Jan. 2, 2019



by Marie-Anne Frison-Roche

ComplianceTech©. Pour lire ce document de travail en français, cliquer sur le drapeau français

This working paper has served as a basis for an article published in French in the collective publication Pour une Europe de la Compliance in the serie Regulation & Compliance.



Compliance is often presented as a complex, technical, almost incomprehensible set, in that it consists only of empty and moving procedures, mechanical corpus about which the goal would be a question that would not arise.

The question of the purpose of these huge compliance devices might not even have to be asked. And this for two reasons.

Firstly it would only be a matter of following "processes", that is, mechanical and endless procedures. This conception of compliance is often called "kafkaes". Closer to closer, one thinks first of all of the book written by Kafka's The trial l and Welles' adaptation to the cinema in which the charcters are surrounded by walls that are narrowing around them, but it is rather to his novel In the penal colony that must be thought, that is to say to a procedural system of isolation which we do not understand the foundation, which makes it without foundation and without end but also which takes mainly the form of a machine in which the person is placed and which mechanically writes the Law on and under the skin of his back. This internalization of the rule in the body of the condemned - that the French legal system before the French Revolution associated only with "enormous crimes" - being the ordinary way of actual and ordinary application of the rules can correspond to a certain vision of the Compliance, detached from any purpose.

The question of the purpose of Compliance may also not have to arise for a second reason, almost the opposite: they would always be devices that are specific to particular sectors. Thus, the banking sector, the insurance sector, the drug sector, the agri-food sector, the telecommunications sector, the energy sector, etc. Then the opposite happens: too many goals! Since each of these sectors has specificities such that it includes purposes that are specific to each of them. For example continuity for energy, access information for telecommunications, control of systemic risk for banking and finance, protection and secret for private information, etc. Now, either these ends so diverse are indifferent to each other, or they can contradict each other. Therefore, to ask the question of the purpose of compliance mechanisms would be to move to the stitution of not even trying to understand "processes" to be exceeded by too many substantial purposes pursued at the same time and in contradictorily senses ... .

This is why the question of the purpose of the Compliance is not asked in a main way. Even less if it is superimposed with another goal that is the European construction ....

But on the contrary, if we confront this question of the aims of the Compliance Mechanisms by crossing it with another issue, older but also under construction, namely the question of Europe, it is possible to make an alliance of these two difficulties to transform them as an asset. That one can help the other. Indeed, both Europe and Compliance in their current states are two constructs with uncertain goals or behaviors most often only "reactive" (I). If we do not want to mobilize all our strength to limit our weakness, which leads rather to feed it, we can go draw on the unity of this Europe so diverse but which finds it unity in the protection of the human being by the very idea of ​​"person". However, Compliance Law can have the same unity, despite the diversity of sectors, and thus fill the meaning of these multiple procedures, providing the balance between information and secrets, circulation of data and conservation of that they concern, common and dialectic purpose that this European Compliance Law. in the process of being constituted can give the world an example in relying on the European tradition  (II)

Compliance is often presented as a complex, technical, or incomprehensible set of rules, in that it consists only of empty and moving procedures, a mechanical corpus about which finality would be a useless interrogation.

The question of the purpose of these huge compliance devices might not even have to arise. And this for two reasons.

The first reason is that it would be only a question of following "processes", that is to say mechanical and endless procedures. This conception of compliance is often called "Kafkaesque" and refers to it as such. Effectively, we think first of Kafka's Trial and  its Welles' adaptation to the cinema in which the interested parties are in narrowing rooms around them, procedures that do not lead to the judge, procedures whose object is never said, whose the sole available information is the existence of a reproach of which the person is the object.

It is with his novel In the Penal Colony that we must however conceive the concordance, that is to say, with the same procedural system of which we do not understand the substance, which makes it without any substance and without end, but which takes mainly the form of a machine in which the person is placed, machine that mechanically writes in the skin of his back the law of which he is the object and that he does not know, this internalization of the rule in the body of the condemned - a method that the Old Regime associated only with "enormous crimes" - this machine and its mechanical movement being the usual way of actual and ordinary application of the rules.

