ComplianceMinimizing Risks

In our two previous posts, we discussed the general outline of the Mexican National Anticorruption System, and highlighted some aspects of the General Law of Administrative Responsibility and the Federal Criminal Code that affect legal entities. We now turn our attention to what these laws refer to as an “Integrity Policy” and the ways entities can avoid, limit or minimize liability.

Burden and Standard of Proof

Under both the Federal Criminal Code and the General Law of Administrative Responsibility, there is a presumption of innocence, and the burden of proof rests with the government. Mexican procedural rules generally do not define different standards of proof applicable to determine liability in criminal, administrative and civil cases. That is, while Mexican law is clear that the burden of proving liability rests with the government, it makes no distinction between civil, administrative and criminal standards of proof.[1]

Exclusion of Liability

When we discussed corporate liability, we noted that under the National Code of Criminal Procedure failure to have or follow internal controls is required for a finding of liability. Similarly, the Federal Criminal Code reduces the applicable penalty if the entity has an internal compliance body that helps mitigate damages. Finally, the General Law of Administrative Responsibility establishes that a legal entity’s Integrity Policy (i.e. Compliance Program) “will be taken into consideration” to determine a company’s liability. While the criminal and procedural codes do not establish what internal controls are required or detail the characteristics of a “dedicated compliance body”, the General Law of Administrative Responsibility does.

Integrity Policy

Under article 25 of the General Law of Administrative Responsibility, an “integrity policy” – what is commonly referred to as a compliance program – should have, at a minimum: (i) a code of conduct, (ii) adequate procedures, controls and expressly defined approval processes, (iii) effective review systems that conduct periodic risk assessments and audits, (iv) a whistleblower line available to all employees, an investigations policy to address reports, and consistently applied disciplinary measures, (v) periodic ethics training, (vi) due diligence on employee hiring, and (vii) full transparency and publicity of its interests (i.e. GAAP accounting, no hidden accounting, etc.). These elements are standard components of U.S. style compliance programs and may be familiar to compliance professionals with international operations. For others, especially start-ups, or companies coming from jurisdictions with a more recent compliance tradition, these concepts may be new and their implementation may involve additional costs and resources. However, considering the country risks discussed above under these new Mexican laws, it makes sense to consider implementing a compliance program with these characteristics.  Moreover, while the benefits of a compliance program in Mexico vary whether the source of liability is criminal or administrative, it seems clear that the more complete and effective a company’s compliance program is, the less likely the company is to face liability.

What next?

Like Mexico, many other jurisdictions, especially in Latin America, have recently passed anticorruption legislation. Although these jurisdictions do not include many aspects of the Mexican National Anticorruption System, most require an effective compliance program, internal controls and policies as a means to avoid or limit liability. Companies doing business in Mexico and in Latin America should be mindful of this new anticorruption environment and consider implementing a compliance program or reviewing their existing one, to make sure it satisfies these requirements.


[1] In the U.S. the standards of proof vary (i.e. preponderance of the evidence and clear and convincing evidence in civil cases, proof beyond a reasonable doubt in criminal matters, etc.).