ESG strategy
Our ESG strategy has three objectives:
Hover over a section to see information about each objective.
Having solid, reliable corporate governance—responsible in its decisions and supported by active oversight from experienced and diverse leadership—has been fundamental to the organization’s success.
Our ESG strategy has three objectives:
Hover over a section to see information about each objective.
At Peñoles, our business vision stands out for the importance we place on ethics and integrity. We are convinced that a culture of ethics represents a strategic advantage for generating long-term value for our stakeholders.
Our ethics and integrity framework—aligned with international best practices—is an integral and permanent part of our business processes. It ensures that our actions and behaviors reflect our ethical culture and corporate values: Trust, Responsibility, Respect, Integrity, and Loyalty (CRIL).
For more information:
Integrity and compliance risk management
Check out the detailed information on:
Our ethics, integrity, and compliance journey
2013
2014 - 2018
2019
2020-2023
2024
At Peñoles, our business vision stands out for the importance we place on ethics and integrity. We are convinced that a culture of ethics represents a strategic advantage for generating long-term value for our stakeholders.
Our ethics and integrity framework—aligned with international best practices—is an integral and permanent part of our business processes. It ensures that our actions and behaviors reflect our ethical culture and corporate values: Trust, Responsibility, Respect, Integrity, and Loyalty (CRIL). This framework continues to evolve, in response to the dynamic nature of our processes and the expectations of our stakeholders. Within this framework, the Code of Conduct stands out as a key reference for decision-making and stakeholder engagement. We expect our employees, members of the Board of Directors, and third parties with whom we maintain business relationships to adhere to our Code of Ethics and Conduct.
Ethics Culture
Our people’s ethical conduct is fundamental to our organizational purpose. We strive to uphold an ethical culture—reflected in our behaviors and decisions. We engage our people to raise awareness about the importance of compliance (“Cumplir tiene valor”) and to embed it within our ethics culture.
This evaluation contains eight pillars: i. Awareness of the Ethics and Compliance Program and Resources; ii. Perception of the Compliance Function; iii. Observing and Reporting of Misconduct; iv. Pressure; v. Organizational Justice; vi. Perception of Managers; vii. Perception of Senior Leaders; viii. Perception of Peers and the Environment. The results help us monitor the state of our ethics culture and identify opportunities to adopt international best practices, which are essential for planning and strengthening our Integrity and Compliance Program.
Governance
The Committee on Ethics and Corporate Values—composed of company executives—oversees compliance with the Code of Ethics and Conduct and addresses cases of unethical behavior, applying sanctions when violations occur. The compliance department reports to the Audit Committee of the Board of Directors on progress, performance, and continuous improvement efforts related to the Integrity and Compliance Program.
Our corporate compliance department—led by our Chief Compliance Officer—coordinates strategies and initiatives with a preventive approach to avoid incidents of bribery and/or corruption, and to ensure adherence to internal regulations. These efforts focus on processes, areas, and personnel that, due to their nature and level of exposure, are required to maintain an anti-bribery and anti-corruption focus.
Our Code of Ethics and Conduct sets out the ethical standards that guide the behavior of all employees at Industrias Peñoles, S.A.B. de C.V. It is grounded in the principles that distinguish us as a company—what we do, how we do it, our organizational philosophy, and our values.
We also maintain a comprehensive set of policies, guidelines, and procedures to prevent fraud, corruption, bribery, misuse of donations and sponsorships, unlawful interactions with government entities, personal data breaches, discrimination, conflicts of interest, and retaliation. This regulatory framework supports the implementation and enhancement of internal controls designed to mitigate these risks.
Integrity and compliance risk management
Preventing, detecting, and mitigating integrity and compliance risks is essential to maintaining stakeholder trust and ensuring long-term business success. We have established formal processes to manage these risks, which are supported by a robust due diligence system and a three-lines-of-defense model:
First line: Operational areas are responsible for implementing processes, controls, and technologies to prevent incidents and ensure compliance with applicable laws and regulations in day-to-day activities.
