The effectiveness of a compliance program is based in practice on its ability to meet the requirements set by the competent anti-corruption regulatory authority in the event of an inspection.
Both in France and in the United States, the anti-bribery regulatory authorities have issued guidelines on the expected features of a compliance program and on the aspects of it that are subject to particular attention in the event of a control.
The recommendations of the French Anti-Corruption Agency (AFA) in France and the Department of Justice (DoJ) in the United States have many converging points. However, differences also persist between the approaches of these two authorities, which we will try to highlight in this article.
Each company must obviously pay particular attention to the recommendations established by the authority of the country or countries in which it operates. In this regard, it is relevant to analyse the Franco-American differences (I). However, this territorial dichotomy is largely overtaken by the extraterritoriality of US compliance rules, which are often applied well beyond US borders (II).
I. Analysis of Franco-American differences in the recommendations of anti-corruption authorities
A. AFA and DoJ adopt many similar recommendations
Firstly, both authorities highlight that each compliance program requires a case-by-case analysis. Guidelines issued by the authorities are common to all companies and organisations, but the authorities stress that their application must necessarily take into account the individual specificities of each company or organisation.
Secondly, both AFA and DoJ make risk mapping an essential prerequisite for the implementation of an effective compliance program. The compliance program must address directly the risks identified by the risk mapping, as these risks are specific to each organisation. The role of risk mapping is therefore fundamental in the implementation of an effective compliance program.
Recommendations from both authorities also concur on the need for real commitment from the organisation's governing bodies. Management must be strongly involved in the implementation of the program to detect corruption and influence peddling and convey this message. At the same time, all procedures and policies initiated and overseen by senior management (such as the human resources policy) should incorporate the anti-corruption goal.
The objective advocated by both control authorities is the same: the organization must put in place an effective system.
Both authorities also emphasise the need to put in place dissuasive and effective sanctions as part of the compliance program. However, French and American approaches are slightly different in this respect. While AFA focuses primarily on sanctions for prohibited conduct, which may include disciplinary sanctions in the internal regulations, DoJ places greater emphasis on the objective of incentive for compliance.
Finally, both AFA and DoJ pay particular attention to mergers and acquisitions (M&A) transactions. The DoJ thus considers that an effective compliance program must include comprehensive due diligence of acquisition targets. In addition, any risk of unethical behaviour during the due diligence phase must be identified. The organization must also determine how the operational functions responsible for compliance have been integrated into the M&A process. Finally, the company concerned should implement compliance policies and procedures in the new entities created as a result of the transaction. Since April 2019, the AFA has launched a public consultation on a practical guide on "Anti-corruption investigations in the context of M&A", demonstrating the importance that AFA has attached to this issue. This guide aims to raise awareness of the companies on the need to carry out audits and thus identify corruption risks prior to the completion of the operations.
B. Specificities of AFA recommendations: the key role of the code of conduct
AFA pays particular attention to codes of conduct. The content of the code of conduct is explained in AFA recommendations. The code must describe the prohibited situations and behaviours as well as the sanctions applicable in case of prohibited behaviour. In particular, it must precisely cover a certain number of prohibited or supervised behaviours: gift and invitation policies, facilitation payments, conflicts of interest, sponsorship, and, where applicable, representation of interests (also known as lobbying).
C. Specific features of DoJ recommendations: independence of the compliance program
The operational autonomy of the "compliance officer" or compliance function and the resources of the compliance program are also subject to special attention from the DoJ. The US authority emphasises that prosecutors should therefore attach particular importance to the question of the adequacy of staff and resources within the compliance department. The persons in charge of compliance must have sufficient seniority within the organisation, and they must have adequate resources at their disposal as well as real autonomy regarding management. In US groups, it is common practice and recommended that the compliance function should report directly to and be accountable to senior management.
D. Differences in approaches between AFA and DoJ regarding warning systems
Internal alert system is also subject to special attention from the AFA. Under French law, this is the system whereby a person known as a "whistle blower" will report serious breaches against the general interest, such as the existence of corrupt practices or influence peddling within the company. The DoJ also requires the establishment of such an alert system and even encourages to pay whistle blowers for the most relevant alerts.
AFA's requirements in this regard are different. The French Anti-Corruption Authority specifically lists the elements that must be specified by the internal alert system (e.g. the person functionally designated to collect alerts within the organisation; the reporting procedures in place). AFA also specifies that if alerts are processed automatically, the data processing policy for these alerts must be specified and, in the European Union, it will have to comply with the GDPR. Furthermore, it should be recalled that under French law, the whistle blower must act in good faith and in a disinterested manner. Under no circumstances may remuneration be paid to the whistle blower, which is fundamentally different from the American system.
II. Overcoming Franco-American differences and the problem of extraterritoriality of compliance rules
DoJ and AFA thus have different approaches on a number of program points and established criteria for measuring the effectiveness of a compliance program. Depending on the territory or territories in which the company operates, it is obviously necessary to ensure that the program complies with the recommendations of the authority in question.
However, many compliance programs intended to be applied in France must take into account the requirements of the DoJ. The broad extraterritoriality of the US anti-corruption law, the Foreign Corrupt and Practices Act (FCPA), is well established. The FCPA allows French organisations to be subject to the US regulator in a variety of situations.
The FCPA allows the United States to prosecute any natural or legal person who has committed an act of corruption, if there is a connection between the offence and the American territory. As the criteria for connecting links are not defined by law, the US authorities can use various methods to characterise the link between the facts in question and their country. The FCPA allows the United States to prosecute any person or entity that commits bribery if there is a link between the offence and U.S. territory. The application of the FCPA is built on strong extraterritoriality, based on malleable connecting points. Thus, any 'US Person', i.e. any legal person under US law (e.g. US subsidiary of a foreign company) or US citizen, but also any person involved in the commission of a bribery or complicity offence on US territory is subject to the text. The application of the FCPA may also be based on the use of a bundle of indicators such as the involvement of US servers or the use of US dollars for illegal transactions.
A very large number of organisations are therefore likely to be directly affected by the DoJ's guidelines on the effectiveness of compliance programs. Special attention should therefore be paid to this issue, even if the organisation in question appears at first sight to have a connection only with French territory. The difficulty lies in the need to conciliate the - sometimes divergent - guidelines of the DoJ and the AFA.