Receipt date: 09/06/2023 / Revision date: 15/06/2023 / Acceptance date: 20/06/2023

Introduction

The topic of Compliance in Mexico turns out to be of great novelty for companies and businesses, since in current times it can be affirmed that regulatory compliance, as it is also known as compliance, has arrived to show the importance and need of companies to regulate themselves under good practices in their daily activities, and for this purpose several regulations have been created by the Mexican State in order to protect each of the actions performed by business organizations. In the Mexican State there is freedom of action for companies that are incorporated under a legal framework, allowing these actions to be in compliance with the requirements of the Mexican State and therefore the proper development of the company.

The purpose of this article is to analyze the importance of regulatory compliance in Mexico, its legal framework and the implications for companies operating in the country. Therefore, through the present text, a review and analysis of the legislation and regulations applicable to compliance will be developed, all this in order to point out minimum criteria of this new business legal notion based on the legal and ethical responsibility of the organizations. Finally, some contributions will be made by way of recommendations on the subject in question, with the aim of providing a new and proactive vision for companies that want to manage the compliance issue effectively. 

The function of the State is to establish the legal bases to procure order in society, ensure compliance with the law, guarantees and rights of all members of society, as well as to ensure that obligations and responsibilities are fulfilled, punish and penalize when laws are violated. This function of the State, although it has been widely discussed since the classics such as Thomas Hobbes, in his works De Cive and Leviathan; as well as in John Locke's Treatises on Civil Government and in Jean Jacques Rousseau's Social Contract; these coincide in the State's guarantee to provide legal-political security to the population. In view of the foregoing, the rule of law creates the pertinent laws with a punitive nature to sanction actions that go against the parameters established by the legal standard.

Currently, in Mexico, a complex panorama for the implementation of compliance is predicted, since through the corruption indexes that are measured through international groups such as Transparency International, Mexico occupies the highest levels on the incidence of all practices that are globally defined as corruption, in the study called "Corruption Perception Index (2021)" Mexico is ranked 124 out of 180, this is a manifestation of the need for an ethical implementation of the correct compliance of the obligations of the business sector and good governmental practices to effectively implement such regulatory compliance. 

In view of the above, this text is intended to show a general overview of tools that support the ethical compliance of companies with respect to the obligations implemented by the Mexican State, with the intention of providing a possible basis on which to visualize the basic minimums of this compliance, in order to change habits of the culture of corruption within organizations. In addition to the above, there is a perceived need to make decisions and take actions to solidify the issue of compliance in a serious manner for the benefit of the organization and the society in which it operates. 

Method

For this text we have chosen the exploratory method, which is a type of research used to study a problem that requires to be observed in a general way and with this the exploratory method has been chosen for this text, which is a type of research used to study a problem that needs to be observed in a general way and thus visualize the tools that are available to understand the phenomenon of compliance for its implementation in Mexico. The exploratory method has the characteristic of being flexible, compared to other types of methods, and is functional when you want to understand a problem in a preliminary way, answering scientific research questions that start with what, why and how. 

It is important to point out that exploratory research is in charge ofmaintaining study guidelines to promote the development of a study that intends to deepen the understanding of new iusphilosophical topics  for a correct use and implementation (Zafra, 2006), as is the case proposed in this article, in which it is necessary to understand the topic of compliance so that it can be adequately attuned to the system of norms that Mexico has. 

An exploratory research maintains multiple characteristics that give it a great advantage to achieve a total understanding of a legal phenomenon, therefore, this method will allow us to define concepts and prioritize the points of view of various scholars on the proposed topic, in addition the method focuses on finding deep knowledge on the subject while maintaining a meaning on it in a concrete and innovative way, it has no obligatory segments which allows a perceptive and focused research on the proposed topic. 

Discussion and conclusions

Compliance is an anglicism aimed at the business sector, this anglicism means "compliance" and focuses on showing that companies comply with their own rules and are not penalized for non-compliance with the laws in force applicable to the line of business established by the entrepreneur. Compliance regulations oblige corporations to visualize the tireless fight against corruption as an internal function, and in this way the fact that they comply with their actions in the sense of the regulatory duty to be, it would be possible to deal with widespread corruption, since compliance establishes strategies for companies to adopt with a view to preventing it.