In this conception of Compliance, mechanism whose primary concern is the effectiveness of rules by internalization in entities, rules whose contents are not known because of their mass and which are not understood because it we should learn them one by one!footnote-1455, the question of their purpose continues to not arise. The solution appears: the machines. Indeed, they can take care of Compliance. It would be necessary but it would be enough to build a machine which "reads" all the regulations: it is the solution proposed by the "artificial intelligence", because the expression of "artificial intelligence" does not integrate the notion of finality, returning only to the ability to effectively perform a technical action!footnote-1448. We could then go from the mechanical application of the obligations (Compliance), way to what some propose, that is to say a mechanical design of laws by the algorithms that can make as many laws as there are obligors.

The question of the purpose of Compliance may not even have to arise for a second reason. It would still be sector-specific devices. Thus, the banking sector, the insurance sector, the drug sector, the agri-food sector, the telecommunications sector, the energy sector, etc. For every sector, a specific goal exists, which demands specific compliance mechanisms. It is the opposite that happens: no more no goals but too many goals!

Since each of these sectors has specificities such that it includes specific purposes. For example continuity for energy, transmission of information for telecommunications, control of systemic risk for the banking and financial sector, non-transmission for privacy, etc. Or these so diverse goals are indifferent to each other, or they can contradict each other. Therefore, to ask the question of the purpose of the mechanisms of Compliance would be to go from the previous state, consisting of not trying to understand "process", being exceeded by too many aims pursued at the same time, even contradictorily ....

This is why the question of the purpose of Compliance is not posed in a main way. Even less if we want to superpose it with another goal that is the European construction ....

And yet, if we confront this question of the aims of the Compliance Mechanisms by crossing it with another issue, older but also under construction, namely Europe, it is possible to turn the alliance of two difficulties into an asset. That one can help the other. Indeed, both Europe and Compliance in their current states are two constructions with uncertain goals or behaviors most often only "reactive" (I). If we do not want to mobilize all our strength to limit our weakness, which leads rather to feed it, we can go draw on the unity of this Europe so diverse, which finds its unity in the protection of the human being by the very idea of ​​"person". Compliance Law can have the same unity, despite the diversity of sectors, and thus fill these multiple procedures with meanings, providing the balance between information and secrets, the circulation of data and the guarding of what they concern, a commo and dialectic goal  with which this Compliance Law is being set up and can give a worldwide example by drawing on the European humanist tradition (II).



At first glance, what Compliance and Europe have in common is their failures. Associating them would then be worsting their depth and consistency. Indeed, the main concern of Europe is often to "react" against the compliance mechanisms imposed by the US Regulators, thus placing Europe in a position of defense (A), while Europe always uncompleted increases the merely sectoral dimension of Compliance, which pulverizes the aims of the latter (B) and highlights as a common element only the processes, an empty procedure which aggravates the lack of meaning that is reproached to it but also corresponds to a conception that some have of Law, namely to be only a form of constraint, without content, an empty definition that can only harm Europe (C).



If we admit that Europe is an area that is being built, that it is not "natural", that it will not be made "all by itself" and that we want Europe to happen as an area, that is to say a space with limits that differentiate it from the outside and open it to this exterior, according to the distinction made by Alain Supiot between "Globalization" and "Mondialisation"!footnote-1393, so there must be an "action of construction".

For there to be an "action", there must be a goal, that is, a project. The question of the "European project" is constantly debated, but it is little crossed with the mechanisms of Compliance. Acting to achieve a goal corresponds to the definition of human action, the latter setting goals and acting to achieve them, directly or through institutions.

The fact that today we tend to consider that the commercial society is a legal person "instituted"!footnote-1402 as are the public institutions to achieve a goal set in advance, has a close relationship with the subject because it is a question of showing that in both cases they are legal powers which do not just cover such a de facto power but which serve a "mission". Then the question of this "purpose" arises and it is common to say that the purpose of the commercial legal entity is financial gain while the goal of the public person is the general interest, on the one hand, that makes a point of contact between the two, a point of contact through which compliance techniques that serve the public interest can slip into the company!footnote-1404.

