The AFA published an English version of the anti-corruption compliance guidelines in January 2018, following the release of the French version in December 2017. The guidelines supplement the requirements laid down in Sapin II, introduced in December 2016, and are designed to assist entities across France (and those connected to France) in complying with them. Under Sapin II, public sector bribery offences have been extended to include foreign conduct by individuals “habitually residing in France” or entities “having all or part of their economic activity in France”. Additionally, Sapin II introduced the option of entering into a settlement agreement, a ”Convention Judiciaire d’Intérêt Public”, similar to UK and US deferred prosecution agreements (DPAs). Sapin II also introduced mandatory anti-corruption compliance measures (see In context December 2017) for companies of a certain size and certain revenue. As a result, those companies will now have to introduce specific measures and procedures in their compliance programmes, including a code of conduct, an internal reporting mechanism, and accounting controls.
Sapin II also established the AFA, which will be responsible for monitoring compliance programmes and their implementation, as well as auditing companies covered by the legislation. Additionally, the AFA can impose sanctions on non-compliant entities.
The new AFA guidelines are now available in both French and English. They provide a framework to help top management prevent and detect corruption by offering corruption risk training, establishing a code of conduct and a whistleblowing system, and carrying out risk mapping and due diligence with respect to third parties, as well as setting up accounting control procedures and an internal monitoring and assessment system.
The guidelines suggest that top managers adopt a zero-tolerance policy for corruption risk, and should incorporate anti-corruption measures into company policies and procedures. The guidelines also recommend that organisations adopt an internal and external communication policy to inform all individuals associated with the company about the anti-corruption objectives. Furthermore, the guidelines set down thorough compliance training, especially for managers and employees most exposed to the risks associated with corruption.
The company’s code of conduct, in written form, should specify the type of behaviour that the company expects, and that which is prohibited. It should also provide practical instructions on how to address certain behaviour, including sanctions. The practices which the code of conduct should specifically address include gifts, invitations, facilitation payments, conflicts of interest, patronage and sponsorship and, where appropriate, lobbying. Furthermore, the guidelines recommend implementation of an internal whistleblowing system, and incorporating information related to this whistleblowing system into the code of conduct.
The guidelines also address a six-step method for corruption risk mapping. This is aimed at identifying factors which may affect the activities and competitiveness of the company and thus pose a threat to its compliance. Risk mapping facilitates identification of the risks and exposures to corruption, and allows an evaluation of the appropriateness of the risk-management methods designed to limit exposure to potential non-compliance.
In addition, the guidelines recommend due diligence (and related procedures) when engaging in business activities with a third party, to prevent companies from being implicated in misconduct by that party. Companies should also adopt specific anti-corruption accounting control procedures to fully monitor cash flows according to the AFA specifications.
Finally, companies should implement an internal monitoring and assessment system to detect and prevent corrupt practices in a timely and effective manner. This monitoring system should involve internal auditors responsible for review and analysis of the implementation of anti-corruption measures.
Despite their non-binding character, the guidelines provide a useful indication on how companies should address the new requirements under Sapin II. This is particularly important in the context of increasingly strict and complex anti-corruption rules worldwide. The introduction of Sapin II is generally seen as a new era of French anti-corruption enforcement, similar to other internationally-enforced regimes. Indeed, the AFA has already started performing audits on companies affected by Sapin II to verify that their compliance systems are on par with the law’s requirements.
We therefore advise companies to familiarise themselves with the details of the guidelines and the scope of application of Sapin II, and to incorporate these guidelines into their internal practices.