In the same vein, the International Organization for Standardization (ISO) has issued a set of international technical standards on the subject, starting with ISO 19600, which establishes guidelines for the implementation of compliance systems, and ISO 31000, which sets out technical guidelines for risk management in general. It has also adopted technical criteria for corporate social responsibility management (ISO 26000), sustainable procurement (ISO 20400) and bribery risk management and business ethics (ISO 37001), among others.

Therefore, it should be noted that companies in general subscribe and are certified under ISO with the intention of improving in the fulfillment of each of the aspects that make up the company, that is to say that they have the guideline of self-regulation for continuous improvement and thus contribute efficiently to its social purpose framed in its philosophy of business creation. 

Thus, it is the preventive review and proper application of the regulatory standards of the Mexican legal system that will provide the solidity in regulatory compliance that arises as a new topic for the proper development of corporate ethical compliance, for example, compliance with the regulatory framework in labor matters will provide stable working conditions for the employee; from individual to collective contracts if there is union representation; contract law in some sectors of the economy, and regulatory standards to prevent sexual or labor harassment within them; also the obligations of companies to the IMSS have a regulatory framework that must be complied with and addressed. 

Therefore, when a company is created through a corporate charter, it establishes its corporate purpose, which provides it with a framework of action and thus establishes its scope of action with respect to the rules that must interact in its regulation; however, in the specific case of Mexico, any company must understand and know the legal system in its entirety in order to adequately comply with the regulations. 

From the previous paragraph, a first criticism can be originated for the concept of compliance, since it was born under the tutelage of the criminal system, since in a traditional way compliance and sanction are thought of in a unified way, therefore, the concept was born through the application of criminal law by the intention of enforcing the legal canons through this branch of law. 

Compliance includes more than criminal matters, as it is applicable to all regulatory and ethical aspects in which a company may be related, both external and internal issues, integrating with it the related to financial, environmental, tax, labor, corporate and health law, which is why lawyers must know the legal science in an integral way, because business issues with a single act could be related to the aforementioned matters.

Due to the current comprehensiveness of the law that compliance requires, it can be deduced that the latter goes beyond a single regulatory understanding for its compliance, and can be controversial due to the fine relationship between the different legal edges that have been previously mentioned, since on many occasions omissions and ignorance of the requirements implied by the law are the elements that constitute the non-compliance that compliance in Mexico seeks to avoid. 

This new concept serves to know what are the possible risks, since compliance invites to carry out preventive reviews that can be originated in the companies and with it to establish good practices that work for the company in which it is acting, therefore the importance of understanding the functionality of a company with the various actors that make it work, to achieve solidify the functionality of the same. 

The origin of modern compliance is forged at the beginning of the 20th century in the USA with the creation of the first public regulatory agencies (Bucigalpo, 2021), since with the creation of these public security agencies in the United States, the idea of compliance in the USA is particularized.

With these creations, the regulatory and public supervision environment was created, and therefore regulated, which gave rise to a regulatory framework of business compliance so that the activities of this sector would have a backing and a compliance guide, as a new implementation model in the USA. USA. 

Therefore, through sof law, the term compliance arises, since it was linked to the framework of these standards and, particularly to good practice recommendations, taking as a pillar the principle called complain or explain, which means comply or explain; and it is about achieving an in-depth vision of recommendations for voluntary compliance that are standards established by governmental and non-governmental agencies or organizations in order that, in the private sector, companies incorporate the established recommendations or, if they do not, explain the reason or reasons that lead them not to follow such recommendations.

This included the incorporation of "good governance, accountability and corporate social responsibility (CSR) recommendations". In the 1970s and 1980s, business compliance rules evolved in a different scenario: the notorious political corruption, bribery and political party financing scandals that affected major companies and which reached their peak with the Watergate case. As a result of that scandal, the Foreign Corrupt Practices Act (1977) was passed in the USA, which incorporated requirements and prohibitions for companies and the private sector regarding bribery, books and records, as well as, for the first time, the concept of compliance, requiring transparency of annual accounts and prevention of corruption of officials. 