If we admit that the existence of an purpose is in the definition of the action, for the moment in terms of Compliance Europe is hardly in a logic of action since it is located in which concerns companies in a logic of passivity (consisting in obeying and paying for violation, which is another modality of obedience) and that it is situated with regard to public authorities in a logic of reaction which excludes a specific goal in that it is to fight against the other, to fight against the possible goal of the other and not to set a goal of our own.

Indeed, for the moment the "Compliance Law" does not have in Europe a goal of its own, just mobilizing its forces to "react" to the deployment of compliance mechanisms,for example against American Compliance Law. Many efforts are devoted to limiting the power of compliance mechanisms. Thus the efforts made on the Compliance are above all efforts against it since it is about "limiting" it. Either intellectually, by the multiple criticisms of which it is the object, or technically by the report of the rules of the public and private international law, reminding that everyone should stay at home, the Americans not having to take thus on the European companies.

This is often developed well in Ex Ante than in Ex Post. In Ex Ante, the reports and the expertises elaborate the ways of countering the extraterritoriality of American law!footnote-1398. Apart from the fact that this would imply that the world is reduced to Europe and the United States, this is a "negative" action, to demand that everyone's Law stays at home. The claim is not illegitimate. Even when it comes to recognizing that the extraterritorial action of the American Regulators could be justified by European inaction, Europe then took advantage of a movement of copying within itself the procedures of American culture, like the so-called "Sapin 2" law, some of which have seen a "translated-pasted" of American Law, that is to say a "reactive" legislation. A transplant, then.

In Ex Post, the reaction was on the part of companies to negotiate to be less sanctioned, especially as to the amounts that the US authorities claimed to obtain. In short, limit the damage. This can not be described as a "goal." This is not an action.

It will be observed that China proceeds differently. It began by closing, managing to remain immune to the extraterritorial effect of foreign Compliance Law, particularly in the banking sector thanks to increasing financial and monetary autonomy. Then, it builds a domestinc Compliance Law by borrowing international standards!footnote-1405, whose application will be left to the Chinese courts and regulators.



In the same way, we can consider that Europe does not help Compliance to find unity, because it has this defect itself. This is why President Koen Lenaerts emphasizes that it is in Competition Law that Compliance, through compliance programs, has  been developed at the European leve!footnote-1406. However, Competition Law is in fact the "common law" of European Union Law.

This can be regretted because, on the one hand, Competition was not conceived as the prior principle of the European construction, and on the other hand, its rise to rank as its first principle has crushed other notions than others. Law branches carry, like Labor Law. It is true that this dual construction of the Europe, between the European Union, quickly called "Economic Europe" and the Europe of the Council of Europe, quickly called "Europe of human rights" , contributed by this vocabulary even to this narrowing which was not in the birth action of the Union. But today, Compliance is more of a support point, a reinforcement of the effectiveness of Competition Law, to prevent anti-competitive behavior rather than punish it, as an autonomous corpus!footnote-1407.

To appear in a specific way, Compliance appears across different sectors. This is how all the regulated sectors transport at the European level the part of Compliance that each has.

For example, the European Banking Union includes the Compliance requirements that the Banking and Financial Regulation itself includes, while the trio of the three quasi-regulators ESMA, EBA and EIOPA express, resume and develop numerous Compliance rules. The European nature of these banking rules does not modify these Compliance mechanisms because they are still mechanisms aimed at managing systemic risk, the European Central Bank having the upper hand.

In the financial sector, the Compliance rules resulting from the rules of the Financial Regulation Law are aimed at the integrity of the financial markets and the prevention of market abuse, which historically corresponds to the reason why Compliance Law was formed in 1930 in the United States!footnote-1408

In the forthcoming "European Energy Union", the compliance rules consist in internalizing in the energy operators the requirements of the European Union of energy in this area, particularly in the use of such or such energy. The fact that all the texts in preparation impose operators' obligations of production or use due to the aim of autonomy and environmental choice show that the European Energy Regulation, permanently detached from the original competitive concern!footnote-1409, a aim "to obtain" safe, affordable and climate-friendly energy ".

In the next "European Energy Union", the compliance rules consist in internalizing in energy operators requirements which are those of the European Energy Union in the matter, in particular in the use of such and such energy. The fact that all the texts in preparation impose on operators production or usage obligations due to the aim of autonomy and environmental choice show that European Energy Regulation, definitively detached from the original competitive concern!footnote-1409, has aim "to obtain" safe, affordable and climate-friendly energy ".

