French companies used to watch from afar with dismay the sanctions imposed by the US authorities on French multinationals prosecuted for corruption of public officials. The extra-territorial application of the Foreign Corrupt Practices Act (1977) and the UK Bribery Act (2010) were a cause for concern but they had difficulty imagining that such misfortune could happen to them, quite simply because many of them had implemented, at least in appearance, codes of ethics or procedures for combatting corruption. Well beyond mere display, compliance procedures must be effective and in accordance with strict international standards.

With presentation of the Sapin II bill to the Council of Ministers on 30 March 2016, introducing an obligation of prevention and detection of corruption risks, France has finally embraced new legislation, more in line with these standards.

The implementation of real anti-corruption procedures will no longer simply be a choice, but a genuine duty, indeed a precaution.

Who is targeted by this Sapin II bill?

The obligation of prevention and detection of corruption risks is imposed to companies employing at least 500 employees or belonging to a group employing at least 500 employees and whose turnover is higher than 100 million euros, as well as to the directors of these companies.

What procedures will need to be implemented?

  • Adoption of a code of conduct describing prohibited action and behavior characterized by acts of corruption or influence peddling
    • Defining a common set of values of the organization
    • Promoting a culture of integrity
    • Applicable and enforceable, internally at all levels and, externally to all entities over which the organization exerts effective control
  • Implementation of an internal whistleblowing system
    • Collecting potential  alerts and ensuring adequate protection of employees reporting unlawful or risky conducts or situations
    • Taking appropriate measures on the basis of such alerts
  • Establishment of risk mapping
    • In the form of regularly updated documentation
    • Intended to identify, analyze and prioritize the company’s risk exposure to external solicitations aimed at corrupting regarding to the sectors of activities and geographical areas in which the company deploys its business activities or, where appropriate, the entities which comprise it
    • Enabling procedures to be adapted to the risks identified
  • Implementation of a process for verification of the integrity of clients, suppliers, partners and agents
  • Performing of internal or external accounting inspections intended to ensure compliance of books, records and accounts
  • Organization of a training program for managers and personnel with the highest exposure to corruption risks
  • Establishment of disciplinary sanctions procedure for members of the company in the case of breach of the company’s code of conduct

What are the sanctions in case of violation of these provisions?

Sanctions are provided for and implemented by the Sanctions’ Commission of the National Agency for the detection and prevention of risks of corruption:

  • Injunction ensuring compliance on the basis of recommendations laid down by the Sanctions’ Commission
  • Sanctions of an amount which is proportionate to the seriousness of the breaches identified and to the financial situation of the natural person or legal entity concerned (up to 200.000 euros for natural persons and 1 million euros for legal entities)
  • Possible publication of the sanctions
  • Fine amounting to 30.000 euros in case non- cooperation with the Agency or obstruction to its investigation powers

Creation of an additional criminal penalty for ensuring compliance

  • New article 131-39-2 of the French Criminal Code provides in the event of conviction for corruption or influence peddling offenses, for a penalty consisting of an obligation to adopt and implement a program to ensure compliance within under the supervision of the Agency, over a period of 5 years maximum.
  • Sanctions in case of violation of the obligations ensuing from the compliance penalty: 2 years imprisonment and a fine of 30,000 euros or 2 000 000 euros up to the double of the amount gained through the commission of the offence for legal entities

What to do?

The companies concerned must evaluate without delay their compliance program to ensure that compliance procedures are already in place. Otherwise, a compliance program must be set up. In the presence of compliance procedures, it must be ensured that they are implemented and if necessary, to update them on the basis of recommendations which will be established by an external body (certifying body or law firm).

  • Audit of the existing compliance program
    • Due   diligence   checklist,   questionnaire   and analysis of the documentation
    • Interviews with key individuals (CEO, CFO, Chief Compliance Officer…)
    • Establishment of risk mapping
    • Research of existing compliance policy (information, communication, training, monitoring and review, sanctions procedure)
  • Verification  of the  effectiveness  of  the  compliance program
    • The audit of sale contracts, tender offer documents, agreements with third parties and intermediaries
    • Conducting new targeted interviews with personnel at high risk of exposure
    • Tests evaluating the procedures
    • Audit of (i) the meeting minutes of compliance bodies to ensure that the function satisfies the conditions of autonomy and liability, (ii) the training reports of management and personnel, (iii) the documentation retracing the detection and the investigations regarding to any potential acts of corruption, (iv) the audit reports related to the hiring of sensitive employees and third parties co-contractors and (v) the implementation of sanctions
    • Issuance of a report by the certification body including its recommendations
  • Implementation of these recommandations
    • Drafting and implementing of the identified missing documents
    • Training of management and personnel on the new procedures
    • Performing a compliance audit