In the 1990s, new business risks linked to financial scandals became evident - the Enron, Tyco International, WorldCom, Siemens cases - which in turn gave rise to the Sarbanes-Oxley-Act (2002), establishing new accounting obligations and reforming corporate public accounting and investor protection requirements.

Bribery in transnational corporate economic transactions and financial scandals have provided a first scenario for business compliance: corruption and bribery of officials, political financing, accounting manipulations and lack of transparency. Aware of this scenario, international and supranational organizations are beginning to draw up conventions for the prevention of corruption. Based on the issues to be protected, the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (OECD 1997)2 , the Criminal Law Convention against Corruption (Council of Europe Convention No. 173) (1999), the United Nations Convention against Corruption (2004). In the same vein, the UK Bribery Act (2010) was created, which introduces, in turn, the criminal liability of companies and their managers for bribery of foreign officials and requirements of supervisory and control bodies. 

All these rules require the rule of law states to come closer to compliance in order to establish rules for the prevention and monitoring of corruption risks in business activity, which led to significant changes in legal standards through the legislative power in the field of legal disciplines such as commercial, administrative and criminal law of business activity. It can be seen how the evolution of the term compliance is transformed in relation to the activity of companies and the Anglo-Saxon legal culture with the primary objective of establishing internal control and supervision mechanisms, initially linked to the prevention of corruption, bribery of public officials and illegal financing of political parties. At the same time, in the mid-1990s, the aforementioned cases of companies linked to accounting scandals and the financial crisis highlighted the lack of control over the decision-making processes by the company's management bodies. The organization of the management bodies was regulated in an extraordinarily broad manner, leaving a framework of self-organization of corporate management with full decision-making power and no control and supervision of its actions. This opens up another requirement that should not only be limited to private companies, and a concept that helps is that of transparency, we are referring to corporate governance, known in the Anglo-Saxon world as "corporate governance". 

On the other hand, this provides a relevant task in the revision of corporate law and the implementation of good practice standards through the creation of rules generally known as codes of good practice or codes of good corporate governance for listed companies. This is where we can learn about the main recommendations for organization, monitoring and control of the company's activity, which, ultimately, is also part of a compliance program.

From the foregoing, it can be pointed out that the first reports that warned of this problem in Spain and by which the necessary good governance measures were studied in the framework of listed companies were the Report of the Special Commission for the study of a code of ethics for the boards of directors of companies (Olivencia Commission, 1998) and the Report of the Special Commission for the transparency and security of financial markets and listed companies (Aldama Commission, 2003). In 2006, the National Securities Market Commission (CNMV) incorporated the Unified Code of Good Governance of Listed Companies (the so-called Conthe Code, 2006) and, currently, the current Code of Good Governance of Listed Companies (2013, 2015, 2020). 

Based on the foregoing, the Code of Good Governance contains recommendations that are enforceable on corporations, which are defined as such in the Mexican environment, as well as the requirement to present an Annual Good Governance Report. In the same vein. Finally, in the Spanish legal system it is introduced or, better said, expressly mentioned, as we have pointed out, as of the reform of its Penal Code by including, through legislative thought, as a cause of exemption from criminal liability of legal persons.

 In Mexico, the penal code refers to compliance programs as models of organization and management of surveillance and control measures suitable for preventing crimes. Compliance programs are expressly introduced in a very specific and delimited area referring to crime prevention measures in the area of companies and other legal entities. Previously, there were already sectorial regulations - in the financial, banking and securities market sectors - that established express organizational rules for the supervision of business activity risks in relation to a specific business activity. infra. At present, it can be said that the institution of the figure of compliance has been a consequence of at least two causes: firstly, the absence or scarce existence of rules regulating the internal organization of private corporations and, secondly, also the insufficient governmental resources for an adequate model of public supervision of the risks of centralized business activity. As a result, the "supervisory models" have been "privatized", in the sense of transferring to individuals and companies a "duty of self-regulation" of the supervision and control of regulatory compliance and prevention of non-compliance, taking regulatory compliance beyond the scope of the public supervisory function itself. 

