Sapin 2 imposes obligations on French companies with more than 500 employees (or companies belonging to a non-French group which employ more than 500 staff in France) and turnover in excess of €100 million to implement anticorruption policies and procedures.
Two weeks ago I was in Paris with our strategic partners, Forensic Risk Alliance, speaking at a conference kindly hosted by the international law firm Norton Rose Fulbright on Sapin 2.
This legislation also creates the Agence française anticorruption (“AFA”), the task of which is to review corporate compliance with the law, injunct non-compliance with its requirements and to administratively fine those who fail to respond. Where evidence of corruption is identified, AFA’s mandate is to report that conduct to the public prosecutor. With these measures, France is seeking to address the criticism of the OECD and nation states that it has thus far failed to comply with its treaty obligations to implement and enforce effective anticorruption laws.
Our audience was sophisticated and, beyond the mechanics of the new law and how it might be implemented and enforced, the debate quickly moved on to discussion around wider global enforcement and where standards, policies and procedures for multinational companies which are subject to multijurisdictional exposure should be set.
This debate has become more nuanced in the light of President Trump’s view of the FCPA and what impact his views may have on both the Department of Justice and the SEC enforcement priorities. Moreover, on 11 March the Cabinet Office in London made the somewhat astounding announcement that within weeks of the Serious Fraud Office securing the largest fine in English criminal history against Rolls Royce (£671,million in fines interest and costs), the future of the Serious Fraud Office as an independent investigator and prosecutor of serious and complex fraud and corruption was yet again being reviewed.
Do these changes signal an end to enforcement for what are now the two most aggressive prosecutorial agencies and how should company boards respond? Could boards now relax? And should they be concerned about the AFA given its limited budget of €10-15 million a year? In short, was there a need to apply scarce resources against a potentially diminished regulatory and prosecutorial risk?
Clearly time will tell, but from my vantage point, while there may be some limited disruption to enforcement, both prosecution and regulatory enforcement are here to stay. Drivers to good ethical conduct come from a wide variety of stakeholders - employees, investors, business counterparties, insurers, multilaterals and non-prosecutorial government agencies - and none of that is going to go away. Nor, if one is being completely cynical, is the pressure on government budgets. The odd half a billion in fines certainly helps the exchequer - this fact alone may well stimulate prosecutorial activity which might not otherwise have occurred.
Moreover, many multinationals have invested very significant sums in creating and enforcing anti-bribery policies, procedures and controls - including in how they manage third party relationships - as part of their creed and corporate governance structures. Disaggregating anti-bribery controls because of short term electoral cycles in the US, or yet another review of the SFO, would not be a credible position for a CEO or a board to take. And, of course, lingering at the back of their minds would surely be the Yates Memorandum, the fact that the statute of limitations extends beyond four years in the United States, and that there is no such statute at all under English Criminal law.
So to the question, where to set the benchmark when looking at Sapin 2, the FCPA, the Bribery Act and other anticorruption legislation? There is a great deal of guidance out there including from the Department of Justice, the Ministry of Justice in the United Kingdom, the OECD, and the new ISO 37001 standard. In addition, of course, many multinationals publish their procedures on their websites, so French companies should not have difficulty in identifying the requirements, and to the extent that they need context, there are enforcement actions to be reviewed as well as expert advice to be obtained.
Implementation is more complex. In our experience, one of the greatest challenges multinational companies face is ensuring consistency across their global operations. Here too things have developed - platforms have been designed to assist multinationals to efficiently and effectively educate their staff and business counterparties, export policies procedures, obtain information and analyse and investigate third parties in a secure environment.
Risk Advisory’s platform is called LUMA and if you would like to know more about how it might support your compliance efforts please do not hesitate to contact me or Rebecca Palser (firstname.lastname@example.org). We would be delighted to help.