamental step, according to Diego Zalbidea's proposal for the session as a whole, was to determine the architecture of the compliance model. compliance. If we were dealing with very simple environments - for example, in the case of a single entity carrying out a single activity - perhaps this first step would be superfluous; but it becomes more necessary as the complexity increases, and it certainly is in the case of the type of environment in question, where there are a variety of entities carrying out different activities.
The determination of the architecture of the model makes it possible to identify aspects such as: a) the level of centralization of the control environment, on which it depends whether a single control body may be necessary compliance b) the level of supervision, since in some situations it may be sufficient for the body to limit itself to issuing directives, in other cases it must issue instructions and supervise their fulfillment, and finally it may have to directly carry out the control activities.
The resulting architecture does not necessarily have to be uniform at the different levels; moreover, it could be centralized for some activities that require it and decentralized for others.
Once the architecture of the model has been defined, it is possible to determine the organ or organs of the model. compliance, and its composition; to set the level of supervision; to determine (through protocols) some essential elements such as basic policies and communication channels; to determine the number of risk assessments to be developed; and to prepare the documents that will describe the model.
A complex organization
"In small organizations, or in a small company, the compliance is not too difficult. However, when we talk about complex organizations, such as a diocese, we have a lot of doubts, Alain Casanovas pointed out in his speech.
"In a diocese, very diverse activities are carried out by entities of a very different nature as well. This means that we have to have a model for compliance But should we have a model in each and every one of the entities, should we have it for each activity, should we have it at the diocesan level? How should we do it? It was a series of questions that the KPMG expert answered, either in his speech or in the answers to the questions that were asked, together with Professor Diego Zalbidea.
In synthesis, Alain Casanovas distinguished "between centralized models, decentralized models, and hybrid models. Centralized models are those where there is a concentration in decision making, and we would go to a model of compliance centralized, either level 1, where the system is very verticalized, or level 2".. Model 2 remains the corporateBut the entities have a certain level of autonomy, they are given guidelines, and it is ensured that things are done well. In any case, there is a high level of supervision.
"In point 3 we would speak of a differentiation of competences. It would be, saving all distances, like the competences of the State and those of the autonomous communities. That is to say, some competences belong to the entity, and others clearly belong to the main house, to the parent company".
"Scenario 4 is the scenario of full autonomy, in which each of the entities, with its activities, enjoys full autonomy and has managerial autonomy and the ability to make its decisions. It is the complete opposite scenario to that of a large decision-making unit, level 1."
In a decentralized modus operandi, where there are central activities and others at the activity or entity level, "we would go to hybrid models, and then if it's decentralized, decentralized models." added the lawyer.
Advantages, disadvantages
"In centralized models, at the central level you have a very detailed view of everything that's going on, and you can exercise this prevention, detection and early incident management in a uniform and consistent way across the perimeter. There is a great ability to put in place a compliance monopolistic throughout the organization.
"The big drawback is that centralized models produce an environment that is very conducive to liability contamination." added Alain Casanovas. "That is to say, in an incident in an entity within the perimeter of this large conglomerate of entities and activities, it is very easy for this legal responsibility -and we are not only talking about the issue of image- to be transmitted, to end up being passed on to the whole group. In the end, explanations and responsibilities end up being requested at group level"..
Hybrid models, which are a mix, also have advantages and disadvantages, he noted. "The advantage is that they are very responsive to local needs. It is easier to do good management when you have proximity to the activity, even geographically.
Relating to parishes
As for the parishes, "We should ask ourselves: what level of autonomy does a parish have? Can it do what it wants? In this way, we can study whether it can have a model of compliance or simply the translation of the model from the compliance of the entity or agency to which it reports. This will determine the level of supervision"said Alain Casanovas.
Professor Zalbidea reported that "In these sessions quite a number of parish priests are participating. There will be parishes that have resources and can do it, but in Spain there are 23,000 parishes and most of them are not able to have a parish organ," he said. complianceIt seems necessary for the Curia to support them and establish the parameters".
Practical issues
Some questions wanted to delve more deeply into what would be a reasonable model of compliance for a diocese; on the steps that could be taken by the Episcopal Conference (CEE), and on diocesan curias. Here is an excerpt of some of the responses in the colloquium led by Professor Diego Zalbidea. The initials correspond to the speakers cited:
A.C.: "In a complex diocese, with many activities, there is no universal answer to implement a model. Perhaps we can end up with a hybrid model because it is the most normal thing to do. In the case of a diocese, a common project and a common image are shared. That is obvious. This fact leads us to centralized or hybrid models".
D.Z.: "I am of the same opinion.
A.C.: "My knowledge of the activities of a diocese is much more limited than that of Professor Zalbidea, but we would surely go for a hybrid model where there would be a scope of policies and basic controls, and I speak of a minimum of minimums. Seen from the outside and with all the caveats, what makes sense is a model with an environment of control and parameters of conduct, of policies, which is common, and from there, develop it at the local level, with delegates or with their own models depending on the level of autonomy of the activities.".
