Aug. 30, 2016


Compliance law

by Marie-Anne Frison-Roche

This publication must be cited as follows: Frison-Roche, Compliance Law, Working Paper, 2016,

This article provides a basis for an article published  in the Recueil Dalloz  in French : "Le droit de la compliance".

‘Compliance’ issues have been increasingly discussed in recent years. Articles, handbooks, soft law, decisions or definition have been written. But nothing really converges. The term ‘conformity’ [conformité in French] is used in parallel, or even instead of the usual concept of compliance. There are as many definitions of what compliance is as there are authors writing on the matter. And yet it is used in manifold ways, from Competition law to International Finance law, from the hardest law (enforced with the help of the most stringent sanctions) to business ethics, according to which behaving should be enough to be compliant. At a time when compliance invades law, it should be first noted that we are too shortsighted to grasp the mechanism (I), whereas it is necessary to build a comprehensive Compliance law (II).

Read developments below.


Compliance is an ‘odd concept’ (A). One might indeed understand it either as a behavioral program set by an undertaking on a voluntary basis, or as a regulation with a global scope enforced with unprecedented sanctions (B).



Compliance is strange indeed, because of the plasticity of its definition (1), to its literally foreign origin (2) and its untranslatable character (3), which leaves the definition of the compliance open to everyone (4).

1. Compliance, from a non-legal idea to a tautology of the Law

Compliance may refer to the fact of behaving well, of spontaneously taking into account the interests of others. As it is originally linked to moral principles, compliance takes place in business ethics!footnote-566, according to which the powerful supports the interests of the other contracting party or of any third parties who depend on this party. The set will be framed in charters or other documents that are unilaterally drafted by large economic companies. Compliance is thus strongly linked to the "corporate social responsibility"!footnote-571 of those companies that have the actual means to be good. Henceforth, compliance would not be a legal concept.

While reading at other sources though, one might find yet another assertion that compliance conversely refers to the commitment an operator makes to comply with all the regulations!footnote-570. That is, however, even less understandable, since someone subject to a regulation should not need to commit to comply with it. The growing concern of ethics would instead be that there are ways by which the company moves away from ‘external’, binding law, that is to say away from the compliance... Isn’t it so, however, because regulations increasingly force into companies using compliance as a break-and-enter tool? As a special issue maliciously considered, should we all end up saying that " Ignorance of the Compliance is No Excuse!footnote-572 since compliance is taking over the role of the Law? There is more: texts as a whole, among which regulations, require their subjects to participate in the definition of Law. That is where tautology lies: compliance would be a concept that is so legal that it ends up becoming useless.

2. Compliance as an American-originated, indirectly and brutally imported idea

Compliance, understood as the formulated requirement for a given company to give to see it is organized so that everyone who depends on it behaves according to the regulations in force, is an American idea.

The company proves beforehand that its entire structure, as well as anyone who depends on it, is consistent with the general rules of the system which itself depends upon. Thanks to this considerable effort, the company evades the burden of a hazardous Ex Post: compliance is the equivalent of the Anglo-American probationary maxim: Comply or Explain.

It is through the theories of banking and financial economics that were developed in the United States that compliance has arrived in Europe!footnote-573. The financial crisis served as a ship!footnote-576. At the very heart of compliance is the obligation to prevent and alert about a possible violation of the rules via banking and financial flows, both for the security of banking and financial system itself and for these flows to reveal. The subjects of the compliance will not be the actors of operations but those who manage the flows, namely the banks: as they hold the information, they have to monitor, intervene, denounce, to serve the purposes of a banking and financial system whose goal set by the regulator (i.e., integrity and transparency) will eventually rely on the operators. This backdoor will return with great violence: convictions for lack of compliance of the major international operators, including in the banking and financial sector, will likely be measured in billions of dollars.

3. Compliance as an untranslated or untranslatable term

Compliance is even more hardly understandable!footnote-575 since it cannot be translated in the other languages (French, for example). In many countries, Compliance Officers multiply without their job title being translated in national language. In France, the use of “conformité" [conformity] as a synonym and possible translation for ‘compliance’ only shows the decision makers’ embarrassment in translating the concept, since the obligation to conform to regulations precisely is what binds together any subject of a regulation to the Law as a whole.

