Criminal risk and adjustments to corporate Compliance

 Professional related: Claudia Aguilar , Gabriel Calvillo   |      April 7th, 2020

Criminal compliance, protection of personal sensitive data and anti-corruption implications arising from the federal and state Administrative Orders issued in connection with the SARSCoV2 virus disease epidemic ("COVID-19")

The Action Guide for Workplaces and the Administrative Orders published by the Federal Government on March 24, 27 and 31, 2020, in the Official Journal of the Federation ("Administrative Orders"), establish preventive measures and extraordinary actions for the mitigation and control of contagion risks and the protection of personal sensitive data pertaining workers' health in relation to the COVID-19 virus. These measures and actions are relevant under the National Criminal System and should be of particular interest for Compliance Officers in private sector corporations. Business obligations arising from the National Criminal System Articles 11 BIS Section A fraction XIII,199-BIS and 400 fractions II, III and V of the Federal Criminal Code, as well as Article 421 of the National Code of Criminal Procedures, impose on all private corporations the obligation to implement organizational controls to prevent, by all lawful means at their disposal, the comission of the crime of risk of contagion of a serious disease in an infectious period, which is known to be committed or is being committed, and provide harsh penalties for the corporate cover-up of such activities. The crime of risk of contagion is established in article 199-BIS of the Federal Criminal Code, as well as in most state criminal codes. Criminal penalties are provided for individuals who, knowing that he or she is sick with a serious illness in an infectious period, endangers the health of another or others. From this text we highlight the corresponding legal obligation of all companies to prevent the crime of risk of contagion in the workplaces, as well as the criminal liability incurred by companies for breach of this duty, as well as its managers and executive officers who help or agree to help employees to carry out activities involving this crime.

In the context of these provisions and in the face of the contingency of COVID-19, it is important to bear in mind that the Federal Criminal Code contemplates the actions to be carried out permanently by the Compliance Officers of private sector companies now directed to verify conformity with the Administrative Orders issued by the health authorities. This function is central to monitoring internal policies to prevent the crime of risk of contagion and to reduce damages that may result from it. For all this, it is necessary for corporations to identify the activities in the workplace in which a risk of COVID-19 contagion may arise, and implement preventive, control and mitigation measures. Federal authorities have already qualified this risk as very high, both, in probability of occurrence, and in the impact on human health. The Work Centre Action Guide issued by the Secretariats of Health and Labor and Social Welfare ("the Guide") is particularly important for this purpose as it identifies four levels of risk due to the closeness of the worker with infected persons, or the level of repeated or extended contact with possible sources of contagion due to his work. In addition, it provides elements to identify vulnerable working populations due to conditions beyond occupational risks. One way to implement these important actions and meet the criminal obligations of private companies efficiently, is to follow the methodology of the UNE 19601 standard for criminal compliance management systems, which contains the requirements and guidance for its use. The strategy and the action plan contained in the Guide and the preventive measures and extraordinary actions for the mitigation and control of COVID-19 contained in the Administrative Orders, should be linked to this standard as mandatory. The implications of non-compliance with the organizational control necessary to prevent the risk of contagion in workplaces may result in adverse consequences for workers and users of business services, thus posing a very significant corporate criminal risk because of the harsh sanctions provided for by the National Criminal System for infringing companies.

Protection of sensitive personal data The protection of sensitive personal data is also relevant under the Federal Criminal System. Article 3, Section VI of the Personal Data Protection in Possession of Individuals Act ("LPFPPP"), considers all information concerning aspects of a person's present and future health status as sensitive personal data. In this regard, Compliance Officers shall take necessary measures to ensure that the information is properly managed as sensitive data subject to legal protection, when collected in the workplace during the implementation of access health security filters used for workers and customers, in cases where employees are sent home when respiratory diseases or any of the symptoms of COVID-19 contagion occur, as well as when an employee diagnosed with COVID-19 is separated or subject to restrictions. The express written consent of the data holder must be obtained to process or transmit the information to third parties, using a hand stamped or electronic signature, or any authentication mechanism established for this purpose. Databases containing this information may not be created without legitimate and concrete purposes in line with the Administrative Orders. The processing of the information that is necessary must be adequate and relevant in relation to the purposes provided for in the respective privacy notice, and the period of processing of this information should be limited in order to be the minimum indispensable. Obligations under the National Anti-Corruption System for Donations and Actions of Corporate Social Responsibility Voluntary economic and material contributions made in order to support federal, state, and municipal governments in the context of the COVID-19 contingency as corporate social responsibility (CSR) actions, are commendable. However, Compliance Officers should take into consideration the National Anticorruption System regulations. In particular, conflict-of-interest prevention mechanisms relevant to the General Law on Administrative Responsibility ("LGRA") and the federal and state criminal codes should be applied.

Compliance Officers must ensure that these altruistic contributions address the strategies, control and audit measures provided by the integrity standards of each organization and follow the Codes of Conduct and Integrity Policies provided for in Article 25 of the LGRA. Mechanisms that ensure at all times the transparency and publicity of interests and guarantee the legitimate purpose of contributions should also be implemented. Compliance with the crime control, protection of sensitive personal data and prevention of conflict of interest obligations, must be duly documented by Compliance Officers in anticipation to possible information request and enforcement actions by federal or state authorities. The organizational and criminal control measures mentioned above, shall be implemented in addition to the sanitary measures established by the authorities.

Download PDF

Professional Related