Total, Crédit Agricole, Société Générale. For some of us, these big names represent France’s economic power, for others the excesses of a system that’s running out of steam. In addition to their common nationality, these companies all hold a prominent place in the table of the largest penalty amounts resulting from a breach of the Foreign Corrupt Practice Act.1)The Foreign Corrupt Practices Act ( FCPA ) is a federal law that combats bribery of foreign public officials and encourages international companies to develop compliance and internal control systems. . When it comes to sanctioning corruption, the Americans are leading the way, and the extraterritorial opportunity opened up by the OECD Convention2)The FCPA was intended to apply only to Americans until the appearance of the Organization for Economic Cooperation and Development’s 1997 Anti-Bribery Convention, which amended the FCPA. Article 4 of the Convention states that: “Each Party shall take such measures as may be necessary to establish its jurisdiction over the bribery of a foreign public official when the offence is committed in whole or in part in its territory”. It gave the FCPA a principle of extraterritoriality, enabling even a trivial event (the use of American computer servers in an operation) to be linked to American territory, justifying the jurisdiction of the Department of Justice(DoJ). has only encouraged the creation of extraterritorial laws and the search for potential targets beyond American borders. In this field, as with wine, France is said to have the best grands crus.
Even today, the sale of Alstom to General Electric3)Claudia Cohen, “Why the controversial sale of Alstom to General Electric is back in the news” on Le Figaro [en ligne]published on July 24, 2019. puts the spotlight back on the corruption practices of major corporations4)On this subject, Frédéric PIERUCCI and Matthieu ARON’s book, “Le piège américain”, published by Lattés in 2019, retraces the events surrounding the corruption of foreign public officials within Alstom and those preceding its takeover by the American General Electric.. This politico-industrial scandal brings to the surface the shortcomings of our anti-corruption legislation in the face of American imperialism5)Kevin E. DAVIS, ” Between Impunity and Imperialism: The Regulation of Transnational Bribery”, OUP USA, 2019, pp. 41 à 44.. Weapon of economic destabilization or weakening of the banking system6)”BNP fine: a risk for the banking system?”, on Le Monde [en ligne], published June 4, 2014., the motive for this relentlessness matters little in the face of the need to counter it and protect all French businesses.
To date, major groups have managed to find a lifeline in the French Anti-Corruption Agency (AFA): the mechanism of the Public Interest Judicial Agreement (CJIP) cancels out the mechanism of criminal liability in return for payment of a fine and implementation of a compliance program.
What about the rest of the companies? The threshold of the law7)Article 17 of law n°2016-1691 of December 9, 2016. only brings in those employing more than 500 employees and justifying sales in excess of 100 million euros. In 2017, 1,600 companies were affected by Sapin II for 3,855,107 existing entities8)Tableaux de l’économie française, Collection Insee Références, 2020 edition.. These figures confirm that a large number of companies are not subject to the AFA’s investigations and controls, although it is not possible to demonstrate the total absence of corruption risk in some of these entities, let alone private corruption. They will not be able to go through the CJIP process, so they need to be aware of the stakes involved in preventing and detecting corruption.
Ethical violations are not confined to large companies. While it’s true that bribery of public officials, whether foreign or not, is better known and more punished9)Active bribery of public officials, whether foreign or not, is punishable under Articles 435-1 and 435-3 of the French Criminal Code, respectively, and is punishable by ten years’ imprisonment and a fine of one million euros for individuals.Private corruption can easily be found within a multinational company, but no company is spared. And yet, as well-known and serious as it is, its arrival in the French penal arsenal was late in coming. Insertion of active and passive corruption offences in 200510)Law no. 2005-750 of July 4, 2005 containing various provisions adapting to Community law in the field of justice. follows up the call made by the Council of the European Union in its 2003 framework decision11)Framework decision 2003/568/JHA of July 22, 2003 of the Council of the European Union calling on member states to introduce effective law enforcement in this area.. Articles 445-1 and 445-2 of the French Criminal Code punish individuals for private bribery with up to five years’ imprisonment and a fine of 500,000 euros.
The legislator has not forgotten corporate bodies, since Article 445-4 of the French Criminal Code sets out a series of sanctions for companies found guilty of private corruption. The new version of the article brings the AFA closer to companies not subject to Sapin II. A reference is made to article 131-39-2 of the French Penal Code, which requires offenders to submit to a compliance program for a maximum period of five years, under the supervision of the AFA.
