Corporate Governance in Spain

What Is Corporate Governance?

Corporate governance is the framework of rules, structures, and practices through which a company is directed, managed, and held accountable. Good governance defines how decisions are made, how stakeholder interests are balanced, and how the company is monitored and controlled. In Spain, the governance framework for companies is primarily shaped by:

• Ley de Sociedades de Capital (LSC): The foundational statute governing all Spanish capital companies (SL and SA), covering shareholder rights, director duties, board powers, and structural changes.
• CNMV Good Governance Code (Código de Buen Gobierno): A comply-or-explain code for listed SAs, updated most recently in 2020, setting best practice recommendations on board composition, independence, remuneration, risk, and sustainability.
• Sector regulations: Banking (CRD/CRR, EBA guidelines), insurance (Solvency II), financial services (MiFID II), and energy sector companies face additional governance requirements from their respective supervisors.

The Governance Architecture of a Spanish Company

Shareholders (Socios / Accionistas)

Shareholders are the ultimate owners and exercise their collective rights through the Junta General (shareholders’ meeting). Key governance rights include:

• Appointing and removing directors
• Approving the annual accounts and profit distribution
• Approving material structural changes (mergers, demergers, dissolution)
• Amending the articles of association

Board of Directors (Consejo de Administración)

For companies using the board model, the board sits between shareholders and management. It sets strategy, appoints and oversees senior management, and ensures the company complies with its legal and regulatory obligations.

Board Committees

Larger companies — and all listed SAs — typically establish board committees to improve oversight:

• Audit Committee (Comité de Auditoría): Oversees financial reporting, internal controls, and the external audit relationship. Mandatory for listed SAs.
• Nominations and Remuneration Committee (Comité de Nombramientos y Retribuciones): Reviews director nominations and sets remuneration policy for directors and senior executives. Mandatory for listed SAs.
• Risk Committee (Comité de Riesgos): Common in financial institutions and increasingly in large non-financial companies, overseeing the enterprise risk management framework.

Management

Day-to-day management is delegated to executive directors or a hired management team (CEO, CFO, COO). The boundary between board oversight and management execution is a key governance issue: excessive board involvement in daily operations can slow the business; insufficient oversight can result in fraud, mismanagement, or regulatory breach.

Good Governance Code: Key Recommendations

The CNMV’s Good Governance Code applies on a “comply or explain” basis to listed Spanish SAs. Non-listed companies often use it as a voluntary benchmark. Key recommendations include:

• Board independence: Independent directors should represent at least half the board (two-thirds for companies without a controlling shareholder).
• Board diversity: Explicit targets for gender diversity — CNMV recommends 40% women on the board, a threshold now mandatory for large listed companies under EU rules.
• Chairman/CEO separation: The CEO and Chairman roles should not be held by the same person; if they are, an independent lead director (consejero coordinador) should be appointed.
• Director remuneration transparency: Full individual disclosure of director pay, with variable remuneration tied to verifiable performance criteria.
• Anti-corruption and ethics: Companies should have a code of ethics, a whistleblowing channel (canal de denuncias), and an anti-corruption compliance programme.

Internal Controls and Compliance

Good corporate governance requires robust internal control systems. Spanish companies — particularly those in regulated industries or with international investors — are expected to maintain:

• Internal audit function: Independent review of operational and financial processes.
• Internal Control over Financial Reporting (ICFR): For listed and large companies, documented controls over the financial reporting process.
• Compliance programme: Policies and procedures for anti-corruption (compatible with Spain’s Law 10/2010 on money laundering and the criminal compliance requirements under Article 31bis of the Criminal Code).
• Risk management framework: Identification, assessment, and monitoring of strategic, operational, financial, and regulatory risks.

Corporate Governance for Foreign-Owned Spanish Subsidiaries

Foreign groups operating in Spain through a subsidiary may assume that governance requirements are minimal for a non-listed company. In practice, good governance matters for several reasons:

1. Director liability: Spanish directors face personal liability for acts of the company during their management (see company-director-liability entry). Even foreign-based directors of Spanish subsidiaries are exposed.
2. Tax and transfer pricing: AEAT inspections examine whether governance decisions (pricing, dividend policy, intercompany loans) are genuinely made in Spain or merely rubber-stamped by a foreign parent.
3. Financing: Spanish and European lenders increasingly require evidence of governance quality (independent directors, audit committee, internal controls) as a condition of credit.
4. ESG and sustainability: Large Spanish subsidiaries of international groups are subject to the CSRD corporate sustainability reporting requirements and increasingly to investor ESG questionnaires.

Recent Regulatory Developments

• Ley 5/2021: Transposed the EU Shareholder Rights Directive II, strengthening listed company governance on related-party transactions, say-on-pay votes, and director remuneration policy.
• CSRD (Corporate Sustainability Reporting Directive): Requires large Spanish companies (listed or meeting two of three size thresholds) to publish detailed sustainability reports from 2025–2026, overseen by the board.
• DORA (Digital Operational Resilience Act): Requires financial sector entities to ensure ICT risk governance at board level.

Frequently Asked Questions

Is a compliance programme mandatory for Spanish companies? Not universally mandatory, but Spanish criminal law (Article 31bis of the Criminal Code) provides that a legal entity can escape or reduce criminal liability for offences committed by its employees or directors if it had an effective compliance programme in place. This creates a strong practical incentive to implement one.

What are the consequences of poor corporate governance? Poor governance can result in director personal liability, shareholder disputes, regulatory sanctions (for regulated industries), loss of financing, and reputational damage. For listed companies, CNMV can impose sanctions for governance failures or non-compliance with disclosure obligations.

Does Spanish corporate governance law apply to branches of foreign companies? A branch (sucursal) is not a separate legal entity and is governed by the law of the home company. However, branch operations in Spain are subject to Spanish commercial and tax law, and the foreign parent’s directors can face Spanish liability for branch operations in certain circumstances.

How does the Sociedad Limitada differ from the SA in governance terms? The SL has a simpler default governance framework (no board required, no complex quorum rules, no mandatory audit committee). The SA framework is more formal, reflecting its historical role as a vehicle for public companies with dispersed ownership. Many governance best practices from the listed SA framework are voluntarily adopted by large private companies regardless of legal form.

Can foreign nationals serve as independent directors on Spanish boards? Yes. There is no nationality requirement for directors of Spanish companies. Foreign national directors must obtain a Spanish NIF (tax identification number) to be registered at the Commercial Registry.

How BMC Can Help

We advise boards and shareholders on corporate governance design and compliance: structuring board committees, drafting governance policies, advising directors on their duties, implementing compliance programmes, and supporting companies in meeting regulatory governance requirements.