4. Compliance as an open definition

As the French saying goes, compliance is now an “auberge espagnole!footnote-574 [roughly translated as a party where everyone brings along the food they wish to eat]. While one will see a moral obligation to care about humanity, the other will understand a unilateral commitment not to repeat a past misconduct, or a commitment agreed upon with the regulator as a result of a sanction, a specific obligation under international rules on financial flows, a specific obligation to find information and pass it on to public authorities, etc. But when the device is so expensive to operators and gives so much power to the government, such an open definition is not sustainable– for it seems that anyone understands it as it wishes, but also since such a comprehensive definition ends up including all sorts of techniques that are strangers to each other, or that are even opposed to one another.



Compliance has emerged as the autonomous form of expression of a company that offers to self-regulate after it has been imposed a sanction (1), but it has started reversing and taking a global boom as the powerful expression of Banking and Financial Regulators which internalize the performance standards set by them in companies (2).

1. The emergence of compliance as an expression of the willingness of a company to change to be in line with what law expects from it: the ex-ante as the follow-up of a sanction

That is the definition that is most used in Competition law, whereby a company condemned by the Regulator adopts a "compliance program". Understood as a means to self-regulate, such a program—which includes training, new jobs, etc.–demonstrates the willingness of the company to ensure that its misconduct will not repeat in the future.

This commitment intervenes ex ante; however, not only does it originate from the company itself, but its scope is limited to the prevention of anti-competitive practices. The sanction is the cause.                                                         

2. The explosion of compliance as the global and limitless reign of relentless regulations

Conversely, in international commercial law, or in banking and finance law, compliance is the expression of the will of governments to impose rules which they do not have the strength to ensure the effectiveness of: lawmakers or government Regulators thus adopt standards that we might dub "monumental" considering their huge goal: e.g., the end of corruption, or the end of any trade with a country they consider unworthy of (embargo) or end of the terrorism— that is to say, global ills.

Regulators thus internalize the implementation of these monumental public standards into structures that are de jure and de facto informed and powerful: multinational companies which operate international financial operations. Hence compliance is the global internalization of a local public regulation within supranational companies that are designated as effective agents of global, monumental goals.

Since the goal set by public authorities is legitimate (fight against terrorism, crimes against children, drug trafficking, etc.), the company is bound. It can only outbid the ‘compliance device’ it is implementing to achieve the purpose of Regulation. If its organization and behavior is not consistent with the provisions taken by the laws in the very specific areas that are monitoring international and global financial flows to detect systemically harmful behaviors, then the company is sanctioned and cannot oppose neither any justification nor its own legal system: that is how regulation applies “relentlessly”. Sanction is not the cause of compliance anymore, but rather its consequence.

Anyone can measure that the single word of compliance actually includes foreign and opposite techniques. It should be noted that in the field of the law, when concepts are not defined properly, then control over them is lost and nothing can be done anymore to prevent power from replacing the Law. This is even more true for European undertakings, since these compliance techniques have been developed outside of Europe but are now applied extensively on European companies, which discover their fate on a case-by-case basis.

Compliance law should thus be built, and its components firmly determined.



It is necessary to build a new branch of law—Compliance Law (A) as well as to determine who would be in charge (B) and what would its guiding principles be (C).



Accordingly, economic operators should be disciplined and accountable; however, it is unacceptable to make their fate dependent on case-by-case assessments based on concepts whose sense keep fluctuating. If the objective is merely to affirm that the operators must comply with the laws, then we must challenge the very existence of compliance and recall that compliance with the Law is always assumed.

However, if the stance is that Law can be dissociated from the State, and that it is legitimate to fight against global ills such as terrorism, then it can be argued that national spaces are too narrow, that international treaties are inadequate and that the States lack both money and information to achieve such objective.

It is then legitimate to consider that a set of various duties to ‘inform to inform’ rely on powerful operators, this ex ante system of compliance being the consideration for the position of power.



1. States and Regulators as the issuers of compliance standards

Political bodies shall be responsible for setting the goals companies must achieve. There is a consensus on the determination of global ills. The United States are neither the moral conscience nor the legal voice of the world despite their technical ability to punish everything all over the world. Europe must express an equal ambition which would imply the same technical consequences.

2. Crucial undertakings as the activating bodies of the compliance standards

Undertakings that are willy-nilly charged with the duty to inform themselves in order to inform others are those in position to have information on practices that fuel global ills or that may affect global public goods, including the trust in the economic and financial system. Their nationality is irrelevant—only their ability matters. They can be condemned and compelled to be ‘able’, provided they are they are sufficiently powerful to assume such a burden. Banks or companies managing digital platforms are likely to be designated, but all companies that have a "crucial" position in a sector or industry are concerned.

