French Anticorruption Agency's 2021 Activity Report: Methodological Weaknesses Cause Compliance Program Shortcomings
Despite the efforts made by companies to comply with the requirements of the Sapin 2 law, most anticorruption programs in France remain qualitatively insufficient.
The French Anticorruption Agency ("FAA"), a national regulatory authority created by Law 2016-1691 of December 9, 2016 ("Sapin II law"), has just released its 2021 activity report.
An analysis of the inspections the FAA carried out on economic actors (i.e., companies in the private or competitive sector) points to some key conclusions.
First, the FAA determined that there has been quantitative progress in the implementation of aspects of corporate compliance programs consistent with FAA guidance. In this regard, the FAA noted that of the 34 inspections it carried out on its own initiative in 2021 concerning economic actors, 25 showed no breach of the obligation to implement and deploy the compliance procedures and systems provided for in Article 17 of the Sapin II law. The remaining nine inspections revealed various deficiencies relating to certain compliance program components—namely, a risk map (two cases), a third-party assessment system (six cases), and a training system for the most exposed managers and employees (one case).
On the other hand, in its 2021 activity report, the FAA cites major shortcomings from a qualitative perspective. In a large majority of the inspected companies, the quality and effectiveness of the measures and procedures put in place were found to be inadequate. In particular, the FAA found deficiencies with regard to:
- 85% of the risk maps;
- 67% of the processes for identifying the most exposed employees and the content of anticorruption training;
- 91% of third-party assessment systems;
- 92% of measures for monitoring and controlling the anticorruption system; and
- 100% of accounting controls.
Put simply, these figures show that with respect to many of the inspected companies, the FAA was unconvinced of the effectiveness of the compliance measures they have put in place.
This is notable because the deficiencies cited in the FAA's activity report relate to core measures and underscore the necessity of adopting rigorous and coherent methodologies that can be defended before the FAA on a rational and logical basis.
In particular, the development of risk mapping (like that of the evaluation and monitoring procedure over time) requires the adoption of a quasi-scientific approach. The methodological options chosen, as well as the choice of mathematical variables, must not only be documented but also explained in terms of objective criteria. The overall consistency of the system implemented and the precise identification of the specific characteristics of the company concerned (sector of activity, geographical area, governance, etc.) would be relevant factors to present in the event of an FAA inspection.
The FAA report demonstrates that the agency has a multidisciplinary team composed of agents with varied profiles from both the civil service and the business world, including magistrates, engineers, and experts in the audit field. It also provides a good reminder that companies that engage with the FAA are generally well served by likewise having the assistance of advisors with similar perspectives, skills, and competencies.