France is the latest nation to join the anti-corruption fray, working to finalize a new law to fight corruption, foster transparency and modernize economic activity.
The proposed law — Sapin II — has eight main articles focused on the prevention of corruption and additional protections for whistleblowers, among other topics.
The law requires companies or groups, wherever located, that have operations in France and with over 500 employees and over €100 million ($110 million) in consolidated revenues (estimated to be about 1,500 companies in France) to implement measures to prevent and detect corruption in France or foreign countries related to influence peddling.
This is a big step for France, which has been criticized for being slow to implement effective anti-corruption measures.
One of the most notable changes is the creation of a national regulatory body to prevent and detect corruption — the Agence Française Anti-corruption (AFA), a 70-person agency, reporting to both the Ministry of Justice and the Ministry of Finance, with a Director appointed by the President of France and a non-renewable, six-year mandate.
Another potential significant development is the introduction of a French-style deferred prosecution agreement (“DPA”).
Here are five ways to manage the implications of the new French anti-corruption law:
1. Perform a Gap Analysis Subject companies will need to assess exposure to potential corruption risks in the context of the new law and whether the company has sufficient dedicated resources and budget to handle the implications; this includes an assessment of accounting procedures and whether they are designed to prevent books and records from being used to conceal corrupt activities or if current practices are sufficient. Counsel and risks and controls experts can assist in these efforts.
2. Conduct a Proper Corruption Risk Assessment Take an inventory of the company’s interactions with domestic and government officials; identify the incentives and pressures and the opportunities to misappropriate company assets to make corrupt payments; consider schemes on an “inherent basis” without regard to controls that have not been audited; and assess significance, and weed out unlikely and insignificant risks. Corruption risk varies considerably by country, and the risk assessment should be based on an initial foundation, including regional risk factors.
3. Audit the Company’s Anti-Bribery and Corruption Program and Controls Audit the design and validate the operating effectiveness of these elements, and identify the company’s response to each significant risk, including manual and automated prevention and detection controls and training of personnel. Assess whether the response, if operating as designed, is adequate. Correct deficiencies. Conduct audit procedures to test operating effectiveness.
4. Engage the Independent Auditors in France The role of external auditors (commissaires aux comptes) is still unclear. They may be asked to opine on the adequacy of a company’s anti-corruption controls. French auditors could issue certifications specific to the compliance of companies with the AFA guidelines, which would mitigate risk under the new statute. Their role will likely expand, depending on how the AFA issues standards. This will, in turn, open a debate about how regulators in other countries view French standards and how to apply their respective laws. One thing is certain: companies may want to start discussions with their auditors now.
5. Anticipate Collateral Consequences It remains to be seen whether the AFA’s audit findings will be available to French prosecutors, foreign authorities or private litigants. The law appears to require professional secrecy from advisers with access to records and information. The penalties, however, will be published. DPAs will be considered at a public hearing. Foreign regulators are watching and will assess the risk of multiple penalties for an instance of misconduct. The DOJ has hinted it would take fines and actions by regulators in foreign countries into consideration on FCPA violations and coordinate in such a way as to not create multiple sanctions for the same violations.
* * *
Experience with the U.S. and UK regulatory environments will be valuable for French companies. But while large companies already have compliance programs in place, they may not necessarily meet the expectations of the AFA. Additionally, companies subject to the law would be ill-advised to rely upon programs that look good “on paper” but are not put into practice.
Xavier Oustalniol, a partner in the San Francisco office of StoneTurn Group, began his accounting career in his native France. Now, with more than 25 years of experience as an auditor, forensic accountant and litigation consultant, he focuses on complex forensic accounting issues, fraud investigations, and fraud prevention and anti-corruption compliance assessments. His clients include many French companies and U.S. entities with operations in France.
Jonny Frank is a partner in the New York office of StoneTurn Group. He currently serves as the DOJ-appointed Independent Compliance & Business Ethics Monitor of a Top 5 Global Bank. Frank has more than 30 years of public and sector experience in forensic investigations, compliance and risk management, and has served on the faculties of the Yale School of Management and Fordham University Law School, where he taught international criminal law.