It is the legislator’s intention that all companies, whether or not they are subject to Sapin II, should have systems in place to prevent and combat private corruption offences. This may be with a view to meeting the highest French standards, and enabling entities to benefit from the positive spin-offs of adopting such systems.
Seven means are specified by the legislator and should inspire companies not subject to Sapin II. Entities equipping themselves with anti-corruption systems now have a template , and will be able to model themselves on the legal compliance program. It can be broken down into three areas: inform, report and act.
The first way to avoid a risky situation is to inform people about the risk posed by the situation itself. Corruption is no exception. The more we are aware of the risks, the more we can build a management strategy by taking appropriate measures. In 2017, the OECD’s recommendations on public integrity showed that corruption risk mapping in France was not widespread12)Information report on the ethics of civil servants and the management of conflicts of interest No. 661 by Messrs. Fabien MATRAS and Olivier MARLEIX, recorded January 31, 2018.. This implies that the private sector is no exception, since the fight against corruption began in the public arena.
For the authorities, the aim of risk mapping is to provide precise knowledge of the internal and external organization with regard to sensitive situations, and to identify the roles and responsibilities of individuals.13)Recommendations to help legal entities under public and private law prevent and detect corruption, influence peddling, concussion, illegal taking of interest, misappropriation of public funds and favoritism, French Anti-Corruption Agency, December 2017.. In fact, depending on the business sector and the resources deployed for the company’s activities, loopholes can be created that call into question compliance with legal provisions on corruption. It’s not just a question of identifying risks, but also of resolving them. Resolving a risk does not necessarily lead to solutions that eliminate it. The company will have to demonstrate its ability to control this risk to a greater extent if its sector of activity is risky by nature (defense, raw materials, new technologies).
Considered as an anti-corruption performance indicator, mapping will require real work to achieve compliance.
Before a risk inventory can be drawn up, the person in charge of risk mapping (compliance officer, consultant, lawyer) needs to know every detail of the company’s processes and sub-processes. The AFA’s recommendations draw attention to the fact that risks emanate from these processes. Thus, an entity needs to think in terms of operational actions, even the most insignificant ones that are not necessarily subject to internal control, and not by department (legal, financial, human resources), so as to isolate all risks.
This means that companies need to set up processes and procedures for each activity (e.g. recruiting employees, signing contracts, purchasing supplies) in order to identify areas where private corruption risks may be present.
Risk mapping is ultimately a document that must be exhaustive14)Bercy Info, ” 10 conseils pour prévenir les risques de corruption dans votre organisation”, economie.gouv.fr [en ligne], December 06, 2017., formalized and, above all, open-ended. Every entity that is not subject to Sapin II but whose economic activity is significant must make the effort to create one. This document will serve two purposes: to build anti-corruption compliance programs and to inspire the writing and updating of the code of conduct.
Since information is of prime importance, a code of conduct qualifying situations likely to give rise to corruption helps lay the foundations for what is considered to be corruption. On the face of it, drawing up a code of conduct seems fairly straightforward. Once again, such a document must be: clear, precise and laconic.
To be clear means to be audible, to be effortless to read: this code has been drawn up by legal experts and requires the adoption of a common language that can be understood by anyone in the company with no legal training. Prefer to use the term favor rather than liberality, or accompany it with concrete examples.
The use of illustrations is recommended to clarify the message while remaining relevant. Since it’s impossible to cover every situation, it’s best to focus on those of a general nature (giving a disproportionate gift) and to accompany them with illustrations that are more specific to the company’s sector of activity, as highlighted by the risk map. Clarity also includes aesthetics.
Unlike internal regulations, it must be concise and therefore ” digestible ” for the reader. It doesn’t have to be a collection of rules piled up one on top of the other.
If there’s a desire to integrate it into the internal regulations to give it binding force, there’s none in the desire to confuse these two texts. The Code of Conduct is an instrument that needs to be updated, even if the changes are minimal, and a review should be scheduled every two or three years. To date, there are codes of conduct available online that are more than six years old for major groups. In its decision of February 7, 2020, the AFA Sanction Commission issued a compliance injunction on the code of conduct: incomplete (lack of definition and illustration) and not modeled on risk mapping15)AFA, Sanctions Committee, Decision No. 19-02, February 7, 2020The decision confirms that this is still an exercise that many companies have not yet mastered.
