Two recent rulings by France’s Commission of Sanctions provide insight into which aspects of the transparency, anti-corruption and modernization law known as Sapin II the Agence Française Anticorruption focuses on during its inspections.
For global companies operating in France and subject to Sapin II, it is important to understand the background and outcomes of these cases — Imerys and Sonepar — to ensure that the appropriate identification of risks (or risk mapping), code of conduct, as well as accounting controls and procedures, are in place to prevent or minimize the risk of covering up bribery schemes.
The following is an analysis of the Imerys case and a comparison to the earlier Sonepar ruling, as well as best practices that companies can implement to avoid lengthy investigations and, potentially, costly penalties.
The Imerys Case
For the second time since the implementation of Sapin II, the Commission of Sanctions ruled on a case — Imerys, a world leader for mineral-based specialties—that was referred by the Agence Française Anticorruption or AFA for an alleged failure to comply with Sapin II after a comprehensive audit was conducted by the AFA. Previously, the AFA referred Sonepar, a global leader in the distribution of electrical products, which the Commission found to be compliant, contrary to the AFA’s allegations that it had violated various sections of Article 17.
More specifically, the AFA alleged that Imerys was in violation of Sapin II, claiming that it failed to comply with three provisions of Article 17, as follows:
- Failure to address the specific risks associated with the company’s industry, activity and geographical locations in its risk mapping
- Having an out-of-date and inadequate code of conduct, and
- Failure to factor in the corruption risks that it was exposed to in its accounting procedures.
The AFA recommended that the Commission of Sanctions compel Imerys to update its bribery risk mapping by March 1, 2020, and its employee code of conduct and accounting procedures by June 6, 2020. The recommendations also included steep financial penalties — €1 million ($1.07 million) against the company and €100,000 ($107,000) sanction against the previous CEO.
Imerys denied the allegations and challenged the inspection on procedural grounds. After a lengthy investigation, the Commission of Sanctions recognized that the risk mapping might not have been performed at the appropriate granular level and Imerys’ methodology might have lacked consistency. However, it concluded that Sapin II did not specify which level of granularity was appropriate to follow, that a plan of action was also not legally required by Sapin II, and the AFA recommendations did not have the force of law.
Imerys was also given credit for having complied with some of the stages of the AFA recommendation for risk mapping, as a result of hiring an external service provider for assisting with effectively mapping risks. And, while the Commission of Sanctions did agree with the AFA that Imerys needed to update its employee code of conduct (and better integrate it with other codes of conduct and the company’s ethics manual) and accounting procedures and controls surrounding the risk of corruption, it granted more time to resolve these issues until September 1, 2020, and March 31, 2021, respectively.
Lessons Learned from Imerys and Sonepar
Below are some key takeaways that companies subject to the French anti-corruption law should consider when navigating Sapin II:
Lengthy investigations provide benefits: In both cases, enough time elapsed (20 months for Sonepar and two years for Imerys) between the announcement of the audit and the results of the rulings, to permit the companies to make improvements and follow recommendations for which credit was given.
Consult outside experts for impartial audit and analysis: Both companies relied on external professionals to assist with the implementation and involved management in the process, for which they were rewarded, including their auditors. Using external experts is often part of demonstrating a comprehensive approach to the required assessments and controls.
Approaches to risk mapping vary and credit can be awarded for documenting and trying: Disagreements as to the approach to risk mapping did not rise to the level of a violation of Sapin II. To the extent the company incorporated recommendations in its approach, the Commission of Sanctions credited the company for doing so.
Code of conduct manuals need to be integrated immediately: However, in regard to the code of conduct and related documents, the Commission of Sanctions found that the ethics and compliance manuals, including code of conduct, should be integrated as it relates to anti-corruption and refer to specific examples.
Show progress in implementing recommendations: When it came to the internal controls over financial reporting to curb corruption, the AFA acknowledged that the company was not yet at the required levels, but it did not warrant any penalties because it showed progress in implementing its auditor’s recommendations.
These two matters and their respective rulings are consistent with the AFA’s announced main objective to act as a preventative and deterrent regulator with companies in regard to anti-corruption risk, as opposed to acting as an enforcer. The rulings also suggest that the burden of proof is on the AFA to demonstrate how a company’s failure to implement its recommendations would result in a violation of Sapin II. In these matters, the AFA’s recommendations did not have the force of law behind it.
Xavier Oustalniol, pictured above left, is a partner in the San Francisco office of StoneTurn. He began his accounting career in his native France. He has more than 25 years of experience as an auditor, forensic accountant and litigation consultant, and now focuses on complex forensic accounting issues, fraud investigations, and fraud prevention and anti-corruption compliance assessments.
Véronique Chauveau, above right, is a managing director at StoneTurn. She has more than 20 years of experience with a focus on litigation advisory and business disputes. Prior to joining StoneTurn, she served as a director of forensics and litigation services at a national accounting firm, where she supervised and reviewed multiple litigation and forensic accounting engagements.