Second line: Oversight functions—such as comptrollers, risk management, compliance, and legal affairs—are responsible for monitoring, reporting, and managing risk indicators.
Third line: The internal audit function provides independent assurance to the Audit Committee and senior management regarding risk mitigation, control effectiveness and efficiency, and corporate governance.
Training and raising awareness
We aim to instill our culture of integrity from the moment employees join the company, extending it across our broader network of stakeholders.
Endorsement of the Code of Conduct
To ensure proper dissemination and training on the Code of Ethics and Conduct, we conduct the Endorsement of Our Commitment to Integrity certification annually. This program shares updates to the Code and reinforces understanding of our institutional values and internal policies, including zero tolerance for bribery and corruption, guidelines on gifts and hospitality, proper
information management, and the prevention of misconduct such as harassment and bullying. Each participant also completes a conflict-of-interest declaration.
Capacitación de ingreso
En Peñoles consideramos fundamental dar a conocer las bases de nuestra cultura ética y de integridad al personal de nuevo ingreso. Por ello, impartimos capacitación virtual a los ingenieros en entrenamiento y, a través de nuestra plataforma en línea, al personal que se incorpora a diversas áreas de la empresa. El propósito es socializar el contenido del Código de Ética y Conducta, el significado de nuestros valores institucionales, cómo declarar nuestros potenciales conflictos de interés, así como reforzar prácticas anticorrupción y soborno, y el uso adecuado de nuestro sistema de denuncias Línea Correcta. Estos temas se abordan tanto en el Taller de Integridad para Nuevos Ingresos como en el taller Cultura de Integridad, ambos disponibles en nuestra plataforma de capacitación en línea, Campus Virtual.
Third-Party Code of Conduct Training
As part of our strategy to promote integrity beyond our organization, we provide training to service providers based on the principles of our Integrity and Compliance Program. This year, a group of raw material suppliers received training on our Third-Party Code of Conduct, including assurance procedures and the use of our reporting system. In total, 36 participants attended, reaching 85% of the target audience.
Gifts and Hospitality
We engaged our employees to raise awareness on the company’s policy on receiving and giving gifts and hospitality. We launched an internal campaign supported by a trivia contest, where employees responded to hypothetical scenarios involving third-party interactions. A total of 584 people participated. Among the training, outreach, and coaching activities, in addition to staff training, we also inform business partners—through digital communications— about expectations regarding gifts and hospitality, referencing our Promotional Expenses Policy, Anti-Corruption and Bribery Guidelines, and Conflicts of Interest Guidelines, all available on our corporate website.
Third-party due diligence
The Third-Party Code of Conduct outlines our expectations for responsible business conduct from all third parties that conduct—or wish to conduct—business with Peñoles. Before entering into any business relationship with third parties, such as raw material suppliers, contractors, customers, suppliers, or other business partners, we conduct a comprehensive verification process based on risk levels and mitigation measures.
The validity of due diligence assessments ranges from one to three years, depending on the level of risk. We use BAL Evalúa, an automated system that enhances and streamlines third-party due diligence, empowering our compliance team with risk-based decision-making. Our updated methodology prioritizes criticality and risk exposure, resulting in improved alert identification and more consistent decisions regarding the initiation and continuation of business relationships.
In 2024, we emphasized training and support for staff using BAL Evalúa, ensuring familiarity with the platform and its automated processes. This automation has led to more efficient transaction tracing, shorter response times, and an easier process for both internal teams and third-party collaborators.
Due Dilligence requests in 2024
High risk with veto
High risk
Medium risk
Low risk
Of the 1,295 due diligence requests received in 2024, 1,110 were processed using BAL Evalúa.