In addition, there is the training of managers and professionals: the idea is to make all employees aware of the issues surrounding the fight against corruption. In-house training is the best way to keep a team constantly alert to everyday situations that can actually reduce their attention span. Favoring a more sustained rhythm of short training courses, rather than once-a-year courses lasting hours. Contrary to what the law stipulates, do not reserve such training for the most exposed managers or staff. Give priority to these people when allocating the number of training hours, reserve specific training sessions for them with more targeted subjects, but it is still necessary to train all employees in the basics of anti-corruption. While decision-makers are the most exposed to risk, this does not mean that the average employee will not one day be approached or tempted to commit a fraudulent act of private corruption.
Finally, the internal and external accounting controls identified by law are essential. Accounting often contains the first clue to a corrupt operation that is being concealed (employee remuneration, slush funds, fictitious operations).
As regards the introduction of procedures for assessing customers, suppliers and intermediaries, the AFA recommends a procedure containing the terms and conditions of a KYC.16)Know Your Client, or KYC , refers to the process of verifying an individual’s identity on the basis of official documents (identity card, proof of address, etc.). classic: identify customer, country, shareholder, reputation, business sector and cooperation. This last point must be taken into account when dealing with a third party. The ease with which someone responds to your requests or questions, and their degree of cooperation, give an idea of the risk they represent for an entity and its reputation. An individual who is discreet or evasive, or who seems to lack the information needed to understand his or her activities, represents a risk. This part, which enables us to obtain as much information as possible, is important because we can’t know everything that’s going on with a potential customer, supplier or intermediary.
The establishment of procedures, their strict implementation and their effectiveness are key to the smooth running of operations. This is particularly true in external growth transactions, which have received particular attention since the publication of the AFA guide17)Les vérifications anticorruptions dans le cadre des fusions-acquisitions, Agence française anticorruption, January 2020.. However, it is regrettable that the Sapin II law does not include any compliance provisions for this type of transaction.
Corruption in a target company can prove disastrous, as it remains liable and could be fined, calling into question the advisability of the acquisition.
While the annihilation of a company’s legal existence entails the elimination of its liability, the fact that a target is acquired, taken over or merged with another company does not purge corruption offences, and neither do the sanctions applicable to individuals, insofar as both former and new directors may be subject to prosecution.
The AFA, and more widely, recommends that all M&A transactions (pre- and post-integration) should be subject to compliance audits with a special focus on corruption. If not carried out during legal due diligence, the appointment of a team of anti-corruption specialists can help reduce risks. The process to be carried out goes further than a KYB18)Know Your Business or KYB refers to all the operations involved in verifying a legal entity (sector of activity, directors, shareholders, etc.).
It is advisable to proceed in three stages: taking stock, checking and correcting. The first two steps take place before the target is integrated, the last afterwards.
The first step is to take stock of the situation. For those in charge of anti-corruption audits, the starting point of the investigation will have to be determined according to risk factors specific to the target. Questions to ask include the type of entity targeted, its sector of activity and market position, the number of employees it employs, the presence of politically exposed persons, the country in which it is based, and the potential existence of the target’s name in the media for negative compliance-related stories.
Secondly, it is necessary to check the anti-corruption measures in place at the target to determine the entity’s degree of resistance to corruption and to gain an idea of the corrections that the acquirer will need to make. A recommendation is made for each breach of the law , to enable the company to reach a level of compliance with the regulations. In the absence of corruption prevention and detection systems, or systems that are virtually ineffective, this stage will define a floor and ceiling for the risks that the purchaser is able to bear. The aim is not just to check that anti-corruption measures have been taken, since if there is a proven risk, the purchaser will be able to withdraw.
This stage relies on close collaboration between the anti-corruption auditors and the acquirer’s M&A managers, as a great deal of information and documentation relevant to the assessment of device compliance is available in the data room. Clean teams can intervene to enable the exchange of highly sensitive data between seller and buyer.
The third step is to make corrections. Any anti-corruption shortcomings identified will have to be remedied, to reassure the purchaser of the transaction. This requires a great deal of effort on the part of compliance teams, and can last well beyond integration. It is therefore essential to plan ahead, during the inspection phase, for the workload this will entail.