There will thus be a certain marriage of convenience between the crucial undertaking that has or should have the information and the Regulator which pursues the systemic goal (e.g., the fight against terrorism or crimes against children). This will not raise any issue if the Regulators at stake are ‘Information Regulators’, such as Banking and Finance Regulators or the Regulators in charge of the digital space. But if the capture and transmission of information by the company is driven by an objective that is not intrinsic to the sector, such as the protection of nature or of the human species, then the relevant authorities would rather be public authorities or ministries.

3. Judges

As compliance involves a continuum between the Ex Ante and Ex Post stages, courts and Regulators assuming a sanctioning role are essential, as well as the various commitments and compliance programs implemented by companies, including the presence of compliance officers after a sanction has been imposed on the company. Nonetheless, this compliance officer, hand of the judge, must respect the secrets and rights of defense.

Both European Courts (ECHR and ECJ) and the texts on the Banking union should be enriched so that such devices are set to apply to all critical undertakings, including non-European companies which do not sufficiently contribute to the information in Europe for completion of global goods and the fight against global ills.



1. On the necessarily (?) global scope of Compliance law

Compliance has developed in financial law because finance is global, and sanctions are imposed by the United State because operators think that their global reach through the United States. A single State thus imposes its own law invoking global hopes, such as the end of terrorism.                           

However, the economic power of Europe and of the new Banking Union can enable Europe to endorse the same hopes; furthermore, nothing separates the two legal areas in these common struggles against child crime and the protection of intellectual property. What will change is the conceptualization of the key concepts of Compliance law that can develop from a continental European law, which is not casuistry and probably safer, and which has an equally wide range, as shown with European Competition law or Data Protection law.

2. A clear identification of the source of the obligation and of the responsibility ensuing

The guiding principles of Compliance law shall be clear, and they shall not depend on situations or on arrangements. The company should be obliged under a general text and not by its own will: however, the various charters that spray mandatory standards complete the blurriness of compliance and weaken operators.

Compliance law does not appeal to the morality of agents in charge of its implementation, nor is available to companies who are subject to it. Companies must be literally responsible in the classic understanding of the term.

3. The transformation of the probationary system

One must be aware of the actual weight that Compliance law represents for crucial undertakings, as it is consideration for their position and their power in terms of information that are decisive to the pursuit of global goods and ills others are concerned about.

This is why companies must be protected against their main risk, which often occurs: unforeseen and random sentences, whereas compliance devices had been implemented in good faith.

The classic rules of law must be respected in Compliance law, where repression is placed at heart: a general norm that is known and that has been previously established, non-casuistic application of the law, and a set of pre-established rules on evidence gathering.

Anyone kept posted on global economic and financial news can measure the extent to which Compliance law remains to be built and how urgent it is now to do so.


The Revue Internationale de la Compliance et de l’Ethique des Affaires (International Review on Compliance and Business Ethics) is exemplary in this regard


See, e.g., Classiot, O., Renouard, N., « De la compliance à l’éthique des affaires, de la règle descendante à la culture partagée, de la direction juridique à la direction RSE. Analyse d’un changement clé dans l’approche des entreprises », in Revue Internationale de la Compliance et de l'Éthique des Affaires n° 1, 2016. This strong ‘compliance’ movement is often taught in Business school like business ethics or in parallel with it.



In this sense, see the communication of the European Commission in 2013, Compliance matters!


Similarly, in her introduction to a complete issue entitled Are large companies outside the law? (2016), Marjorie Eeckhoudt writes “Trop complexes pour faire l'objet d'une réglementation classique, les grandes entreprises sont pressées d'appliquer une nouvelle forme de réglementation : la compliance à laquelle le législateur européen et national renvoie désormais. Cette politique de compliance consiste pour les entreprise à mettre en place un dispositif visant à assurer la conformité des pratiques aux règles de droit” (which can be roughly translated as "Too complex to be a classic regulation, large firms are pressed to implement a new form of regulation: the compliance with which the European and national legislature now returns this policy. of compliance is for the company to set up a mechanism to ensure that practices comply with law ") (p. 152).


In that same spcial issue, Björn Fasterling defines compliance as follows: “Le terme compliance, traduit par "conformité", peut être définit par son résultat prospectif comme "l'adhérence aux règles". Mais le terme compliance s'entend également comme la gestion d'un système d'information et de communication ayant pour but de protéger les intérêts de l'entreprise dans la mesure où elle est exposée au risque de violation des règles juridique et éthiques. Du point de vue de l'État, la compliance s'assimile à la tentative d'influer, par voie de réglementation, sur les systèmes de gestion de façon à ce qu'ils assurent une meilleure prévention, identification et sanction des infractions’ (which can be roughly translated as "The term compliance, translated as “conformité” can be defined by its forward-looking statement as “adherence to rules”. But the term also refers to the management of an information and communication system for the purpose of protecting the company's interests to the extent that it is at risk of violation of legal and ethical rules. From the State’s perspective, compliance is equal to their attempt to influence, through regulations, the management systems so that they provide better prevention, identification and punishment of offenses") (p. 218).


