In recent years, the regulatory and business environment has changed at an accelerated pace, both in Mexico and globally. What was once considered a recommended practice is now an unavoidable requirement. The main reason is that authorities, investors, and commercial counterparts no longer limit themselves to demanding formal compliance with the law: they now expect companies to have solid, dynamic compliance programs that can demonstrate effectiveness in practice.
In Mexico, corporate criminal liability is no longer a theoretical risk but a tangible reality. Article 421 of the National Code of Criminal Procedure and Article 11 Bis of the Federal Criminal Code establish that a company can be criminally sanctioned if it lacks adequate control mechanisms. Until recently, however, these provisions were interpreted narrowly, as Article 11 Bis contemplated a closed list of offenses. Within that framework, companies faced a relatively limited scope of liability and could assess their risks with greater certainty.
That perception changed dramatically with the Supreme Court of Justice ruling (Primera Sala, Leonardo Poblete vs. UBS, April 30, 2025). In this decision, the Court declared unconstitutional the requirement by local codes to maintain a closed catalog of crimes, meaning that any criminal conduct—including workplace discrimination—can trigger corporate liability if it is proven to have occurred for the benefit of, or under the authority of, the company. Moreover, the Court clarified that a compliance program cannot merely exist on paper: it must be effective and implemented in practice. A company may be held liable even if it has an integrity program in place, provided that it is deficient or disregarded, since a crime committed by a subordinate for the organization’s benefit will generate liability if there is evidence of a lack of proper internal control or supervision.
As a Supreme Court precedent, this interpretation is binding on all judges across the country, significantly increasing corporate exposure nationwide. It also places corporate governance bodies and executives under scrutiny, given their duty to oversee the real implementation of compliance programs. The consequences go far beyond the legal sphere: criminal proceedings may result in loss of access to international contracts, supply chains, and financing, turning compliance into a strategic element of competitiveness as well as a legal obligation.
The international landscape reinforces this trend. In the United States, the Department of Justice (DOJ) considers the quality of corporate compliance programs when determining whether to pursue criminal action, the size of fines, and the potential imposition of external monitors. In recent years, U.S. authorities have shifted their emphasis from focusing exclusively on corruption under the Foreign Corrupt Practices Act (FCPA) to increasing enforcement of financial sanctions and national security measures, in coordination with the Office of Foreign Assets Control (OFAC) and anti–money laundering programs.
Recent examples illustrate this clearly. In June 2025, the U.S. Financial Crimes Enforcement Network (FinCEN) identified CIBanco, Intercam Banco, and Vector Casa de Bolsa as “primary money laundering concerns” linked to fentanyl trafficking, prohibiting U.S. banks from conducting transactions with them.
In addition, the recent designation of the Sinaloa, Jalisco Nueva Generación, and Gulf cartels as Foreign Terrorist Organizations (FTOs) underscores the extraterritorial compliance risk. This classification means that any act that could be interpreted as “material support” to these organizations may generate severe legal and financial consequences, even for Mexican companies operating legitimately in territories where these groups exert influence. The risk is particularly acute due to widespread practices such as extortion and forced payments for “protection”: a payment made under coercion could be interpreted by foreign authorities as indirect collaboration or financing of terrorist organizations. What may be considered survival in Mexico could, abroad, be treated as a serious legal violation, with sanctions that include exclusion from the global financial system.
Added to this is pressure from the market and society. Institutional investors, private equity funds, and multinational business partners now require anticorruption policies, environmental, social and governance (ESG) risk management, as well as certifications aligned with international standards such as ISO 37001 (anti-bribery), ISO 37301 (compliance management systems), or UNE 19601 (criminal compliance).
In this context, having a robust compliance program is critical for four reasons:
In conclusion, compliance is no longer an accessory or optional expense: it is a strategic safeguard against legal and reputational risks, a requirement for doing business both in Mexico and abroad, and an investment that protects the long-term value of the company. The cost of not having it far exceeds the investment required to implement it. In an environment where trust is capital, compliance has become the common language of authorities, investors, and business partners: those who fail to speak it are left out.
Awards
.svg){kind=small}