Anti-bribery checks in this type of operation are therefore easily justified, as the resulting consequences are not negligible. Firstly, in terms of cost: the price to be paid by acquirers of a corrupt target can be considerably inflated by the imposition of a fine and by the need to comply, resulting in a de facto drop in the internal rate of return (IRR) initially envisaged. Then there’s the liability: it can hang over the heads of old and new managers for years to come. Corruption is a clandestine offence, so while the offence is time-barred after six years, the statute of limitations for public prosecution does not begin to run until the offence is revealed.19)Article 9-1 of the Code of Criminal Procedure imposes a time limit of 12 years from the commission of the offence for hidden or concealed offences. This limits the possibility of prosecuting an individual for corruption ad vitam aeternam..
For these reasons, the buyer and seller must agree on the means to be used to satisfy all the interests involved (warranty clause,earn-out clause, indemnities).
The Sapin II anti-corruption compliance framework not only provides information, but also makes it possible to report on
The law calls for an internal reporting system to be set up for employees who observe behavior or situations contrary to the company’s code of conduct. The system can be modelled on the recommendations of the Sapin II law, and should be able to incorporate the reporting of an external employee for an offence relating to breaches of probity, such as an act of corruption.
The physical implementation of the system is the responsibility of the IT department, but its content needs to be reviewed with the company wishing to implement it. We need to make sure that the device can be adapted to the needs of the entity, that it is ergonomic and easy to use. If a French company calls on foreign suppliers or employees, a platform available only in French could put a non-French speaker in difficulty, or cause him or her to give up alerting.
One of the key issues in the reporting system is the final destination of alerts. The obligation laid down by Sapin II20)Article 8 of Act no. 2016-1691 of December 9, 2016. is limited to the function of the person: a direct or indirect hierarchical superior of the employer or to a referent, but does not require disclosure of the identity of the person behind the referent function. Often, the reluctance to report a problem stems from not knowing whose home it is. This could change with the European directive on the protection of whistleblowers, which distances itself from the hierarchy of reporting channels.21)Articles 7 and 10 of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of persons who report violations of Union law.. and enables external reporting without having to go through the internal procedure, even if this is still recommended in the absence of any risk of reprisals.22)Article 7.2 of Directive (EU) 2019/1937. It must be transposed by France by December 17, 2021 at the latest.
Disclosing the identity of the contact persons reassures employees who may wish to make a report, as there is no specific department for handling alerts. Likewise, it’s essential to designate several people to receive alerts, so as to consider the possibility of a superior or designated contact person being directly targeted.
These recommendations ensure that the company has an effective system in place. However, the implementation of all these measures within the company must lead to sanctions in the event of non-compliance.
A disciplinary system must be adopted in the code of conduct to punish such violations, including any breaches by employees of the anti-corruption rules in place. This system must be accompanied by concrete, dissuasive measures. Consequently, for a serious act, a simple warning is not enough. Although this is a prerogative under the company’s control, it is up to it to set an example.
In short, the fact that a company is not subject to Sapin II is of little importance when it comes to anti-bribery measures, insofar as it is indirectly informed of the course of action to be taken through the imposition of an additional penalty incorporating the measures set out in Article 17. This may come as a surprise, given that the Sapin II anti-bribery scheme stems from a special legal obligation, and that the penalty imposed on out-of-scope companies does not reflect any direct anti-bribery obligation.
And when it comes to private corruption, questions remain unanswered. Concerning AFA’s role: it monitors compliance with the obligation to ensure the “existence”23)Article 131-39-2 I of the French Penal Code. of a compliance program and its implementation. What are the control procedures? Article 4 of Sapin II specifies these procedures for companies that have signed a Public Interest Judicial Agreement, but makes no reference to private corruption for other companies.
