From a processes standpoint, the study "Human rights due diligence in human rights and compliance processes" addresses one of the discussions that is beginning to appear more frequently in the private sector: the use of existing mechanisms in business practice - especially compliance processes - to comply with the responsibility to respect human rights.

Compliance processes arose from the premise that corporate action is necessary to combat the corruption that seriously affects modern societies. Thus, such processes are corporate tools for the preventive management of corruption risks, including their identification, evaluation and mitigation. It has two main purposes: to prevent the omission in the fulfillment of legal obligations, through the autonomous control of the conduct of its employees, agents and business partners; and to mitigate the legal responsibility for the commission of economic crimes.

The emergence of contemporary compliance processes is the result of the juncture between regulatory evolution and internalization by the business sector. Regulatory developments at the national and international level show the trend to include corporate self-regulation strategies for the deterrence and prevention of corruption, in complementarity with the criminalization of acts of corruption in general and bribery in particular. Thus, the logic of compliance processes was geared towards the objective of evaluating the measures taken by the company to prevent illicit acts. In addition, the intention of the business sector to develop responsible conduct schemes led to the expansion of the spectrum of anti-corruption compliance process models to include not only compliance with legislation, but also with internal policies of ethical conduct.

Consequently, companies have generated different models of anti-corruption compliance processes. The research argues that each model bases its structure, programs and level of permeability in corporate governance on the objective that the company intends to achieve, for example: comply with a legal requirement, mitigate risks or generate a culture of ethics within the company. This study warns that having compliance processes in place does not guarantee that acts of corruption will not occur and that their implementation is not a single solution to the problem of corruption. However, it allows the company to autonomously manage the way in which it deals with its risks and their materiality in long-term corporate performance.

In this sense, the research by Humberto Cantú Rivera and Laura Esparza García points out that the multiplicity of business models and contexts in which companies operate increases the spectrum of elements that the compliance process must consider, as well as the challenges to make it effective (such as the lack of risk identification in the supply chain, the lack of personnel to interpret the results of the evaluations, the production of information in silos, the lack of coherence between the design of the process and its implementation, among others).

The document has forewords by:

Alejandro Encinas, Undersecretary for Human Rights, Population and Migration of the Ministry of the Interior; Martha Delgado, Undersecretary for Multilateral Affairs and Human Rights of the Ministry of Foreign Affairs; Martha Herrera, Director of Social Impact of CEMEX and President of Global Compact Mexico; and Alejandra Ancheita, Executive Director of Project of Economic, Social and Cultural Rights (ProDESC).

Recommendations for companies

• Develop staff capacities to identify risks from a human rights perspective, in order to facilitate their understanding and preventive action in specific cases.

• Redesign compliance models and/or processes so that, instead of being limited to a regulatory compliance scheme, they include stages of risk assessment, implementation and monitoring from a human rights perspective. Also, establish mitigation measures when appropriate, which are addressed transversally in the company's organization, activities and business model. The redesign of compliance processes should include evaluation and continuous improvement mechanisms that identify and address failures or omissions in a timely manner.

• Conduct the identification and analysis of legal risks beyond the risk to the company, to include the adverse impacts that may occur in other persons or groups as a result of the business activity. To this end, it will be particularly important to encourage regulatory compliance analysis to include field work to collect and analyze information on the risks that the company may generate for other stakeholders. This should include approaches focused on the rights potentially violated, as well as the voices of workers, communities and groups.

• Participate actively in discussions with different stakeholders regarding the implementation of human rights due diligence in business activities, as well as in the eventual processes of regulatory development on the issue at the national and international level.

*This is an edited English translation of the original executive summary found below.

Read full report and executive summary (in Spanish):