STRENGTHENED BY
We created Baluarte Minero, a virtual structure within Peñoles to coordinate and provide technical and administrative services to the mining, metals and chemical businesses, which will enable us to exploit synergies and become more competitive. This new structure positions us better to face the daunting challenges of a changing environment.
Baluarte Minero
To enhance our operating and administrative efficiency and our agility and resilience going forward, in late 2020 we undertook a transcendental change at Peñoles, sustained by three pillars:
The last pillar sustains the creation of Baluarte Minero as an independent virtual unit within Peñoles, which will group together and reorganize the functions and structures that provide shared services, both technical and administrative, to Peñoles and Fresnillo plc. Baluarte Minero will supply the above mentioned services, without any authority over the operations of Peñoles and Fresnillo plc.
This new structure takes effect on January 1, 2021, and its CEO reports directly to the Chairman of the Board of Directors of Industrias Peñoles.
The composition of Peñoles’ senior management team starting January 1, 2021 is shown on page 97 (PDF) of this Annual Report.
Understanding the risks and challenges we presently face is key to strategic decision-making. Peñoles identifies, evaluates and prioritizes compliance risks based on their importance and probability of occurrence, in order to reinforce its mitigation strategy, bolster the company’s reputation and create long-term value. This requires continuous improvement of decision-making processes and compliance management systems, as well as the implementation of measures to strengthen transparency and ethical business dealings. The core principles of our compliance program are abiding by internal and external rules and regulations, recognizing risk early, exercising social responsibility with our stakeholders and maintaining open communication about corporate integrity issues.
Code of Conduct
Our Code of Conduct is a guide to the expected behavior in our day-to-day activities and interaction with our stakeholders. It gives us a foundation for informed decision-making consistent with our institutional values, and provides the conceptual tools we require to resolve questions or conflicts of interest.
In order to face the challenges of today’s world with all its new paradigms, we updated our Code of Conduct in 2020. At the same time, we restated our commitment to the integrity of all employees through our "Virtual Campus" internal technological platform, in which 100% of our associates participated last year. We also reinforce and encourage employees to internalize key concepts through the following initiatives:
New procedures
Through the Internal Compliance system, we updated the following policies and procedures to adapt them to the current reality in Mexico and the rest of the world:
Analysis and management of compliance riks
Peñoles identifies, evaluates and prioritizes compliance risks to strengthen its mitigation strategy based on an analysis of current risks and challenges.
During the year we created a Comprehensive Risk Model for identifying vulnerabilities in critical business processes. We will continue the work of strengthening the model and identifying critical processes that must be analyzed from a risk approach, in order to determine whether, within these processes, situations of non-compliance might arise.
Conflicts of interest
One year ago we set ourselves the task of analyzing cases with high probability of causing conflicts of interest based on the personal and business relationships disclosed by our employees. In 2020 we developed a methodology for analyzing and mitigating such situations based on the information supplied by employees in their recommitment to integrity. We will continue to work on defining actions to mitigate and prevent the situations identified from occurring.
Due diligence from a risk-based approach
We introduced a new process of third-party due diligence from a preventive approach, based on an assessment of the third-party risk. This process evaluates the transactional profile of the parties with whom we do business and their classification into certain segments according to the nature of their operations and risk for the business relationship. Likewise, it will allow us to thoroughly analyze critical transactions and establish tracking or mitigation measures.
Third-party verification
During the year we worked on developing a Shipper Verification System to provide more information on the parties with which Peñoles has commercial relations. We developed a process for objectively quantifying the risks of these parties, based on regulatory frameworks and the applicable internal and external standards—the Third-Party Due Diligence Procedure, the standards of the London Bullion Market Association (LBMA) and the Organization for Economic Cooperation and Development, as well as the Mexican federal anti-money laundering law. We can also use this system to ensure that strategic partners follow good commercial practices and share our commitment to a culture of corporate integrity.
As a result, we introduced the following best practices, focused on improving controls to ensure a conflict-free supply chain:
Third Party Code of Conduct
Aware of the risks inherent in all interactions with companies and individuals outside the company, we developed a Third Party Code of Conduct for distribution in 2021. This document expressly outlines the conduct we expect of our business partners, as a first step in initiating and maintaining any commercial relationship with Peñoles. The document is intended to ensure that every interaction with such partners is firmly grounded in corporate integrity, guaranteeing a responsible supply chain, protection of the environment, a proven commitment to occupational healthy and safety and respect for human and labor rights. It also provides guidelines on asset protection, intellectual information and property, and mechanisms to ensure compliance with the Code, including guidance in the event of any questions.
This external Code of Conduct is consistent with internationally-recognized rules and standards like the United Nations Global Compact, the basic conventions of the International Labor Organization and business responsibility guidelines issued by the OECD and the UN.
Whistleblowers' hotline
In 2020, we further strengthened our systems for receiving and addressing reports of actions that violate our Code of Conduct through the Correct Line, an institutional channel available to our employees and other stakeholders.
Our key actions in this regard were:
For more information about the results of Correct Line, see our 2020 Sustainable Development Report.
Money laundering prevention
Peñoles has a set of standing mechanisms to prevent exposure to money-laundering and terrorism financing, and will not do business with any third party that might use our company as a vehicle for incorporating illegal resources into the formal economy.
Peñoles took the following preventive and remedial actions to address existing regulatory requirements:
Regulatory compliance
We conducted an exhaustive review of external compliance—laws, regulations, official standards and others—in Peñoles business units and workplaces, focusing on the eleven most critical issues to our operations: the environment, health, industrial safety, union relations, human resources, taxes, telecommunications, civil aviation, mining, energy and agriculture. In this regard, we analyzed a total of 3,129 obligations that currently apply to the company, distributed in differing degrees across our various divisions (Mines, Metals-Chemicals, Exploration and Administrative Services). We also identified the risk of any discrepancies detected during our verifications and, in coordination with all the areas, defined action plans to mitigate these risks with regular follow-up on the status of their implementation.
Parallel to this effort, we updated the compliance map applicable to our industry according to changes in federal laws, and conducted an awareness-raising campaign for the relevant personnel regarding the importance of strengthening this culture of regulatory compliance.
The company’s Personal Data Committee, headed by the Compliance Office, developed and published the policies, procedures and manual on the transfer and protection of personal data collected by the different areas, in addition to the procedures already in place to comply with the Federal Law regarding Personal Data Protection, and coordinated a risk analysis for safeguarding them.
We also set up a multidisciplinary work group, headed by the Compliance Office and the Department of Human Resources, which prepared policies and procedures for complying with national standard NOM-035-STPS-2018. There was a massive dissemination campaign on the new standard.
A questionnaire was applied to detect personnel subject to severe traumatic events and psychosocial risk factors, in order to implement the corresponding action plans; the participation was 94%.
Cybersecurity
We made substantial progress in both technical aspects and fortifying our technology governance for cybersecurity. Among the priority actions of this program we identified and analyzed the cyber-risks to which the organization is exposed, and controls that must be strengthened or applied to reduce them. We also put together a catalogue of all the services that make up the organization’s capacities to strengthen operational and technical security of the processes.
To enhance the visibility of our cybersecurity measures, we engaged the services of an independent consultant to help detect such incidents and respond to them. We are also deploying technology to enhance visibility which will enable us to act in a coordinated, efficient manner to address the vulnerabilities identified in our infrastructure.
Through these actions, we look to reduce and address any cybersecurity risks that we might face in an orderly and timely fashion, confident in the power of technology as an enabler of business processes.