In 2016, Mexico passed a law to create the National Anticorruption System (NAS). Rather than an entity, the NAS is an organized set of regulations that coordinate several government entities and agencies to enhance anti-corruption controls. One key piece of this set of regulations is the Federal Law of Administrative Responsibilities (FLAR), a federal regulation that provides the rules for Mexican public servants’ conduct. With the rise of the NAS, the FLAR now also includes a chapter outlining corporate responsibilities to prevent and detect corruption.
While the FLAR contains a similar set of rules applicable to public servants’ conduct just as the Mexican Federal Criminal Code does, it is important to outline that these two regulations should be read and interpreted jointly rather than separately, and that administrative responsibility does not cancel criminal liability.
The FLAR not only limits the scope of public servants’ conduct, but also makes organizations and corporations accountable for any misconduct or felony committed by their directors, employees, or through a third party acting on their behalf. This is one of the new advancements in the Mexican regulation to counter corruption, with a similar approach to the U.S. Foreign Corrupt Practices Act.
In this sense, any administrative misconduct can easily fall within criminal jurisdiction, and sanctions may vary; for example, a public servant (Mexican or foreign) can be found administratively liable for intentionally overlooking a permits matter under their supervision, and both that public servant and the Mexican corporation involved can be found criminally accountable for embezzlement on the same matter, after trial.
Aside from FLAR containing principles and guidelines governing the actions of public servants, it provides rules to design what the document calls an “Integrity Policy.”
Such FLAR rules not only aim to preserve the integrity of organizations and corporations, but also to provide possible extenuating circumstances in case an organization or corporation faces administrative or criminal sentencing for corruption offences. If the organization or corporation has such an Integrity Policy in place, that can lessen the severity of punishment. Some of the elements of an Integrity Policy are clearly correlated to the Elements of an Effective Compliance Program as set forth in Chapter 8 of the U.S. Federal Sentencing Guidelines (FSG).
In accordance with FLAR, the elements of an Integrity Policy are the following, and here those are also compared with the FSG Elements of an Effective Compliance Program:
- “Organizational manuals and procedures that define key functions and responsibilities of each area, and clearly outlines the chain of command and leadership throughout the structure.” This can be read as the equivalent of the FSG requirement for companies to have policies and procedures that outline responsibilities for compliance, detail proper internal controls and auditing practices, and set forth disciplinary procedures. Despite such comparison, FLAR requirements can be fulfilled only with, for example, human resources organizational manuals and a Delegation of Authority policy. Unfortunately, this requirement describes activities as if an organization was a rigid structure. In practice, many organizations have no task-specific manuals given the agility required to conduct business.
- “A code of conduct duly published and socialized among all members of the organization, which includes applicability systems and mechanisms.” Besides the written policies required under FLAR, the FSG also provides that an organization must have tone at the top from corporate leaders committed to a culture of integrity and respect for the law, which should also be reinforced and implemented by middle managers and employees at all levels of a business. Many organizations that follow FSG have gone far beyond this requirement and developed compliance programs that include a Compliance Communications Plan to specifically disseminate policy content and creative examples among the organization.
- “Adequate and effective surveillance and audit systems that constantly monitor compliance with integrity standards throughout the organization.” By comparison, the auditing and monitoring provision of the FSG states that companies should regularly review and improve their compliance programs and not allow them to become stale. How Mexican prosecutors will determine the adequateness of such systems under FLAR is still to be seen, as organizations continue to implement their Integrity Policies to deter corruption.
- “Adequate reporting systems, both within the organization and to authorities, as well as disciplinary processes, and concrete consequences regarding those who act contrary to internal policies or against the law.” Reporting is one key element of a compliance program based on the FSG, and unlike the Mexican regulation, U.S. regulation emphasizes that reporting misconduct or violations of the company’s policies should be possible on a confidential basis and without fear of retaliation. However, FLAR does mention a provision similar to the FSG about having a process for investigating allegations and documenting the company’s responses, including disciplinary or remediation measures.
- “Adequate training and education systems regarding the integrity policy.” The FSG pays particular attention to training, saying that companies should ensure that relevant policies have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners. In this sense, the FSG considers training and communications initiatives to be equally important. Mexican regulation falls short, as it is limited to training. Even though FLAR mentions that the Code of Conduct should be socialized (see 2), the FSG provision is broader as it provides all policies should be communicated to the organization, including through periodic training.
- “Human resources policies that ensure appropriate screening before hiring individuals, in order to mitigate any potential risk to the organization. In no case these policies may authorize discrimination of any individual, even if motivated by ethnic or national origin, gender, age, disabilities, social status, health conditions, religion, opinions, sexual preferences, marital status or any other condition that is contrary to human dignity and nullify or impair rights and people’s freedoms.” In this section, the FLAR prohibits harassment and discrimination. This FLAR provision can be interpreted as an attempt to handle third party risk and due diligence, but it limits background reviews to individuals who are candidates for internal positions in the organization. Similarly, the FSG lays out that companies should conduct risk-based due diligence before engaging with third parties and undertake some form of ongoing monitoring of third-party relationships including updating due diligence, exercising audit rights, periodic training, and requesting annual compliance certifications. The FSG does not limit this provision to individuals but opens it up to any third party, in accordance with a risk assessment, prior to being engaged.
- “Mechanisms that ensure transparency and publicity of the organization’s interests, at all times.” The exact meaning of this FLAR rule is still unclear. Some organizations’ interests might be kept confidential for business or legal reasons. This rule might have been an attempt to enact a “Books and Records provision” in Mexican legislation, but if so, it fell short in that sense. It might also be considered as an incentive for corporations and organizations to publicize their Integrity Policy. Some companies and organizations publicize their Codes of Conduct and main policies in their websites, and still fail to have an effective compliance program in place. And some others may choose to maintain a discrete approach on how their compliance efforts are publicized and still be among the world’s’ most ethical companies.
FLAR provisions requiring an Integrity Policy are the first concrete regulatory step that may lead to local, more robust compliance programs in Mexico in the future. There is still a road ahead in terms of third-party review, auditing and monitoring, reporting and investigations, tone at the top, and leadership and oversight, all crucial elements of a compliance program.
In Mexico, enforcement will be key in the coming years. As the legal framework around Integrity Policies continues to evolve based in best practices, we might be seeing more interesting developments around how compliance programs are tailored for Mexican organizations and companies.
Whether in Mexico or another country, compliance officers should bear in mind that no matter which elements of a compliance program are regarded as more important by any local law, whether at earlier or more mature stages, maintaining the effectiveness of a program is essential for any organization to succeed.
About the Author:
Eduardo Vargas-Garcia has been the Ethics & Compliance Director for Constellation Brands, Inc. since early 2019. Prior to this role, he was an ethics & compliance officer for the Latin American operations of global beauty brand Avon. He has also held in-house roles at multinationals such as Procter & Gamble, Philips, and S.C. Johnson. Vargas-Garcia holds a degree in law from the National Autonomous University of Mexico (UNAM, CU), as well as a diploma from the International Anti-Corruption Academy in Vienna.