All of the above allows us to see that, in the first place, the notion of compliance arises in the context of private law companies designing and imposing, through their own capacities and regulatory frameworks, control and supervision requirements of the risks derived from their activity, i.e. companies have maintained a freedom to shape their own self-regulation with the objective of always complying with the visions and good practices of the rule of law. Secondly, it arises as a consequence of the need to demand higher and higher standards of internal organization from commercial companies, especially from the management bodies, as well as decision making in order to detect corruption risks and achieve greater transparency in the management of the administration. Thirdly, compliance requirements are reinforced as a consequence of financial frauds and the economic and financial crisis - Enron, Parmalat, Tyco International, WorldCom, Siemens, Lehman Brothers, Subprime, etc. - and it becomes, in the first instance, a set of soft law rules of good corporate governance - Codes of Good Corporate Governance - to quickly become "mandatory legal rules" for the governance of companies, duties of compliance.- and it has gone from being, in the first instance, a set of soft law rules of good corporate governance - Codes of Good Corporate Governance - to quickly become "legally binding rules" for the governance of companies, legal duties of supervision and internal risk controls within the framework of business activity that currently cover duties and risks ranging from commercial law, tax law, labor law, administrative law and even criminal law.

On March 5, 2014, the National Code of Criminal Procedures was published, which incorporated in its Article 421 the so-called compliance for companies, in relation to the possibility of attributing criminal liability directly to business organizations. Although the initial focus of the study was limited to the criminal area, compliance goes beyond: it is a comprehensive issue that requires compliance with regulatory and ethical standards both outside and inside companies.

Today's companies must comply with regulatory compliance in a number of areas covering financial, health, labor, criminal, environmental... in short, corporate compliance is a huge niche opportunity for those lawyers who want a change of mentality and performance, where doing the right thing is the rule, not the exception.

In the criminal miscellaneous published in the DOF in June 2016, the rules of procedure for legal entities and the federal crimes for which the criminal liability of the legal entity is applicable were specified. In this regard, there are two models of allocation to companies:

• Direct imputation or vicarious liability model. The company is responsible for the conduct of the individuals who make up the company
• Organizational fault charge model. Lack of controls within the organization.

Compliance in Mexican legislation

The purpose of thissubtopic is to give a very general overview of the normative establishment of the concept of corporate due compliance and its location in the Mexican legal system, with the intention of only superficially visualizingthe location of the main topic of this article and to visualize the legal strength of said concept in the Mexican legal system.

In the case of the criminal system, which was reformed as of 2008 in Mexico, a vision was incorporated regarding the criminal liability of legal entities that are constituted under the country's regulations, that is, with the objective of maintaining a strict vision in accordance with the legal parameters established by such regulations, always in accordance with the provisions of the Constitution.

For the above, the criminal system in Mexico established a spectrum of investigation not only on an individual basis, that is to say, of individual subjects, but also expanded the scope of investigation to legal entities, in the sense that legal entities can be charged if they are directly responsible, in this sense we can say that legal entities, under this new condition, are responsible for the acts they develop and therefore affect any legal sphere of the persons who are alleged as victims in a criminal proceeding.

According to the above, it is important to emphasize that the sense in which criminal law visualizes criminal liability under the spectrum of the concept of compliance goes beyond the individualization of the penalty, when this liability is committed by a group of people and this implies determining what was the action of each one, this action forced criminal law to punctuate the corporate action for those who commit the act, this situation disappears with this new vision and becomes concrete in establishing a responsibility under the concrete action of the company, and determining a criminal responsibility for the moral person, which makes us see that a moral person can violate legal spheres of the persons for not following its determined social purpose. 

A new dimension has been established in the new criminal visions in the Mexican legal system, this concept is defined as "self-responsibility" and allows an accusation to the collective entity in an autonomous and direct manner, without requiring an individualized charge, when it is determined that the legal entity circumvented and violated the legal provisions of the criminal law. 

In addition to the above, the new ways of imputation are based on a defect of business organization, that is, on the lack of a due control of criminal risks within the collective entity, which could generate the conditions to consider that the operation of the legal entity shows a deficit of fidelity to the law with special reference to the criminal field. Therefore, it is possible that the legal entity could be punctually subject to the imposition of one of the legal consequences contemplated in the Mexican legal system, ranging from a fine, given by a judicial intervention, to the closing or dissolution of the collective entity, without prejudice to the criminal liability that may be incurred individually by certain members of the company.

