Board Compliance Obligations in Spain: Legal Guide 2026

Q: What duties does the LSC impose on the board of directors?

Articles 225 to 232 of the Spanish Companies Act (LSC) establish the basic statute for directors. Art. 225 requires the duty of diligence: directors must act as an orderly businessperson, dedicating the necessary time and effort and acting with sufficient information. Art. 226 enshrines the business judgment rule: management decisions made in good faith, with adequate information and without personal interest in the matter are protected from liability based on the outcome. Art. 227 imposes the duty of loyalty: directors must act in the company's interest and avoid conflicts of interest. Arts. 228-232 develop specific loyalty obligations: not using privileged information, not appropriating corporate business opportunities, avoiding and disclosing conflicts of interest.

Q: When can a director incur personal criminal liability for corporate offences?

Article 31 bis of the Penal Code establishes the criminal liability of legal persons when an offence is committed by their legal representatives or de facto or de jure directors, or by employees under the inadequate supervision of the above. The most frequent corporate offences include: offences against the Treasury, money laundering, private corruption, fraud, unfaithful administration and environmental offences. For the legal person to be exempt from liability, it must demonstrate that before the offence it adopted and effectively implemented an organisational and management model suitable for preventing offences of the same nature. The board is the ultimate body responsible for ensuring that model exists and functions.

Q: What is D&O insurance and who is covered?

Directors and Officers (D&O) liability insurance covers civil liability claims against directors, officers and senior managers of the company for acts or omissions committed in the exercise of their duties. A typical policy includes: legal defence costs from the first moment of the claim, indemnity for judgments or out-of-court settlements, and extension to group subsidiaries. D&O does NOT cover proven wilful or fraudulent conduct, fines and sanctions of a penal or quasi-penal nature, or claims between insured parties (insured vs insured exclusion). It is an essential risk management tool when the company operates in regulated sectors, is listed on a stock exchange or anticipates significant corporate transactions.

Q: How are conflicts of interest managed at board level?

Art. 228(d) LSC obliges a director to communicate any situation of conflict of interest, direct or indirect, to the other directors. When a conflict of interest arises, the affected director must abstain from participating in deliberation and voting on the matter. In the boards of unlisted companies, the resolution of the board or the general meeting can authorise the director to carry out the related-party transaction, but that authorisation must be recorded in the minutes and properly documented. For listed companies, the CNMV Code of Good Governance 2020 sets stricter rules: material related-party transactions require a favourable report from the audit committee and, for larger amounts, approval by the general meeting.

Q: What information must the board receive to exercise its functions with due diligence?

The duty of information is a central component of the duty of diligence under Art. 225 LSC. Directors are entitled to obtain from the managing director or management team all the information they need to perform their duties. The board secretary is responsible for ensuring that directors receive the agenda documentation with sufficient advance notice. Failure to meet this duty can undermine the business judgment rule: if a director approves a transaction without having received sufficient information, they cannot rely on business judgment to exclude their liability. The board's regulations should expressly govern the timescale, channel and minimum content of pre-meeting information.

Q: Are board minutes valid as evidence in liability proceedings?

Board minutes are the most important evidentiary document in any proceeding seeking to enforce director liability. Art. 250 LSC requires that the deliberations and resolutions of the board be recorded in minutes signed by the secretary and countersigned by the chairman. Well-drafted minutes should reflect: the identity of those present, the agenda items, a sufficient summary of deliberations, votes in favour and against with identification of each director, and the dissenting votes of any directors who voted against. A director who votes against a decision that subsequently proves harmful must ensure their dissenting vote is expressly recorded in the minutes to be exonerated from the liability arising from that resolution.

The board of directors as primary compliance guarantor

The regulatory trend of recent years is unequivocal: compliance duties are not the exclusive domain of legal departments or compliance units. The management body — whether a sole director, a board of directors or a board with delegated committees — is the first and last responsible party for ensuring the company has an effective compliance culture.