As far as digital is concerned, there is only one "digital strategy for Europe" because what is described as the "digital single market" is only an extension of the competitive principle to new (digital) services or to new goods (information) but has no other purpose than that of the competitive market, a tautological purpose since the purpose of the competitive market is the proper functioning of competition. This made the protection and even the survival of copyright so difficult.

But if we take the pharmaceutical sector, observing in particular the activity of the European Medicines Agency but we also observe that "Compliance" is no longer only the compliance of companies with regulations but with "l patient adherence to medical advice "!footnote-1413.

As we measure from sector to sector, the aims are largely or even completely different. In this perspective!footnote-1410, because the European Union has not yet found a better unity than the Competition Law, the Compliance Law as a constituent by which operates the increase of efficiency of the Competition Law, while becoming the twin brother of Regulatory Law, which makes Compliance Law sectoral. Double shrinkage; starting double handicap.

Indeed, Compliance Law consists in internalizing the various sectoral Regulation Rights so that operators in the sector themselves meet the specific needs of the sector in which they operate!footnote-1414. But this distances the Compliance Law from a substantial content that can be grasped because how to classify, prioritize or even find consistency between systemic risk management (banking), respect for the climate (energy), prevention of market abuse (competition).

Europe is therefore only built on the common basis of Competition Law, which cannot however be enough to express a "legal order" on its own!footnote-1412, on which would be superimposed, align, hierarchical!footnote-1411 the different sectoral regulations which would only be variations, or exceptions that can justify the status "apart" which should be made to them in relation to the competitive principle, Compliance raised mechanically at European level internalize what Europe is criticized in the state it is in: technical fragments pursuing ends going in all directions.

This leads to a formal definition of Compliance Law as the only procedure, as the only method. Its specificity would be for "principle": efficiency. If we seek to give a legal definition, Compliance would therefore belong to the category of enforcement procedures. One can say it under the English term of reinforcement to better admit the thing of it, but it is only a question of obtaining the effectiveness of the rules and public decisions on the private operators, the innovation being the displacement of the way from Ex Post to Ex Ante. In this case, the procedural design - of which the execution is a part - would suffice to reflect Compliance. A "Compliance Law" would not have to claim more substance and could be understood as a renewed procedural conception to go towards more efficiency in the "implementation" of the rules and decisions in the companies themselves .


In the compliance mechanisms, there are many procedural inventions, such as the making of agreements to stop prosecutions and dismiss any prospect of criminal conviction for proven offenses, as soon as this is "effective" for the for each other. Efficiency and the Law are not mutually exclusive!footnote-1416, and Law is both a "practical art" and an action!footnote-1415.

But as Alain Supiot demonstrates in his article on the poetics of Law!footnote-1417, this action has its own goal: justice!footnote-1394. No branch of the law, which is often only a division to account for jurisdictional powers, can dissociate Law and Justice. The Law is not the gathering of neutral instruments available, is not a "toolbox" which everyone has to do effectively what he wants. Efficiency cannot be its criterion, efficiency is one of the modes of appreciation of its more or less good application and not of its design. To design a material on efficiency alone, it must not be given any autonomy, i.e. think of it as a way of carrying out something other than itself, for example the modernized way of carrying out Competition Law, Financial Law, Medicines Law, etc.!footnote-1418.

This conception, which reduces Compliance Law to a simple "method" of effective rules and decisions, has two major effects. First, it removes the very idea of ​​lending to what would be a branch of law a "pretension" to pursue a goal by a body of rules, procedures, institutions, decisions, having a specific goal related to the idea of Justice. Secondly, the idea of ​​Europe does nothing because it would be a set of efficiency processes, which are identical whatever the geographic area concerned.

Many are doing in this direction, the production of ISO standards on corruption!footnote-1419, taken up by all countries being an example of the "globality" of Compliance due to the very fact of its neutrality. Many conceive it thus because it corresponds to a double movement which strips the Law of its relation with the value of Justice, and leads in boomerang to rank Compliance on the side of Ethics!footnote-1420, that is to say say outside the Law if Justice no longer has room .....