Corporate crime prevention

The Mexican State maintains the legal conditions to build an accumulation of proposals to create a model of prevention of acts that may be configured as illegal acts in the light of Mexican legal regulations, since with the innovative visions of business law, the possibility that legal entities may commit crimes can be glimpsed, and with this it is necessary to establish a catalog of good practices that allow avoiding the acts mentioned herein that may result in a crime, observing federal conditions.

The above provides us with the need to be competitive for the global corporate world, through preventive actions that manage to maintain the daily business acts as elements of duty to be, that is, in a correct sense with strict adherence to the rules and requirements that it establishes for the development of these acts. 

Now, not only Mexican legislation contemplates the legal phenomenon that we have discussed in this text, since it is a new topic that is gradually gaining relevance and is observed from a vision of international legal spectrums, promoting the due exercise for compliance with good business practices for the regulatory purposes of the rule of law. 

Based on the above, companies have designed solid corporate governance with maximum quality standards with the aim of covering with social responsibility, because the lack of good corporate governance generally causes a disorder that limits or reduces the generation of value to a company (Cascón, 2019), the above is justified by the fact that with the lack of corporate governance, executives could perform actions contrary to the due ones, for example accepting bribes, deceiving the shares by a bad accounting record, i.e. reporting a false accounting, this because there is no due control over such management, giving the possibility of the same. 

In general terms, and according to Governance (1992) we can say that a corporate governance is one with a primary responsibility and it is an element of the company that tries to be able to direct and control the companies through guidelines that allow choosing directors and auditors in order to have an adequate governance structure. 

Following Governance's proposals, the attributes that good corporate governance should have are defined: 

1. A clear description of the rights of shareholders and other stakeholders. 
2. Clearly identified and measurable responsibilities of management and the board of directors.
3. Transparency and accuracy in reporting and disclosure. 
4. Fair and equitable treatment in transactions. 

Therefore, and according to Cascón (2019) points out the following: "While over time corporate governance has developed and improved, there is always a need for continuous improvement. An example of such improvements is the current confluence of three disciplines: Corporate Governance, Risk and Compliance (GRC)".

In view of all the above, we can contribute and define that corporate governance is the system by which companies are directed and controlled, responding responsibly to shareholders, through the board of directors, which is the main responsible for its management with the objective of complying adequately with the guidelines set by good practices to be in accordance with the ethics of compliance. 

As mentioned above, since this topic has been recently adapted to the Mexican business environment, the ideas it provides are innovative. For this reason, it is feasible to affirm that a minimum number of companies have objectives, manuals or points to follow to ensure solid compliance in business management, thus generating a great risk for the company because any member of the organization could commit an act in violation of good compliance practices. According to López et al. (2022), the following are basic components for the application of compliance in criminal matters: 

1. Organizational review: It consists of an audit revealing responsibilities in the company, division of labor and reporting chain, providing a report with risk catalogs in which the risks that the company may particularly incur in relation to its activities are located.

2. Risk diagnosis: Based on the organizational review, each risk is explained in relation to its generation and the factors involved.

3. Elimination of risks: Once the company's particular risks and the factors that generate them have been identified, they are eradicated or reduced.

4. Protocolization: The process to avoid, eradicate or reduce risks must be described in systematic operating procedures manuals.

5. Training: The manuals of procedures for the eradication, reduction and management of risks must be informed to the personnel through courses and workshops.

6. Evaluation: The practice of adequate procedures for the operation of the company's activities, as well as those for forecasting and management, must be constantly evaluated, quantifying their efficiency.

7. Supervision: The correct operation of the company, as well as compliance with risk prevention and management programs, must be constantly monitored.

8. Receipt of complaints: Compliance programs should have a procedure for reporting or whistleblowing on infringing or negligent activities.

9. Sanction and awards: Compliance and non-compliance with risk management and forecasting programs should be recognized or penalized.