Corruption and Bribery Prevention
We have zero tolerance for any form of corruption or bribery. All employees and third parties must strictly adhere to the bribery and corruption laws governing Industrias Peñoles. In Mexico, these regulations include the General Administrative Responsibility Law, the Federal Criminal Code of Mexico, and secondary federal and state laws applicable to corruption and the private sector.
Our anti-bribery and anti-corruption mechanisms reflect principles, international best practices, and guidelines such as the United Nations Global Compact, the core conventions of the International Labor Organization (ILO), and the guidelines promoting corporate responsibility issued by the Organization for Economic Cooperation and Development (OECD) and the United Nations (UN).
Our due diligence process avoids business relations with others when there is any doubt as to their involvement in corruption or bribery. Any suspicion of bribery or corruption is reported through our institutional whistleblower mechanism, Línea Correcta, and investigated. Disciplinary measures for those who participate directly or indirectly in bribery or corruption practices through an outside party include—in addition to the possibility of subsequent legal action—termination of the employment contract, if they are part of our workforce, and termination of the business relationship, in the case of third parties. Furthermore, we cooperate with authorities in investigating any alleged violations, imposing the corresponding sanctions, and taking the necessary corrective action.
Money laundering prevention
We continued to comply with current regulations on transactions involving proceeds of dubious origin by closely tracking operations and presenting notices of vulnerable activities. We will continue to track this group’s vulnerability to such transactions and adapt as necessary to emerging regulatory changes.
Prevention of involvement in political activities
Peñoles is dedicated to the pursuit of the common good. We work together with governments and participate responsibly in dialogues on public policy initiatives. In our due diligence process, we seek to understand and manage the risks involved in our business partners’ public exposure. Our Code of Ethics and Conduct makes clear our stance on relations with political parties: we prohibit any direct or indirect contribution by or on behalf of the organization to political parties or campaigns or to any individual, corporation, association, organization, union, or any other type of public or private entity involved in political activities in Mexico or abroad.
Collaboration and outreach
We are active members of Ethisphere’s Business Ethics Leadership Alliance (BELA) and contribute to advancing ESG and compliance best practices. We also serve on the board of the Center for Leadership Ethics at the University of Arizona and support various initiatives such as the High School Ethics Forum, Collegiate Ethics Case Competition, and the Executive Ethics Symposium.
Whistleblowing mechanism
Our Línea Correcta whistleblower line is a confidential and secure channel for raising concerns about the company's operations or any unethical behavior. The whistleblower line is operated by Ethics Global, a third-party provider that guarantees the anonymity of whistleblowers when filing a report. This reporting mechanism is available to all our employees, suppliers, contractors, and other stakeholders, including members of the surrounding communities. Reports received through this channel are reviewed quarterly by the Ethics and Corporate Values Committee and overseen by the Board’s Audit Committee.
Based on the results of the 2023 survey to evaluate people’s trust in the whistleblower line, we worked during the first half of 2024 to design a robust communications campaign. The objectives were to reduce the risks associated with information leaks and retaliation and to better communicate with potential whistleblowers who use any channel to report violations of our Code of Ethics and Conduct. This campaign began in the second half of 2024 and includes practical communication materials such as infographics and videos to explain to our staff what behaviors should be reported, the expected behavior of both leaders and staff in general, the importance of maintaining confidentiality throughout the complaint investigation process, and to demystify beliefs that may discourage a whistleblowing culture.
The compliance department was assigned the responsibility to manage the cases of workplace and sexual harassment. The Protocol for Handling Cases of Workplace/Sexual Harassment and Sexual Violence in the Workplace was issued, and the implementation of the response mechanism will begin with the establishment of Workplace Behavior Commissions that will operate as multidisciplinary bodies responsible for resolving workplace and sexual harassment cases.
Cybersecurity
Peñoles is committed to proactively managing cybersecurity risks and building organizational resilience against evolving threats. Our cybersecurity strategy is built on collaboration among the three lines of defense and technology teams. This synergy has allowed us to more effectively focus our efforts and increase our cybersecurity capabilities.