As the French system Law says "Nul n'est censé ignoer la Loi", and now  we can say "Nul n'est censé ignorer la compliance" .... In this sense, Creux-Thomas, F., Nul n'est censé ignorer la compliance ?, 2011.


On the historic development, see, e.g., Lefèbvre-Dutilleul, V., Codes de bonne conduite – Chartes éthiques, 2012, n°5°, p. 11 et s. "Origine américaine”


Plihon, D., Global Regulation in the Altermath of the Subprime Crisis, in  Crifo, P. and Ponssard, J.-P., Corporate Social Responsability : From Compliance to Opportunity ? , 2010


French lawyer Virginie Lefebvre-Dutilleul calls an illustrative definition the one that’s on ENGIE (formerly GDF Suez) website: “L'éthique a pour définition l'application concrète de ce qui est moralement acceptable, conforme aux valeurs, dans une situation donnée. La compliance regroupe l'ensemble des dispositifs à mettre en oeuvre pour parvenir à l'objectif de conformité. Éthique et compliance constituent ainsi les deux faces d'une même réalité qui concernent tous les collaborateurs du Groupe et qui par conséquence doit être portée à leur connaissance à travers une organisation dédiée et des référentiels existants” (roughly translated as “Ethics is the practical application of what is morally acceptable, consistent with the values in a given situation. Compliance includes all the devices to be used to achieve compliance target. Ethics and compliance are the two sides of the same reality that affect all Group employees and which consequently must be brought to their knowledge through a dedicated organization and existing repositories”) (Lefèbvre-Dutilleul, V., Codes de bonne conduite – Chartes éthiques, 2012, n°18, p.17).


In 2016, ENGIE kept and further developed this definition: “Agir en conformité avec les lois et les réglementations : En toutes circonstances, les collaborateurs du Groupe doivent observer les réglementations internationales, fédérales, nationales, locales ainsi que les règles de déontologie professionnelle relatives à leurs activités. Ancrer une culture d’intégrité : L’intégrité prescrit d’éviter tout conflit entre intérêts personnels et intérêts du Groupe. Elle forge la conviction que l’on a le devoir de respecter certaines valeurs. Elle crée ainsi un climat de confiance et constitue un bouclier contre les pratiques de corruption. Faire preuve de loyauté et d’honnêteté : Les collaborateurs tiennent leurs engagements en temps et en heure. Chaque fois qu’ils communiquent, avec l’extérieur comme en interne, ils le font de bonne foi, dans un esprit constructif, avec le souci d’une information sincère, précise et complète. Respecter les autres : Ce principe recouvre notamment le respect des droits des personnes, de leur dignité et de leurs singularités, ainsi que le respect des cultures. Il s’applique également aux biens matériels et immatériels appartenant à autrui." (which can be roughly translated as “Act in accordance with laws and regulations: In all circumstances, Group employees must observe the international regulations, federal, national, local and the rules of professional conduct for their activities. Anchor a culture of integrity: The integrity required to avoid any conflict between personal interests and the interests of the Group. It forges the belief that one has the duty to respect certain values. It creates confidence and provides a shield against corrupt practices. Show loyalty and honesty: Employees keep their commitments in a timely manner. Whenever they communicate with the outside and internally, they do so in good faith, in a constructive spirit with the aim of sincere, accurate and complete. Respect others: This principle includes in particular the rights of the people, their dignity and their singularities and respect for cultures. It also applies to tangible and intangible property belonging to others”)


Such a definition is surprising considering the technical definition conferred to legal deontology and considering how the legal system always distinguished legal rules from moral ones, whereas they are completely confused here. See, e.g., Gutmann, D., L'obligation déontologique entre l'obligation morale et l'obligation juridique, 2000.


See, e.g., Lefèbvre-Dutilleul, V., Codes de bonne conduite – Chartes éthiques, 2012, who exposes the various attempts to define the notion ("tentatives de définition" (n°15 et s.), p.16 et seq.), while considering that compliance relating to the banking and finance sector is specific and has a different meaning that the usual acception of ‘compliance’ in the other sectors (n°14, p.15).

comments are disabled for this article