This responsibility is not merely moral or reputational. It has direct legal consequences: civil liability for damage to the company and third parties (Arts. 236–241 bis LSC), subsidiary tax liability of directors for company debts (Art. 43.1 LGT), and since the 2015 reform of the Penal Code, the potential criminal liability of the legal person that can implicate its directors.

The directors’ legal statute: Arts. 225-232 LSC

Duty of diligence (Art. 225 LSC)

The standard of diligence required of directors is that of the “orderly businessperson”. This is not a result standard — directors do not guarantee the success of their decisions — but a process standard: they must act with adequate information, devote the necessary time and follow proper deliberation procedures.

The law expressly introduces the business judgment rule in Art. 226: business decisions made in good faith with adequate information and in the absence of personal interest in the matter are protected from subsequent judicial review. This rule recognises that business management necessarily involves decision-making under uncertainty and that director liability cannot be converted into a guarantee of results.

Duty of loyalty (Arts. 227-232 LSC)

The duty of loyalty obliges directors always to act in the company’s best interests, subordinating their personal interests and those of related parties. The obligations derived from the duty of loyalty include:

Not using the company’s name or invoking their position to carry out transactions for their own account.
Not using confidential information obtained in the exercise of their office for private purposes.
Not appropriating for their own benefit business opportunities belonging to the company.
Avoiding conflicts of interest with the company, including transactions with the company itself, with group companies or with related parties.
Immediately disclosing any actual or potential conflict of interest.

Breach of the duty of loyalty gives rise to civil liability and obliges the director to restore to the company any enrichment obtained. Unlike liability for breach of the duty of diligence, liability for breach of the duty of loyalty cannot be limited by the articles of association.

Corporate criminal liability: Art. 31 bis of the Penal Code

The 2015 reform of the Penal Code introduced in Spain the vicarious model of criminal liability of legal persons, following the international standards set by the OECD and FATF.

The vicarious liability model

The legal person is criminally liable when the offence is committed:

By its legal representatives or de facto or de jure directors, in the exercise of their functions and on behalf of and for the benefit — direct or indirect — of the company.
By persons subject to the authority of the above — employees, agents — when the offence was made possible by the absence of controls that would have prevented its commission.

The compliance model as an exemption

The key to the system is that the legal person can be exempt from criminal liability if, before the commission of the offence, it adopted and effectively implemented an organisational and management model suitable for preventing offences of the same nature. If the offence is committed by the management itself (scenario 1), the exemption additionally requires that supervision and control of the compliance model was delegated to a compliance body with autonomous powers of initiative and oversight.

The board’s role

The board of directors has three non-delegable responsibilities in criminal compliance:

Promoting and approving the crime prevention model.
Appointing and adequately resourcing the compliance body (compliance officer or compliance committee).
Periodically supervising the effectiveness of the model and updating the criminal risk map.

Delegating day-to-day compliance management to the compliance officer does not exempt the board from its supervisory responsibility. A compliance model that exists on paper but is not effectively implemented or updated produces no exculpatory effect.

D&O insurance: coverage, exclusions and limits

What it covers

Directors & Officers (D&O) insurance is the risk transfer tool specifically designed to protect the personal assets of directors against civil liability claims. A properly structured D&O policy covers:

Legal defence: lawyers’ fees and expert costs from the first claim, without prior proof of liability.
Indemnities: payment of judgments or settlement agreements for which the company or the directors themselves must respond.
Subsidiary extension: automatic coverage for directors of group subsidiary companies.
Investigation costs: expenses generated by administrative inspections or criminal investigations prior to formal proceedings.

What it does not cover

Standard D&O exclusions include:

Wilful or fraudulent conduct proven by final judgment.
Fines and sanctions of a penal or quasi-penal nature.
Claims between insured parties (unless specifically agreed otherwise).
Environmental contamination liability (covered by specific environmental policies).
Personal injury and property damage (covered by general liability insurance).

Sum insured and sub-limits

Sizing the D&O policy must take into account the company’s size, sector of activity and regulatory exposure. For mid-sized companies in regulated sectors, sums insured between €5m and €20m are common. The annual policy renewal should be accompanied by a review of the directors’ risk map.

