CSR: the fight against corruption and the duty of vigilance

- Newsletter

Following a number of scandals involving French companies, France has recently set up a new anti-corruption mechanism and is about to adopt a genuine obligation of vigilance.

I. The Sapin II Law on Anti-Corruption

Law 2016-1691 on transparency, fight against corruption and modernization of economic life, known as the Sapin II Act and promulgated on 9 December 2016, imposed an obligation on large companies to fight Corruption. One of the main contributions of this law lies in the obligation for companies with more than 500 employees or who belong to a group of companies whose parent company has at least 500 employees and has its headquarters in France, to implement a compliance program. This obligation applies at a group level. It aims to prevent and detect any act of corruption both in France and abroad.

Concretely, the compliance program implies for the target company to:

  • Elaborate a code of conduct that must be integrated into the internal rules; this code of conduct shall include a definition of prohibited behavior that can be characterized as acts of corruption or trading in influence but also an illustration of these behaviors;
  • Put in place an internal warning procedure, which allows employees to report behavior contrary to the code of conduct;
  • Prepare a regularly updated risk map of the company’s exposure to corruption, taking into account the sectors and geographical areas of activity of the company;
  • Establish procedures to assess its customers, senior suppliers and intermediaries regarding the risks identified in the risk mapping;
  • Establish internal or external accounting control procedures to ensure that the company’s accounts do not mask facts that constitute bribery or influence peddling;
  • Train managers and staff most exposed to the risks of bribery or influence peddling;
  • Provide disciplinary measures to punish employees who violate the code of conduct;
  • Monitor and evaluate internally the effectiveness of the measures implemented.

In order to ensure compliance with these provisions, the Sapin II law provided for the creation of a French anti-corruption agency, the implementing decree of which was adopted on 14 March 2017.

In case of non-compliance, and prior to any sanction, a warning is sent to the executives of the company. If this warning is not followed by actions, the Sanctions Committee of the anti-corruption agency can be seized. Fines up to € 200 000 can be pronounced against natural persons and up to € 1 million against legal persons. The amount of the fine imposed shall take into account the seriousness of the facts and the financial situation of the suspected person.

France also introduces a French version of the American deferred prosecution agreement allowing the Public Prosecutor to compromise with the defendant company before any prosecution in return for the payment of a substantial fine.

II. Law No. 2017-399 on the duty of vigilance

Law 2017-399 on the duty of vigilance of parent companies and outsourcing companies, promulgated on 27 March 2017, requires that French companies put in place a plan of vigilance, if they employ, at the end of two consecutive years, at least 5,000 employees in France or 10,000 employees in France and abroad. Such obligation also applies if they reach the same number of employees through their direct or indirect subsidiaries.

International groups are directly concerned by this new legislation: a subsidiary of a foreign group having its head offices in France and employing at least 5,000 employees in France or 10,000 employees in France and abroad will also have to comply with this obligation.

The vigilance plan consists of “reasonable diligence measures” to identify risks and prevent serious infringements by their direct and indirect subsidiaries, subcontractors or suppliers (including those of their subsidiaries) to human rights, fundamental freedoms, health, personal safety and environment.

This vigilance plan, established in association with the stakeholders of the company, must include the following measures:

  • Risk mapping identifying, analyzing and prioritizing risks in the areas covered;
  • Procedures for assessing the relationships of risk-taking entities using the established risk mapping as a reference;
  • Mitigation and prevention of serious harm;
  • Alert procedures established in consultation with union representatives;
  • A mechanism for monitoring and evaluating these measures.

In the event of non-compliance, the company can be called upon by any person with an interest to act. It will then have 3 months to comply with its obligations. If the company still doesn’t comply, it may be subject to an injunction and a penalty payment ordering it to comply with its obligations. The corporation incurs tort liability if its failure to do so causes harm to somebody. Initially, a heavy civil penalty was provided, but the Constitutional Council censured this provision for lack of clarity and precision of the infringement. Henceforth, companies no longer incur the risk of a civil fine of up to € 10 million or even € 30 million.

Lastly, with the forthcoming transposition of Directive 2014/95/EU on the disclosure of non-financial information and diversity information by certain large undertakings and groups, the current anti-corruption framework and vigilance framework will be further strengthened through transparency obligations on the same topics.