Corporate fraud is a material economic threat to organisations of every size. The ACFE's *Report to the Nations* — the global benchmark study on occupational fraud — estimates that organisations lose an average of 5% of annual revenues to fraud, with a median detection time of twelve months. In Spain, the progressive tightening of corporate criminal liability introduced by Organic Law 5/2010 and significantly expanded by Organic Law 1/2015, combined with increasing judicial scrutiny of corporate governance failures, has made forensic investigation a discipline in high and growing demand.
The Taxonomy of Corporate Fraud in Spain
Forensic accounting encompasses a wide spectrum of unlawful or irregular conduct. In the Spanish business context, the most commonly encountered categories are:
Asset misappropriation: the most prevalent category, ranging from straightforward cash theft and inventory diversion to the redirection of customer receipts into personal accounts, manipulation of expense claims and unauthorised personal use of company assets. Depending on circumstances, Spanish criminal law addresses this under Article 252 (unfaithful administration, administración desleal) or Article 253 (misappropriation, apropiación indebida) of the Penal Code.
Financial statement fraud: deliberate manipulation of annual accounts to present a distorted picture of the company’s financial position. Common schemes include premature revenue recognition, capitalisation of operating expenses, understatement of provisions and creation of fictitious assets. Article 290 of the Penal Code criminalises falsification of annual accounts or other documents intended to reflect the legal or economic situation of a company.
Corruption and conflict of interest: payments to public officials to secure contracts (Article 424 PC), undisclosed commissions on purchases from connected suppliers, and business decisions conditioned by undeclared personal interests of the decision-maker.
Payroll fraud: creation of ghost employees, manipulation of overtime records, unauthorised salary increments or continued payroll payments to former employees.
The Forensic Investigation Process
A forensic investigation follows a structured methodology that clearly separates the detection phase, the investigation phase and the documentation phase for legal use.
Detection and scoping: investigations typically begin following a whistleblowing report, an anomaly surfaced during routine accounting review, or a mandate from the board or a shareholder. This phase defines the investigation hypothesis, sets the temporal and functional perimeter, and ensures that digital evidence is preserved and handled in accordance with forensic standards — including documented chain of custody and cryptographic hashing of data sets.
Data analysis: the technical core of the investigation. Techniques applied include transactional data analysis (reviewing all journal entries for anomalous patterns), Benford’s Law analysis (the statistical distribution of leading digits in large numeric datasets, which flags invented figures), cross-referencing supplier and employee master data to identify overlap between company payees and employees’ personal details, and cash flow mapping to detect circular fund flows.
Forensic interviews: conducted under protocols that preserve their utility as evidence or as the basis for disciplinary decisions. A forensic interview is not an informal conversation: it follows structured methodologies such as the PEACE model or the Cognitive Interview approach, and must be meticulously documented.
Expert report: the investigation findings are presented in a formal expert report structured and written to a standard suitable for submission to courts, disciplinary bodies or the board. In Spain, Article 335 of the Civil Procedure Act (Ley de Enjuiciamiento Civil) governs expert witnesses, whose reports may be subject to cross-examination at trial.
The Whistleblowing Channel and Law 2/2023
Law 2/2023 of 20 February — transposing the EU Whistleblower Protection Directive (2019/1937) — has reshaped internal fraud management for Spanish companies. Companies with fifty or more employees are now obligated to maintain an internal reporting channel meeting the law’s requirements: confidentiality for the reporting person, prohibition on retaliation, independent management of reports, and defined maximum response times.
The data supports the investment: the ACFE estimates that 43% of occupational frauds are detected through tips — more than internal audits, management reviews and external audits combined. A well-designed and clearly communicated reporting channel is not merely a legal obligation but the most cost-effective preventive control available to any organisation.
Corporate Criminal Liability and Compliance Programmes
Organic Law 1/2015 consolidated Spain’s regime of direct criminal liability for legal entities in respect of crimes committed on their behalf and for their benefit by legal representatives, de facto or de jure managers, or employees acting with delegated authority. Penalties range from substantial fines — which may exceed twice the benefit obtained or damage caused — to suspension of activities, closure of facilities and, in the most serious cases, dissolution of the company.
The only effective defence is to demonstrate that the company had in place, before the offence occurred, an organisation and management model that included suitable supervision and control measures to prevent crimes of the same nature or significantly reduce their risk (Article 31 bis.2 of the Penal Code). Forensic accounting, systematic fraud risk assessment and well-documented internal controls are the operational pillars of this defence.
Spanish courts — drawing on the Supreme Court’s landmark ruling of 29 February 2016 — have clarified that a compliance programme must be genuine and actively supervised to qualify for the exemption; a theoretical programme that existed on paper but was not embedded in day-to-day operations will not shield the company from criminal liability.
Recommended Action When Fraud Is Suspected
When well-founded suspicion of fraud arises, the correct sequence of action is: (1) preserve evidence without alerting suspected individuals; (2) commission an independent external investigation to ensure objectivity and protect the company against potential claims from the subject; (3) brief the governance body with sufficient detail to enable fulfilment of its fiduciary duties; (4) consider precautionary suspension of the suspected employee in compliance with the Workers’ Statute (Estatuto de los Trabajadores); and (5) assess whether the facts constitute a reportable criminal offence and whether to file a criminal complaint (denuncia or querella) with the public prosecutor or the courts.
Acting too slowly — or, worse, attempting to resolve a serious fraud internally without proper investigation — can expose the company and its directors to liability for inadequate oversight, destroy evidence admissibility and result in significantly larger financial losses.
At BMC we offer top-tier strategic advisory. See our forensic accounting services.