Board minutes: the legal memory of the management body

Board minutes are the directors’ first line of defence in any liability claim. A good practice is for minutes to reflect not only the resolutions adopted, but also the deliberation process that led to them.

Signature and custody

Minutes must be signed by the secretary and countersigned by the chairman, and transcribed into the board minutes book, which must be authenticated before the Registro Mercantil. Custody of the minutes book falls to the board secretary.

Information obligations of the board

Directors are subject to multiple reporting obligations towards shareholders, creditors, the administration and, for listed companies, the market:

Towards shareholders: annual accounts, management report, profit distribution proposal and, for listed companies, the annual corporate governance report and the directors’ remuneration report.
Towards the AEAT: tax returns, responses to information requests and, for groups of companies, transfer pricing documentation.
Towards the Banco de España / CNMV / CNMC: depending on the regulated sector, periodic and ad hoc reporting on relevant events.
Towards the market (listed companies): inside information, material facts, significant shareholdings, transactions by persons with management responsibilities.

Failure to meet information obligations not only gives rise to administrative sanctions but may also serve as the basis for a civil liability claim if the recipients of the information used it to make investment or credit decisions.

Conflict of interest protocol

Identification and declaration

Every director must complete an annual interests declaration identifying their shareholdings in other companies, directorships, family relationships with suppliers or customers, and any other circumstance that may give rise to an actual or potential conflict of interest. This declaration must be updated whenever a material change occurs.

Managing the conflict at board level

When an agenda item affects the personal interests of a director:

The director declares the conflict at the start of the meeting or before the item is discussed.
The declaration is expressly recorded in the minutes.
The director withdraws from the room during deliberation and voting on the item (in higher-risk cases) or at minimum abstains from voting.
The remaining board members deliberate and vote without the affected director.

For more significant related-party transactions, approval may require a report from the audit committee and, in some cases, authorisation from the general meeting.

Conclusion: compliance and liability as a competitive advantage

A board that fulfils its legal duties rigorously and documents them properly not only reduces the risk of personal liability for its members: it generates confidence among investors, financial institutions and strategic partners, and facilitates corporate transactions (due diligence, financing, IPO).

At BMC we advise boards on designing their compliance architecture, implementing the criminal prevention model, reviewing D&O insurance and formalising related-party transactions and conflict of interest protocols.

compliance board-of-directors criminal-liability Art-31-bis LSC D&O-insurance corporate-governance

← Back to Insights

Advisory

Valuation & Analysis

Transformation

Governance & Transition

Tax Strategy

Compliance

Specialized Regimes

Wealth & Disputes

Commercial & Corporate Law

Insolvency & Restructuring

People & Compliance

Disputes & Resolution

Cybersecurity

Privacy & AI

Finance & Reporting

Corporate Services

Growth

Risk & Resilience

Articles & Analysis

Reports & Whitepapers

Tools

Industries

The board of directors as primary compliance guarantor

The directors’ legal statute: Arts. 225-232 LSC

Duty of diligence (Art. 225 LSC)

Duty of loyalty (Arts. 227-232 LSC)

Corporate criminal liability: Art. 31 bis of the Penal Code

The vicarious liability model

The compliance model as an exemption

The board’s role

D&O insurance: coverage, exclusions and limits

What it covers

What it does not cover

Sum insured and sub-limits

Board minutes: the legal memory of the management body

Recommended minimum content

Signature and custody

Information obligations of the board

Conflict of interest protocol

Identification and declaration

Managing the conflict at board level

Conclusion: compliance and liability as a competitive advantage

Related Services

Corporate Governance & Compliance

Criminal Compliance

Glossary

Corporate Criminal Liability in Spain

Due Diligence

Related articles

Effective Board Governance: Composition, Committees and Protocol

Director Liability Under Spain's Companies Act: Practical Guide

Corporate Governance for SMEs in Spain: Practical Guide

Want to learn more?

Cookie settings