LiabilityLiability of undertakings
What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?
Members of the board of directors and administration have a duty of care and of loyalty toward the company. As part of this duty, they must disclose conflicts of interest and recuse themselves from participating in decisions in which they have a conflict of interest. If they fail to do so, they are liable to the company for any damages caused. Directors and administrators are liable for the value of the capital contributions made by shareholders, for dividends, for accounting, control, files and other information required by law, and for the fulfilment of shareholder resolutions. They must also report any breaches of duty of care or loyalty to the auditors or be jointly liable with the directors at fault. If shareholders representing 25 per cent or more of the corporate capital of the company agree, they may sue the directors in the name of the company.
Do undertakings face civil liability for risk and compliance management deficiencies?
Yes. When companies fail to comply with legally established regulations, they can be civilly liable for any damages caused to third parties owing to their lack of compliance. For example, if a mining company does not follow safety standards (NOM-032-STPS-2008, NOM-023-STPS-2012) it may be liable pursuant to the federal or state civil code for any harm suffered by third parties or employees. In another example, a company that does not maintain proper risk and compliance management of the performance of its employees will be unable to demonstrate just cause for termination and, therefore, be liable for severance payments that would otherwise not be due.
Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?
Yes. As discussed above, as of July 2017, under the General Law of Administrative Responsibilities, legal entities may be subject to corporate administrative liability when acts related to serious administrative offences are committed by individuals - either employees or third-party representatives - acting on behalf of the entity. Sanctions for corporate entities include double disgorgement or, even if there was no proven tangible benefit, sanctions can include fines of up to the equivalent of US$6.5 million. Corporate entities can be sanctioned by up to 10 years’ debarment from participating in public procurement, suspension of the entity’s activities or even dissolution of the corporate entity. Because the General Law of Administrative Responsibilities was recently fully implemented, there is no track record yet on the criteria that the administrative courts may use to evaluate compliance programmes or integrity policies nor guidance by the enforcement authorities on how they may use evidence of compliance programmes in decisions on whether or not to bring enforcement actions.
Lack of risk and compliance management in relation to regulations for specific industries will expose companies to liability for fines and other sanctions.
Do undertakings face criminal liability for risk and compliance management deficiencies?
Yes. As discussed above, under Mexico City and the Federal Criminal Code, when a person commits a crime for the benefit, account, in the name of, or using means provided by the company, and the company has not implemented ‘proper controls’, the company will be liable for the crime, along with any individuals who may be liable. The concept of proper controls is not defined by the law, nor is it clear how judges have been or will interpret the requirement that their absence be proven as an element of the criminal liability for companies. Although criminal proceedings are now open to the public under the 2011 criminal procedure provisions, the files are only available to victims and defendants, so legal professionals only have access to rulings on an anecdotal basis.Liability of governing bodies and senior management
Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?
Not unless they have breached their duty of care or loyalty.
Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?
Not directly unless they have breached their duty of care or loyalty.
Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?
The Mexico City Criminal Code divides criminal liability in companies between high-ranking officials, for which there is strict liability for the company, and lower-ranking employees, for whom the prosecutor must prove a lack of proper controls. For the strict liability cases, it is almost inevitable that at least one of the administrators will have committed acts sufficiently related to the criminal liability that the administrator will be liable criminally as well. This liability would not be for breach of risk and compliance management obligations. It would be for independent criminal acts. However, in the second case, where proper controls are not established, the law does not establish criminal liability for directors or senior managers in the absence of mens rea of their own.