The recent reform of the Criminal Code (‘Reform’) specifically provides for corporate criminal liability, as contained in Article 31 bis of the Criminal Code (‘CC’). It expressly establishes that corporations will be exonerated if they have implemented compliance programmes, which must meet certain requirements and include specific contents. The role of ‘compliance officer’ has been introduced by the Reform. If the Reform is interpreted jointly with Law 31/2014, of 3 December, on the change of Corporate Enterprises for the improvement of corporate governance, which imposes on directors a specific duty of corporate risk control, directors may be held liable, as guarantors, for the offences committed by the employees, on the basis of commission by omission. The compliance officer does not assume that position as a guarantor, and will only be liable when a specific contractual duty has been delegated to the officer to prevent offences beyond his/her role as a supervisor of the operation of, and compliance with, the prevention model. In recent years criminal law in Spain has been increasingly influenced by globalisation, by particular corporate scandals and by the regulatory tendencies of corporate legislation. Part of the problems faced by corporate law at present, when regulating directors’ liability, are shared by white-collar law. This is the case, in particular, for situations such as dissemination and fragmentation of information in companies, risk transfer in organisations and delegation of duties, which may result in the so-called organised irresponsibility of corporations. Worldwide there is a growing relevance of the regulation of corporate governance in enterprises, as well as a greater awareness of the usefulness and dissemination of good practices in corporate governance by means of self-regulation. Law 31/2014, of 3 December, for the improvement of corporate governance, mentions the failures in corporate governance as one of the reasons for the economic and financial crisis, since ‘both financial and non-financial entities have been affected by reckless risk-taking.’ The same Law exemplifies the transit from a prevailing soft law in corporate governance to an increase in the implementation of hard law measures.The referred corporate reform seems relevant, as it has an impact on specific components of the practical application of some types of white-collar criminal offences in corporations. Regarding the liable subjects, corporate legislation holds de facto directors liable. The concept of ‘de facto directors’ is now defined in corporate law for the first time, and meets the requirements of settled case law in corporate, insolvency and criminal law (as shadow directors and de facto directors). Reference is also made to general managers when there is no managing director in a company, and to the natural persons appointed by legal entities to perform the duties of directors on a permanent basis in governing bodies, which has a special impact on the private equity sector. Article 15 of the former Criminal Code referred to executives, bodies or representatives as potentially criminally liable by means of ‘acting on behalf of another person’ provisions. Article 31 of the current CC includes the concept of ‘de facto directors’ and ‘de iure directors’, to be integrated into the provisions of corporate law in line with settled case law, which has been holding both de facto and de iure directors concurrently liable (Supreme Court Judgment of 25 June, 2010). Similarly, the reform of the legislation on corporate enterprises introduces a crucial new duty of directors: the duty of corporate control. As a result, directors must have a suitable engagement with the good management and control of the company, and ensure that they adopt the necessary measures to that effect. This specific legal duty confers on directors the status of guarantors in the terms of Article 11 of the CC. It is projected on specific aspects of corporate law: (i) only if an appropriate decision-making procedure has been observed, as an indication of due control, may the exoneration of corporate liability be invoked, by applying the rule of protection of discretion in making corporate decisions; (ii) the Board of Directors is given the non-delegable power to determine control and risk management policies and the monitoring of information and control systems; (iii) the audit commission is entrusted with monitoring the efficiency of the internal control of the company and the risk-management systems, and discussing any significant weaknesses of such internal control systems; and (iv) the corporate governance report must include the systems for risk control, including those related to tax. In view of the above, directors may be criminally liable, as perpetrators, perpetrators-by-means or participants, for ordinary or special offences in which they have taken part in various forms in the context of a corporation, or by attribution under Article 31 of the CC. Directors may also be liable, on the basis of commission by omission, pursuant to Article 11 of the Criminal Code, if they fail to prevent offences from being committed by employees or officers within the company, when the requirements of omission to action are met, as it is now a specific legal duty of control of the company’s activities and its risks. This results in a position of guarantor in terms of preventing crimes from being committed within the company. The delegation of duties by directors to third parties, including the compliance officer, should not mean that directors become fully exonerated in favour of the delegated party, as case law has established. Likewise, exoneration does not cover those cases in which, instead of a delegation of duties being in compliance with corporate formalities, a person is merely entrusted with a certain task. In these cases the director continues to be a guarantor, as in the cases of defective delegation. The new wording of Article 31 bis of the Criminal Code after its reform by Public General Act of Parliament 1/2015 (LO 1/2015, of 30 March) clarifies that the model of corporate criminal liability is based on a defect in organisation, supersedes the structure of vicarious liability, and becomes a separate type of criminal offence specifically referred to corporations, as opposed to the mere model of perpetrator clause or of extension of liability. It is the responsibility of the governing body to adopt and efficiently implement, before any offences are committed, organisation and management models (compliance programmes) that include surveillance and control measures to prevent offences from being committed or significantly reduce the risk of them being committed. According to the above, directors assume a position of specific guarantors in terms of adopting compliance and crime prevention programmes in the context of such programmes, as pointed out in the specific criminal offence type of omission of compliance programmes, which was finally eliminated from the final version of the reform. The status of guarantor is also correlated with the specific corporate control of the company and its risks. However, the role of the compliance officer is more clearly delimited by the law. The compliance officer is responsible for the operation of, and compliance with, the prevention model, and has initiative and control powers, but not decision-making powers, which continue to be the remit of the governing body. This is a supporting officer or manager, with no executive powers, who participates in the design, implementation, verification and update of compliance programmes. This role is not in charge of adopting or amending compliance programmes or making any final decisions in respect of these programmes. There is no specific legal duty that causes the compliance officer to be an automatic guarantor, although this position may be contractually assumed, based on the delegation of duties by the governing body through a contract or by means of corporate resolutions to that effect. Therefore the compliance officer may be excluded from that liability as a result of a specific limitation of duties, which the courts will take into account on a case-by-case basis. The delegation will not fully exempt the governing body from liability in this respect. An accumulation of positions of guarantee to that effect may occur, similarly to some German case law which has held subjects liable for assumption of a guarantor status by complicity by omission. It is crucial to provide an appropriate system of corporate documents in this regard with a view to defending directors, compliance officers and companies in a trial, in the event that an offence is committed by an employee or an executive. This is particularly important considering the courts’ tendency to expand the accused, depending on the outcomes of the investigation. This also suggests that it is advisable to avoid merely copying or using standard or certified ISO compliance programmes, which are not appropriately related to each company and the roles of its officers and administrators.