The law related to transparency, against corruption and for the modernization of the economy (Loi Sapin II), was adopted by the French Parliament on 8th November 2016. It provides for the following:
- an obligation of prevention and detection of corruption risks,
- a sanction for implementing a mandatory compliance policy monitored by the national agency,
- a settlement procedure, and
- the setting up of a new National Agency “Agence Française Anticorruption” (National Agency).
This law offers France a new legislative framework against corruption, similar to the US and UK legislations (FCPA and UKBA).
It also responds to the OECD Convention on Combatting Bribery of Foreign Public Officials in International Business Transactions and the standard ISO 37001 on “anti-bribery management systems” published on 15 October 2016.
Most of the law’s provisions will enter into force the first day of the sixth month following the enactment of the law 1 . Therefore, companies need to appraise their compliance program and procedures rapidly and, in case of absence or insufficiencies of such program and procedures, must envisage the implementation of a global anti-bribery management system.
Legal entities and individuals concerned
The anti-bribery provisions of the criminal code target:
- Companies having all or part of their activity in France, or
- Individuals of French nationality or having their residence in France.
The obligation of prevention and detection of corruption risks is imposed upon:
- Companies employing at least 500 employees with a turnover higher than 100 million euros;
- Groups employing at least 500 employees, with their parent company in France, and a consolidated turnover higher than 100 million euros.
The top management must take measures to comply with this obligation.
Procedures to be implemented
Companies must implement a compliance program including:
Code of Conduct
- Common set of values of the enterprise;
- Applicable and enforceable internally at all levels, and externally to all entities over which the enterprise exerts effective control;
- Included in the enterprise’s internal rules (after the consultation of the employees representatives).
- Identifying, analyzing and prioritizing the company’s risk exposure to external solicitations aimed at corrupting;
- Taking into account the sectors of activities and geographical areas in which the enterprise and its subsidiaries operate;
- Enabling procedures to be adapted to the risks identified
- Regularly updated.
Internal Whistleblowing System
- Collecting potential alerts and ensuring adequate protection of employees reporting illicit or suspected conducts or situations;
- Taking appropriate measures on the basis of such alerts.
Process for verifying the integrity of clients, suppliers, partners and agents
Internal or external accounting audits
Training programs for managers and employees with the highest exposure to risks
Disciplinary sanctions in the case of breach of the company's code of conduct
Internal audit and evaluation procedures of the implemented measures
As a reminder, the sanction provided by the French Criminal code for corruption of foreign public officials is 10 years imprisonments and a fine up to 1 million euros, up to the double of the amount gained from the offence, for individuals.
The fine amounts up to 5 milliion euros for legal entities.
These sanctions can be combined with additional sanctions provided by the new law.
In the case of corruption: additional criminal sanctions for ensuring compliance
- Obligation to adopt and implement a compliance program under the control of the National Agency for a period of 5 years maximum;
- Sanctions in case of violation of the obligations resulting from the compliance penalty:
- 2 years imprisonment and a fine of 50,000 euros, for individuals,
- 2 million euros, up to the double of the amount gained from the offence, for legal entities.
In the case of violation of the obligation of implementation of a compliance program: sanctions pronounced by the National Agency
Injunction ensuring compliance on the basis of recommendations laid down by the Sanctions’ Commission;
Sanctions of an amount which is proportionate to the seriousness of the breaches and to the financial situation of the individual or legal entity concerned (up to 200.000 euros for individuals and 1 million euros for legal entities);
Possible publication of the sanctions
As an alternative to judicial proceedings, this law provides for a settlement procedure, inspired by the US Deferred Prosecution Agreement (Convention Judiciaire d’Intérêt Public).
The conditions to be fulfilled in order to benefit from the settlement procedure are:
Pay a criminal fine, proportionate to the amount gained from the offence and capped to a maximum of 30% of the average annual turnover of the previous three years;
- Set a compliance program, under the control of the Agency for a period of 3 years maximum;
- Compensate the damage caused by the offence within a year, if the victim is identified.
The legal representatives of the company remain liable, as individuals.
A specific procedure must be complied with to reach a settlement:
- The option for a settlement is proposed by the Public Prosecutor prior to the beginning of the public prosecution.
- If an agreement is reached between the company and the Public Prosecutor, the settlement agreement must be validated by the President of the French Civil court (“Tribunal de Grande Instance”).
- If the agreement is not validated, or no agreement is reached, or in the case of violation of the obligations set out in the agreement, the public prosecution resumes.
The decision of validation of the agreement is not considered as an admission of guilt and will not appear in the criminal record. It will, however, be published on the National Agency’s website, together with the settlement agreement and the amount of the fine.
What to do?
The companies concerned must evaluate without delay their compliance program to ensure that compliance procedures are already in place. Otherwise, a compliance program must be set up. In the presence of compliance procedures, it must be ensured that they are implemented and if necessary, to update them on the basis of recommendations which will be established by an external body (certifying body or law firm).
Audit of the existing compliance program
- Due diligence checklist, questionnaire and analysis of the documentation
- Interviews with key individuals (CEO, CFO, Chief Compliance Officer…)
- Establishment of risk mapping
- Research of existing compliance policy (information, communication, training, monitoring and review, sanctions procedure)
Verification of the effectiveness of the compliance program
- The audit of sale contracts, tender offer documents, agreements with third parties and intermediaries
- Conducting new targeted interviews with personnel at high risk of exposure
- Tests evaluating the procedures
- Audit of (i) the meeting minutes of compliance bodies to ensure that the function satisfies the conditions of autonomy and liability, (ii) the training reports of management and personnel, (iii) the documentation retracing the detection and the investigations regarding to any potential acts of corruption, (iv) the audit reports related to the hiring of sensitive employees and third parties co-contractors and (v) the implementation of sanctions
- Issuance of a report by the certification body including its recommendations
Implementation of these recommendations
- Drafting and implementing of the identified missing documents
- Training of management and personnel on the new procedures
- Performing a compliance audit