10. Update: Compliance programs should be reviewed periodically in order to determine and implement changes and improvements according to the dynamics of the company's activity and the innovations that have arisen.

11. Compliance Officer: For proper compliance with risk prevention and management programs, one or more persons must be appointed to be in charge of their implementation, review, supervision and improvement (Ontiveros, p. 23).

Theories of corporate governance. 

Through the vision of Cascón (2011, p. 48) he points out that the theories found around the topic of corporate governance seek to explain, understand and help resolve a series of dilemmas, controversies and conflicts that arise in the implementation of corporate governance.

The principal-agent theory. In this theory, the principal agent is established as the problem, which is defined as the challenge of motivating the agent or acting in defense of the principal's interests, not one's own. In the case of corporate governance, it is a question of how to ensure that the company's managers and directors act in the best interests of the shareholders or owners, placing those interests above others that may arise from the ethical conflict between duty and desire. 

Larckner and Tallan (2011) suggest that corporate governance is a system of checks and balances that enable organizational control and an optimization of agency cost. On the other hand, Shleifer and Vishny (1997) emphasize that one of the reasons why corporate governance exists is the principal-agent problem, raising fundamental questions such as: 

why should the owners trust the company's managers?

wouldn't the temptation be too great to make decisions that suit them and not the owners?

how to manage the asymmetry of information between managers and shareholders, without prejudice to the latter?

The theory of information asymmetry. George Akerlof (1970) published research on the used car market in the United States, in which he analyzes the behavior of a used car salesman who knows that the car for sale has a defect, but conceals it from the buyer. This difference in knowledge was called information asymmetry, and since then economists use this expression when one party has more information than the other and does not disclose it, trying to benefit from this additional knowledge. 

In view of the above and by way of conclusion, the following recommendation can be made in order for compliance in Mexico to be more solid:

1) Strengthen Ethics within the companies, in order to point it out as a habit of each of the collaborators of the same within the business organizations, this element aims to ensure that the behavior is ethical inside and outside the workplace, avoiding incurring directly in crimes, or indirectly, i.e., by complicity or omission.

2) We are at a crucial point for companies, so that Compliance in Mexico must be understood from the perspective of a culture of reporting, transparency, integrity and good faith, as this would ensure that the reporting channels and Ethics line are enabled, which will provide higher levels of confidence, especially if such channel is operated by a third party that guarantees impartiality, anonymity and confidentiality.

3) Compliance has been born under a trend or perspective based on criminal issues, so it has been a constant need to legally prosecute according to the criminal code when a crime is committed under the business behaviors, however, the structure of criminal law is not the only one that could be used with the effect of solving business complications, but we could rely on other branches of law that allow solving the problems that original these complications in compliance, it is necessary to take specific actions and according to the law to not perpetuate the impunity of the criminal act, and mitigate all forms of violence and crime.

Conclusion

Based on the above, Compliance, as a novel perspective of corporate systematization, finds a niche of opportunities in the legal prevention of possible crimes, whether committed culpably or maliciously. Within this text, several theories were categorized, which doctrinally become relevant in business practices, and which provide a normative and structural outline in the actions of the actors involved in such practices. It is the duty of academics, government and businessmen to provide tools for a transparent and adequate management of business participation.

References

Bacigalupo, S. (2021). Compliance. Eunomía. Revista en Cultura de la Legalidad, 21, 260-276. https://doi.org/10.20318/eunomia.2021.6348

Cascón, J. I., (2019). Gobierno Corporativo, Riesgo y Cumplimiento.Own publishing house.

López, R. E. C., Gallardo, N. B., & Balderas, A. S. C. (2022). Criterios mínimos del compliance en la legislación penal en México. Enfoques Jurídicos, 5, 67-83.

Ochoa L., Gabarró D., (2018) Compliance. Una visión ética de la empresa. Boira.

Ontiveros Alonso, M. (2018). Manual Básico para la elaboración de un criminal compliance program. Tirant Lo Blanc.

Transparencia Internacional. (2021) Índice de percepción de la corrupción. https://www.transparency.org/en/cpi/2021/index/mex

Zafra Galvis, O. (2006). Tipos de Investigación. Revista Científica General José María Córdova, 4(4), 13-14.