As for the effectiveness of the program in place, what about the proof of its efficacy? Is it controlled by AFA? The company and the AFA have ” a maximum duration of five years ” to roll out the program and ensure its “ effectiveness ” and “ robustness “.24)The guidelines issued by the National Financial Prosecutor’s Office, on the implementation of the CJIP for companies subject to the Sapin II law, specify that the duration of the compliance program enables the implementation of the program to be monitored, as well as its effectiveness and robustness. but if it’s not up to scratch after the allotted time has elapsed, what happens? Is efficiency controlled by the company itself? In this respect, Article 131-39-2 of the French Penal Code does not require the introduction of internal control procedures to guarantee the effectiveness of anti-private corruption measures, in contrast to Article 17 of the Sapin II Act.
|↑1||The Foreign Corrupt Practices Act ( FCPA ) is a federal law that combats bribery of foreign public officials and encourages international companies to develop compliance and internal control systems.|
|↑2||The FCPA was intended to apply only to Americans until the appearance of the Organization for Economic Cooperation and Development’s 1997 Anti-Bribery Convention, which amended the FCPA. Article 4 of the Convention states that: “Each Party shall take such measures as may be necessary to establish its jurisdiction over the bribery of a foreign public official when the offence is committed in whole or in part in its territory”. It gave the FCPA a principle of extraterritoriality, enabling even a trivial event (the use of American computer servers in an operation) to be linked to American territory, justifying the jurisdiction of the Department of Justice(DoJ).|
|↑3||Claudia Cohen, “Why the controversial sale of Alstom to General Electric is back in the news” on Le Figaro [en ligne]published on July 24, 2019.|
|↑4||On this subject, Frédéric PIERUCCI and Matthieu ARON’s book, “Le piège américain”, published by Lattés in 2019, retraces the events surrounding the corruption of foreign public officials within Alstom and those preceding its takeover by the American General Electric.|
|↑5||Kevin E. DAVIS, ” Between Impunity and Imperialism: The Regulation of Transnational Bribery”, OUP USA, 2019, pp. 41 à 44.|
|↑6||”BNP fine: a risk for the banking system?”, on Le Monde [en ligne], published June 4, 2014.|
|↑7||Article 17 of law n°2016-1691 of December 9, 2016.|
|↑8||Tableaux de l’économie française, Collection Insee Références, 2020 edition.|
|↑9||Active bribery of public officials, whether foreign or not, is punishable under Articles 435-1 and 435-3 of the French Criminal Code, respectively, and is punishable by ten years’ imprisonment and a fine of one million euros for individuals.|
|↑10||Law no. 2005-750 of July 4, 2005 containing various provisions adapting to Community law in the field of justice.|
|↑11||Framework decision 2003/568/JHA of July 22, 2003 of the Council of the European Union calling on member states to introduce effective law enforcement in this area.|
|↑12||Information report on the ethics of civil servants and the management of conflicts of interest No. 661 by Messrs. Fabien MATRAS and Olivier MARLEIX, recorded January 31, 2018.|
|↑13||Recommendations to help legal entities under public and private law prevent and detect corruption, influence peddling, concussion, illegal taking of interest, misappropriation of public funds and favoritism, French Anti-Corruption Agency, December 2017.|
|↑14||Bercy Info, ” 10 conseils pour prévenir les risques de corruption dans votre organisation”, economie.gouv.fr [en ligne], December 06, 2017.|
|↑15||AFA, Sanctions Committee, Decision No. 19-02, February 7, 2020|
|↑16||Know Your Client, or KYC , refers to the process of verifying an individual’s identity on the basis of official documents (identity card, proof of address, etc.).|
|↑17||Les vérifications anticorruptions dans le cadre des fusions-acquisitions, Agence française anticorruption, January 2020.|
|↑18||Know Your Business or KYB refers to all the operations involved in verifying a legal entity (sector of activity, directors, shareholders, etc.)|
|↑19||Article 9-1 of the Code of Criminal Procedure imposes a time limit of 12 years from the commission of the offence for hidden or concealed offences. This limits the possibility of prosecuting an individual for corruption ad vitam aeternam.|
|↑20||Article 8 of Act no. 2016-1691 of December 9, 2016.|
|↑21||Articles 7 and 10 of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of persons who report violations of Union law..|
|↑22||Article 7.2 of Directive (EU) 2019/1937|
|↑23||Article 131-39-2 I of the French Penal Code.|
|↑24||The guidelines issued by the National Financial Prosecutor’s Office, on the implementation of the CJIP for companies subject to the Sapin II law, specify that the duration of the compliance program enables the implementation of the program to be monitored, as well as its effectiveness and robustness.|
Dear users, on 15/06/2022 Internet Explorer will be retiring. To avoid any malfunctioning, we invite you to install another browser, such as Google Chrome, by clicking here, or the one of your choice.
Please check this before contacting us in the event of a problem.