D.Z.: "They ask what steps the Church should take in this field; in the dioceses, the Episcopal Conference itself...".
A.C.: "There are issues of decision making that escape me a lot. Perhaps an approach from the Episcopal Conference would be to establish a minimum model of dioceses, so that these dioceses cascade downstream, but that a common denominator is demanded. In 'compliance', as far as large commercial groups are concerned, which are the ones I know best, the lack of coherence is not going well. Perhaps at the level of the Episcopal Conference, a minimum common denominator can be established at the diocesan level, and that the dioceses, starting from that mandate, would move it downwards, and we would have a common denominator in all the dioceses, adapted to the singularities of each one of them".
D.Z.: "The issue there is that the Episcopal Conference as such does not have normative competencies in most of these crimes with respect to the dioceses. Another thing would be to ask the Holy See for a special delegation to give a specific normative for all the dioceses."
D.ZAnother question. The Curia has a central role in the government of the diocese, where most of the decisions are made. Would the Curia be the department in which the programs of the diocese should converge and be synthesized? compliance"?
A.C.: "It makes perfect sense. But it would have to be seen if the international parameters of independence and autonomy are met. But broadly speaking it makes sense."
Z.B.: There are also canonical questions. Within a standard organization chart of a diocesan curia, ¿where would we place the delegate of compliance? And connected to this, who could assume this role within a diocese, and where should they be placed?
A.C.: "The standards require it to be a position close to the governing bodies. Because its objectives are supervisory and advisory, but not decision-making. The compliance body or the compliance officer They do not make decisions, but are a part of the chain that monitors compliance with the laws and commitments assumed by the organization, and therefore monitors what is happening and suggests to the decision-making bodies that they adopt the appropriate measures.
But it is not part of its autonomy to make decisions, because those decisions in the mercantile field will correspond to the organs established by the law of capital companies or the Code of Commerce; and in the ecclesiastical field, to the organs determined by the ecclesiastical law. In any case, it must be a body close to the decision-making bodies, to communicate fluently with them, and to take immediate action when necessary".
D.Z.: "From a canonical point of view, the ideal would be for it to be an organ at the highest level within the diocese, close to the bishop, and with a certain degree of independence with respect to those below the bishop who are subject to his authority and make decisions, that is, the vicars. With a degree of independence so that he can tell the bishop, who is the administrator of the diocese, the things that are not being fulfilled and the risks that may fall on the bishop himself, who in the end is the one who may see his responsibility implicated or contaminated. Therefore, I think that the higher up in the diocese, the better, and the more independent of decision making, the better.
Why have a model
In the session, the KMPG expert was asked about liability insurance. Alain Casanovas pointed out that liability insurance covers civil consequences, "but they never cover criminal liability. The Penal Code sets penalties, but not compensation, which is the civil sphere."
"The only way to sleep soundly in the matter of compliance is to do what you can". -he added. "First, not to stand still, inactivity is never good advice; and second, to link, to move forward and to have this diligence, this proactivity, and to say: look, things have not turned out well. Well, they may not have turned out well, but at least I did everything I could within the scope of my possibilities to make sure that this was not the case."
To what extent is it mandatory to have a compliance in the organizations was another issue. Alain Casanovas made a clear statement: "There is no obligation. When we say that Article 31 bis of the Criminal Code requires it, it is not technically correct. What it says is that if the crime is committed in a legal person, to have a model of compliance can mitigate that criminal liability, or even exempt that legal entity from criminal liability, which happens in Spain, but is extremely unusual in comparative law.
We are one of the few countries where we have a very unbalanced model, in the sense that if we have a model of complianceEven if it is not compulsory, we have great advantages, and if we do not have it, we have great disadvantages. It is a deliberately biased model to motivate the business community to have a model of compliance. But there is no obligation. However, Circular 1/2016 of the State Attorney General's Office points out how important it is to do things not only legally, but also ethically."
I must also say that no large organization would ever consider not having a complianceThe company has a great imbalance between the advantages of having it and the disadvantages of not having it. In today's society it is practically unthinkable".
As for the compliance manager, o compliance officerAlain Casanovas stated that "the Penal Code is minimal. But Circular 1/2016 of the State Attorney General's Office and international and national standards do refer to it. The body of compliance must be endowed with two factors: autonomy and independence. The greater the level of autonomy, the greater the capabilities of the compliance manager or the compliance officer. That comes to him by delegation, I do not want there to be misunderstandings, he does not have a sheriff's badge with omnipotent powers. Independence is neutrality in decision making, so that his rightful actions are not violated by interests, for example, he participates in decision making and at the same time he has to judge".
