By: Luis Gerardo Ramírez Villela
Compliance is fundamental in all corporations for the correct business operations and involves anticorruption, labor and social security best practices, amongst others, for the correct risk management by any corporation.
Legal compliance is based on all applicable legal provisions in Mexico and internal regulations, codes of ethics and codes of conduct enacted by any corporation which, in addition thereto, contain the main corporate governance principles to be followed in the ordinary course of business. Within the scope of legal compliance, specific considerations must be taken to matters such as (i) anticorruption, (ii) labor and social security, (iii) environmental, (iv) taxes, and (v) corporate liability.
Compliance Officer
Although today is not mandatory in Mexico – except for specific regulated sectors – to appoint a Compliance Officer, the industry practice is moving towards the appointment of this specific position or handling such compliance and risk management practices through third parties.
The main function of the Compliance Officer shall be to understand the risks to which the corporation may be exposed to depending on its sector and the performance of its business operations. The corporation must guarantee the independence of this officer and provide all the resources necessary for the performance of compliance and risk management duties.
Compliance Program
The best way to initiate the compliance process is through the creation of a compliance program which must cover risk identification, risk measurement and assessment, risk mitigation, risk reporting and monitoring and risk governance. Such program must be aligned with the internal regulations and code of conduct of each corporation and comprehend the key legal areas as well depending on the industry sector but at least including corporate governance, regulatory, litigation and contractual matters.
Furthermore, the creation of an internal impeachment platform through which both officers and employees, as well as external personnel (partners, suppliers, customers, etc.) may report illegal or criminal activities within the corporation is an important step in mitigating any potential risk associated with anticorruption practices and compliance of applicable provisions. Such platform may be managed internally or externally, or even through a combination of internal and external advisors which pursue to enforce the internal regulations for the protection of the business operations.
Please note that any sanctions will have to be taken in compliance with applicable laws and internal regulations and having sufficient evidence prior to carrying out the internal investigation and imposing the corresponding sanctions.
Internal Due Diligence
Once the compliance program has been implemented, it will be necessary to carry out quarterly due diligence audits in order to verify its effectiveness and that all members of the corporation are complying with the protocols established in such program.
The due diligence will partly fulfill this monitoring function and will also serve to identify any potential risks not only from a legal perspective, but also from an operative and accounting perspective, and generate the potential solutions to solve or minimize the risks identified.
It should be noted that on regulated sectors, besides any internal regulations, there are specific legal audits that should be carried out in order to comply with applicable legal provisions and which, if not duly performed, may generate responsibility and sanctions by the corresponding authorities.
The correct and efficient implementation of the compliance program will not only increase the prestige of a corporation but also generate a more effective business operation.