The first movement comes from the Law itself which would be an order by a mechanism called expressly of "conformity". In fact, the hierarchy of norms is based on the "conformity" of the lower norm to the higher norm, the "fundamental norm" which contains the idea of ​​Justice not forming part of the legal order. This Kelsenian conception of the Law widely shared by jurists, notably in the name of the "neutrality" of the Law, therefore attaches the legitimacy of a decision or legal rule to its "conformity" to another superior rule in the hierarchy. Without there being any question of entering into the discussions on the merits or not of the Kelsenian conception of the legal order, it should be emphasized that the system rests entirely on the idea of ​​"conformity", it that is to say what is today the French translation of Compliance ...!footnote-1421. The neutral conception of Compliance would then only be a particular application of a more general conception of the Law, in which Justice is an issue which is not part of the legal order itselffootnote-1395.

The second movement comes from the Economy, when it analyzes the Right which it reduces to being "regulation", which displaces the Right and denies it as an autonomous order to become something else: a heap of technical provisions to serve to something, each layout should be useful, like a huge pile of paper. The image of the regulatory "millefeuille" keeps coming up. Once the concept of order has been eliminated, one cannot perceive the numerous legal provisions. The solution is no longer to give them unity by an idea, an idea that could be specific to Europe for example!footnote-1422, but to build a machine so that the accumulation of so many texts is possible, by their storage in a mechanical memory which will regurgitate the text when you type on the keyboard a word it contains.

This vocabulary of "regulation", which does not refer to any principle or to any conception of what would be the Law, is the vocabulary of the Economic Analysis of the Law. Here too the translation of regulation, which only targets "regulation", into "Regulation" which aims at a particular corpus of institutions, rules, principles and decision!footnote-1423, helped to give the Law as simple regulatory raw material without guiding principles that companies must today internalize through "compliance".

In this economic conception of the Law, Compliance has no more meaning than does all of the amassed regulations. The object of law is to lend its force to particular ends, attached to particular provisions, without adding to it ends which would be specific to it. The concern for efficiency became primary to him, since practical art Law was reduced to being no more than an instrument, thus being taken out of itself!footnote-1396.

The gaze thus displaced, the Law is reduced to what is attractive in the Law: its "binding force". That of laws, international treaties and contracts. This makes it all the more possible to negotiate: it is the "judicial agreement of public interest", the settlement. etc., which, in so far as they are "effective", find a place which seems natural in a criminal law whose formerly regalian nature passes into the background. The question of the justice of the instrument no longer arises since the alliance of repression and agreement is certainly the most effective of alliances. The Law thus becomes a sort of empty and aimless action, and we understand that presented in this way the "Law of Compliance" is criticized as it completes to withdraw what the Law has of human, mechanizing the people and businesses in violent and meaningless proceedings!footnote-1397.

Thus, a Compliance Law would be a Law which would have made other substantial Special Rights successful. A kind of watchdog placed in each company for the effectiveness of multiple regulations. Its success is measured by the number of sanctions, as we measure the effectiveness of a watchdog by the number of barks and bitten attackers.

Is Law Only That?

If, on the contrary, not only do we continue to see that Compliance, because it is of the order of Law, claims to aim for a substantial goal that is specific to it and that, moreover, raising our voice, we affirm that Compliance Law can become a European Compliance Law because as it is European it can claim to pursue a substantial goal of its own and exemplary?

Indeed, the fact that European Union law is under construction can be taken as an opportunity, as a still fresh wall on which the fresco work is still possible. Without forgetting that Europe was above all an act of will between the two belligerent states so that never again so many human beings are massacred, that is to say the very expression of a humanist claim in relation to which the construction of a market was conceived as an instrument, we can develop a conception of a Compliance Law drawing from European history, that is to say a corpus having a goal giving unity to the devices present and future: protection of the person. Of this we can, we must be the "architects".