Our cybersecurity strategy is built on collaboration among the three lines of defense and technology teams.
Governance and risk management
In 2024, we strengthened our commitment to cybersecurity through a collaborative environment at all levels of the organization and across our business processes. The Audit and Corporate Practices Committee analyzes the company’s main risks—including cybersecurity— and evaluates compliance with relevant regulations. We implement controls following best practices from the NIST cybersecurity framework.
Our cybersecurity office, under the leadership of our CISO (Chief Information Security Officer), has played a central role in developing and implementing governance and risk management with a model based on three lines of defense that involves all levels of the organization:
Operational management
We strive for maximum efficiency in the use of resources and technological solutions we acquire. We utilize various sources of information that give us greater visibility into the main threats facing the technological environment and help us identify potential vulnerabilities.
We continue to make progress in increasing and strengthening the visibility of our operational technology at our mines and plants, facilitating the identification of vulnerabilities and the timely diagnosis of potential failures or anomalies. This is essential for its integration into our Security Operations Center (SOC) and enabling rapid and timely alerting.
Risk management and compliance
We consolidated our cybersecurity initiatives under a unified program to raise maturity levels.
We also completed the implementation of our tool for managing cybersecurity risks across the organization—in accordance with our internal methodology—which allows us to maintain a unified risk assessment process for our technology assets.
Furthermore, we added the identification and cybersecurity assessment of our technology providers to the due diligence process to validate that they have an acceptable level of risk, and we maintain constant risk monitoring throughout their lifecycle with the organization.
Cybersecurity Risk Management Framework
First Line (Operational Management): Implements and operates the day-to-day controls for cybersecurity risks. This line includes IT (Information Technologies), OT (Operating Technologies), and ST (Special Technologies).
Second Line (Risk Management and Compliance): Manages the cybersecurity policy and procedures. Designs, defines, oversees, and provides support to the controls for cybersecurity risks. Promotes the cybersecurity culture. This line is managed by the Cybersecurity Office.
Third Line (Audit): Performs internal and external audits to evaluate the effectiveness and independence of the controls for cybersecurity risks. Ensures, with independence, the effectiveness of the first two lines. Provides recommendations based on the findings of the audits. This line is managed by the internal audit team.
Audit
We maintain a rigorous audit process that objectively and critically assesses how risks are managed, controls are applied, and policies are enforced. The audit line remains independent of the first two lines of defense to maintain an objective and critical view of the effectiveness of our processes, issuing prioritized and practical recommendations to close any control gaps, improve processes, and strengthen the cybersecurity position.
We maintain ongoing communication, lessons learned, and knowledge sharing with BAL Group companies to pursue joint efforts to enrich and standardize best practices aimed at improving cybersecurity operations and governance at the Group level.
We at Peñoles and Fresnillo have well-defined and deeply rooted ethical values and principles of conduct, which have earned us the commitment of our collaborators and the trust of investors, clients, suppliers, communities, and authorities throughout our long history. These values and principles have also contributed to the strength of our results and have helped reinforce the Group’s image and credibility in the business world and in Mexico.
Alejandro Baillères
Chairman of the Board of Directors,
Letter of the President in the Code of Conduct
I am certain that adhering to such Code will be very useful for all of us, as it will guide us in making better decisions, aligned with our values and principles and in full compliance with the regulatory framework and applicable laws. Likewise, the Code is an excellent means to maintain the integrity, equality, and non-discrimination that make our companies stand out.
Alejandro Baillères
Chairman of the Board of Directors,
Letter of the President in the Code of Conduct
Our ethics, integrity, and compliance journey
2013
2014 - 2018
2019
2020-2023
2024
In 2024, we updated the Third-Party Code of Ethics and Conduct, which outlines the standards our business partners are expected to follow. In turn, these partners are expected to promote and apply the same principles throughout their value chains, generating a virtuous cycle for the benefit of society.
