05 / 30 / 23

Artificial Intelligence & Cybersecurity, key players for Corporate Compliance’s strengthened.

MEXICO CITY, MEXICO, May 30th, 2023It is important to be following regulations and exploring how to improve and make a sustainable compliance.

The dynamism of the Mexican market urges the corporate sector to reinforce an essential practice for a better performance: compliance.

In that sense, José Gerardo Vázquez, partner at SMPS Legal, finds it particularly relevant to pay attention to the demand for strengthening compliance programs in areas such as:

  • Risk assessment. 
  • Design of flexible compliance programs. 
  • Training and socialization in a 360° of the compliance programs. 
  • Effective whistle-blower hotlines, handled with confidentiality and objectivity. 
  • Reputational and anti-corruption due diligence, in case of potential suppliers and/or clients and with a trust perspective for collaborators who manage assets and inventories. 
  • Guidelines for investigations and sanctions through policies and codes linked to internal work regulations.

Vázquez, who specializes in promoting ESG guidelines, stated that in addition to the nearshoring, there are two factors that have been an influence in the reinforcement of this practice, the AI and the development of cybersecurity.

“The cybersecurity in connection with managing information with the current risks, that is, with more employees working remotely and the excessive use of digital platforms, social media and other kind of apps or tools that may be considered red flags. In regard to the AI, this is tangible in carrying out certain tasks by employees, without processes or policies about on its use and legal risks that may arise from not understanding the scope and the responsibility that comes with its application without an appropriate supervision and control”, he explains.

Here below, José Gerardo Vázquez, leader of the Compliance and ESG practice at SMPS, explains what the demand for this reinforcement in the field consists of and offers key recommendations for its development. The lawyer is committed to providing a focused response so that compliance can mature and become sustainable.

For companies that are in the process of reviewing their compliance programs, how do you measure the effectiveness of compliance programs?

There are several ways, for me, I have always used two of them and really illustrate the effectiveness of the programs.

On one side, the trend in the number and issues reported or denounced in the whistle-blower hotline, that is, through the indicators, allows us to analyze what, when and where more facts are reported and of what nature they are. Over time, when a program is effective and the culture permeates the entire organization, this is reflected in the hotline.

On the other, we can also measure effectiveness through internal audits, both by the audit team and the compliance team. This is recorded in the annual reviews of the processes for suppliers, collaborators, and customers, in which it is identified, among others, that they have due diligence depending on the activities to be performed. In addition, having the signature and execution of the corresponding contract and that it includes specific clauses on compliance. To have a review of the work performed and material deliverables and that all payments for fees, considerations and expenses match the quotation and prices of these services in the market to avoid disguised payments that could be contrary to the law or best practices.

How to articulate a strategy that optimizes its execution and performance?

I believe that for a compliance program to thrive and sustain itself effectively, it must include the following elements in its strategy:

  • Tone at the top: i.e., the commitment to compliance, respect and integrity must come from the top management of the organization. 
  • Flexible program, the compliance program in the organization must be adapted to the needs and changes in the market, it cannot be rigid, as circumstances arise on a daily basis that require prompt and effective attention. 
  • Compliance program specific to the organization, i.e., aligned with the business strategy as a tailor-made suit. 
  • Ongoing training of the compliance program to all employees, at all levels, as well as to key suppliers depending on the services they provide. 
  • Monitoring and auditing in all its components. 
  • Partnership with the legal area of the organization for the management of specific situations and risk inputs. 
  • Promoting the benefits of responsible use and effectiveness of the whistle-blower hotline.

What regulatory frameworks – labor, tax, customs, foreign trade, environmental – are driving the review or improvement of compliance programs?

This will depend on the industry, considering that there will be regulations that apply to some organizations and not to others. For me, since the last five years, are the labor and tax matters that are constantly being reformed, contemplating that the key collaborators of the organizations have the capacity to understand and adapt to their compliance. For a more complete overview, I would include the due diligence of the regulatory framework in customs and foreign trade matters.

What are the industries that are facing the greatest challenges in this area? What are these challenges?

Challenges may range depending on the specific regulations of each industry and the particular characteristics of its operation. Some of the industries that typically face the greatest challenges are:

  • Financial sector: their challenges include compliance with anti-money laundering regulations, financial risk management, cybersecurity and data privacy.
  • Pharmaceuticals and healthcare: challenges include compliance with good manufacturing practice regulations, drug safety and efficacy standards, protection of patients’ personal data, and promotion and advertising regulations.
  • Energy and environment: face difficulties with environmental regulations, including pollutant emissions, waste management and protection of natural resources and safety in the exploitation of energy resources.

These are some examples of industries that face significant compliance challenges. It should also be noted that each industry may have specific challenges related to its operations and specific sector regulations.

Finally, what are the best practices in this area that have been developed over the last year in Mexico?

From an in-house point of view, i.e., what the organizations have done internally, they are the following:

  • Risk-based approach, the higher the risk, the more resources invested. 
  • Strengthening of the ethical culture, more emphasis is being given to the promotion of an ethical and compliance culture within the organizations. 
  • Use of technology and automation as automation tools in compliance programs. 
  • Integration of ESG into compliance, as organizations are recognizing the importance of sustainability and social responsibility in their compliance programs. 
  • However, to really have a culture and conviction of compliance in organizations, the lack of government accountability must cease. It is important to continue emphasizing our analysis and reflections that point to the fact that corruption, unfortunately, has not decreased either in perception or in its indicators. In my opinion, this is the missing piece.

The full article was made in collaboration with Lexlatin, and you can find the original article in Spanish herein: https://lexlatin.com/entrevistas/inteligencia-artificial-ciberseguridad-compliance 

All the information placed in this article and the rights of distribution belongs to @Lexlatin. 

More Articles

Related Practice Group

Compliance & ESG


José Gerardo Vázquez