Compliance Law was born from the revelation of the catastrophic effects that the functioning and decisions of closed organizations that are companies can have on economic systems, the crisis of 1928 in the United States having had as its source unsuspected and then uncontrollable decisions. , having resulted in the first implementation of Compliance obligations. This first common goal of the Compliance mechanisms, which radically distinguishes these from the mere fact of being "in conformity" with a higher standard or with a "regulation", which can apply to everything and destroys the concept itself!footnote-1424



Compliance Law, by internalizing structural obligations - such as vigilance plans - and behavioral obligations - such as knowing your client - has a primary goal: protecting systems. In this, it is fundamentally an Ex Ante Right, which extends the Right of Regulation which is itself a branch of the Law which is developed by Ex Ante mechanisms!footnote-1425, since the protection of systems is above all preventive , building systems and preventing crises that destroy them are two sides of the same coin. This is why Compliance Law is the continuation, even the flourishing of Regulation Law!footnote-1426. (1). In view of this first goal of preventing devastating system crises, it is possible to gather a certain number of materials which, because they are concerned by contaminating risks, cross borders. It is therefore the objects that shape the contours of Compliance Law and not a political will (2). This results in methods which are before information sharing, speed of action and extraterritoriality in principle because it is necessary to confine the risks and increase resistance to crises (3).

It is necessary to be all the more aware of this uniqueness, of a quasi-mechanical nature if we give to Compliance Law another goal, namely the protection of human beings, which can be satisfied by the achievement of the first but may not be, or even be upset, especially since the concepts of contamination and crisis disappear, while more European concepts emerge.

1. The prevention of system crises, a specific aim of the mechanisms of a Global Compliance Law, in which Europe has its share

Since it is a question of effectively managing the risks of the system, risks inherent in these, there is both a need for public authority without there necessarily being a need for political authority. Indeed, if we admit that the Public Authority is the one that intervenes to add to the "law of the market" to compensate for their failures, for example to increase the resistance of certain operators to bankruptcy (Compliance banking ) or to reduce the asymmetry of information (Financial compliance) or to increase the effectiveness of the use of drugs (Medicinal compliance) without this requiring a choice made for the future of the social group, the prevention of system crises comes under Compliance in its close link with the Regulation, in its definition as a public method of palliative of market failures.

Europe not only takes its part, for example in financial matters or by controlling the placing on the European market of medicines, but it is considered to be institutionally ahead, through the Banking Union, in particular through its system supervision, resolution and deposit guarantee.

The fact that Europe is not federal is not a handicap since it is not a compliance of a political nature but an optimal management of risks, such as they arise or penetrate in Europe in the European banking system through its operators. The supervision by ESMA of rating agencies is an example of a Compliance system in a Europe which, however, continues to be said that there should not be a European "regulator".

2. The subjects concerned: banking, finance, environment for one part, health for one part

But as much the banking and financial matter naturally falls into the purview of Compliance Law, as much as the other matters are more difficult. Indeed, if we ask that Compliance Law, because it belongs to economic law, that it is an extension of the Regulation Law and that it is therefore defined teleologically through its goal, which must be as unified as possible since it is what makes it possible to interpret in an understandable way the mass of texts and decisions constantly emitted!footnote-1427 concerned.

Indeed, as the case law emphasizes, it is the aim of public order constituted by the preservation of a system which justifies the violence of the regime, in particular the indifference of borders or the disappearance of professional secrets or the reduction of powers sovereigns of states. If we consider that the goal is the prevention of system risks, as was the case at the birth of Compliance Law, the crisis of 1928 having marked the history of this country, we must find this perspective so that the classic rules, which protect secrets or tie borders and powers are being erased.

Therefore, the prevention of financial and banking crises impose a Compliance Law since contamination is rapid, even immediate and everything must be done in Ex Ante so that the crisis does not occur, thanks to the solidity of crucial operators and through the integrity of the information. It is therefore because the crisis is playing with borders that Compliance Law, an extension of Regulation Law, must play itself. Compliance Law is even the solution, since it is internalized in operators, and can, like them, be deployed worldwide to set up prevention systems.

But this only applies if there is a systemic risk. This is a factual concept. Nothing like a crusade.

This targets the solidity imperative of systemic operators. It also targets objects which by their nature or by failure can propagate global risks, which primarily targets climate risks and their underlying factors, namely energy production methods. However, if global financial and banking compliance is developing, in particular through the action of central banks, that relating to the environment does so with great difficulty. This is undoubtedly due to its link with energy, which has a political dimension so great that the presence of States and no longer regulators, which do not exist in the matter, only a few agencies being present, not allowing internalize monumental goals. We are therefore left with a public international law which only progresses if States are willing. And indeed, some people hardly want it.