Policies, guidelines, and procedures
Training and raising awareness
This year, the learning experience was improved: completion time was reduced, new podcasts featuring leadership voices were included, and pre-filled forms made it easier to declare conflicts of interest. The certification achieved 99% coverage.
We Act with Integrity Workshop
Every two years, we provide in-person training across various locations. This year’s workshop focused on conflicts of interest, anti-corruption and bribery, regulatory compliance, harassment and bullying prevention, and our
reporting system. Through real-life case studies, participants explored practical applications of these topics and received follow-up on questions or concerns. A total of 273 leaders from across business units took part.
Third-Party Code of Conduct Training
As part of our strategy to promote integrity beyond our organization, we provide training to service providers based on the principles of our Integrity and Compliance Program. This year, a group of raw material suppliers received training on our Third-Party Code of Conduct, including assurance procedures and the use of our reporting system. In total, 36 participants attended, reaching 85% of the target audience.
Communication
The Integrity and Compliance Program implements a permanent communication strategy to promote ethical behavior among employees and stakeholders. Through our “Cumplir tiene valor” campaign, we highlight the importance of regulatory compliance and its role in building long-term organizational value.
“Cumplir tiene valor”
(Comply creates value)
Whistleblowing mechanism
Based on the results of the 2023 survey to evaluate people’s trust in the whistleblower line, we worked during the first half of 2024 to design a robust communications campaign. The objectives were to reduce the risks associated with information leaks and retaliation and to better communicate with potential whistleblowers who use any channel to report violations of our Code of Ethics and Conduct. This campaign began in the second half of 2024 and includes practical communication materials such as infographics and videos to explain to our staff what behaviors should be reported, the expected behavior of both leaders and staff in general, the importance of maintaining confidentiality throughout the complaint investigation process, and to demystify beliefs that may discourage a whistleblowing culture.
| Number of cases by issue denounced | 2024 | 2023 |
|---|---|---|
| Work harassment | 121 | 108 |
| Abuse of authority | 33 | 40 |
| Others | 20 | 25 |
| Sexual harassment | 27 | 42 |
| Theft or destruction of assets | 19 | 18 |
| Kickbacks/unethical dealing with suppliers | 42 | 40 |
| Conflicts of interest | 18 | 15 |
| Violation of policies | 19 | 17 |
| Professional/occupational negligence | 18 | 13 |
| Unsafe actions or conditions | 8 | 11 |
| Incorrect use of assets | 7 | 4 |
| Fraud | 19 | 2 |
| Breach of trust | 2 | 3 |
| Discrimination | 3 | 5 |
| TOTAL | 356 | 343 |
Reports by issue denounced
Ethics Conduct Indicators
Number of reports
Number of cases
Number of cases related to managers and executives
Number of disciplinary actions
Number of control reinforcements
Metrics
In 2024, we received 442 reports, corresponding to 356 cases, 65 of which involved individuals in leadership positions. We took 109 disciplinary actions and implemented 32 enforcement measures.
Training and cybersecurity awareness
Safe use of the technology workshop: Cybersecurity is our responsibility
We are continually raising awareness of the need to remain alert as we receive and consult information in a variety of media. With the “Cybersecurity is our responsibility” slogan, we developed the following recommendations for staying secure in the face of cyberattacks:
“Código Hacker”
For the fourth consecutive year, we participated in the “Hacker Code” cybersecurity conference. This event, together with other BAL Group companies, addressed topics such as: Cyberattack Simulation, Identity Theft, Protecting Your Finances in the Digital Age, Boosting Cybersecurity with Artificial Intelligence, Social Engineering, and Digital Violence. Corporate Directors and CEOs also participated.
Audit
We maintain ongoing communication, lessons learned, and knowledge sharing with BAL Group companies to pursue joint efforts to enrich and standardize best practices aimed at improving cybersecurity operations and governance at the Group level.