The global and technical character of the goal is not so obvious to determine. The fight against money laundering is therefore at the heart of banking and financial compliance, in the same way that the fight against corruption is now integrated into the compliance of any large company active in international trade. But it is no longer a question of preventing a systemic risk, the poor control of which is causing economies to collapse: it is a question of combating behavior that is extremely harmful to the economies and even more to the societies concerned. Thus corruption is seen as a plague which corrodes countries both economically, politically and socially. No one disputes it. However, make companies fight against corruption, in particular those which affect countries other than those to which they are attached (in particular through the bribery of foreign public officials) or make them responsible for the fight against money laundering. money to fight underlying crime, such as human trafficking or terrorism or drug trafficking, is not intended to prevent systemic risks but to make social and political systems virtuous that are not.

So these are not the same goals. The former are global goals, as the systems concerned are global and live at the risk of operators whose failure or behavior can destroy the entire system. It is therefore by nature and mechanically that the goal is global. The second are global goals only by "virtue", to combat behavior harmful to society as a whole but which does not collapse it.

3. The methods involved in a Compliance Law aimed at preserving systems

In a Compliance Law with the aim of preserving systems, the technical core is the collection of information, its transmission and sharing. Banking compliance, for example in the fight against money laundering, is for the operator to structure itself to obtain the relevant information (know your client) and to transmit it if necessary to the organization which will make good use of it ( TracFin, in particular).

It is remarkable that when the aim of Compliance Law is to preserve human beings, the heart may be the absolute opposite, namely the ban on collecting information, the ban on storing it, the ban to transmit it, the CNIL ensuring this.

This opposition effect is remarkable, especially since we put under the same term of "compliance" injunctions which are therefore contradictory, and which can be issued on the same operators by different regulators. of the Compliance Law that it is a question of constructing is to articulate, even to prioritize these two conceptions of the Law of the conception whose regimes are so openly contradictory.

In a Compliance system whose aim is the prevention of systemic crises and whose primary concern is information and its effective use, first and foremost extraterritoriality should be the very principle. Because the risks are global, prevention through compliance should be the same, and corporate sanctions for not being structured to best prevent these risks have an extraterritorial scope. Second, because it is a systemic risk, the reactions must be immediate on the agents, for example for restructuring. Powers must be given to the Regulators. The banking system is an example of this.

Compliance law in corruption matters less well with this construction because if it constitutes a serious fault in the system, it does not constitute a systemic risk. It therefore falls more under criminal law than economic law, falling more from a more classic perspective of struggles against immoral and harmful behavior than from systemic preservation through internalized regulations.

It is then to another perspective, more moral, that we should turn. And Europe becomes exemplary no longer because it plays its part in preserving the integration of systems but because it expresses concern for human beings, who must not be "corrupted", in particular because this is wrong. We then return to the legal order as such, which is conceived in a relationship with a goal: Justice!footnote-1428 and the protection of the human being, here damaged by corruption.



Europe is a particular area of ​​the world which has built for each human being a legal concept that European thought has offered to everyone: the concept of person!footnote-1429(1). We can conceive of Compliance Law not only in a systemic dimension and without confusing it with an empty procedure of compliance with other standards or multiple regulationsfootnote-1430, but as a concern for other than the Regulators in a more political conception of what the Right of the Regulation internationalize in the operators, which returns to corporate governance and humanizes the functioning of the market (2). This produces an extension of the matters concerned by Compliance Law, by distancing it from its mechanical design without dissolving it in General Law (3) and implies other methods, of which Europe could then be exemplary for the rest of the world (4).

1. The European specificity of the concept of the person as protection of all human beings

The human being has been established as a "subject" by Western thought and more particularly by the Law, which has enabled him, thanks to this invention, to claim to be both absolutely unique and absolutely equal to the other!footnote-1431. This invention of the person protects all human beings who cannot owe the "thing" of others, even when their de facto body calls for this qualification, because the Law has made inseparable by the mechanism of personality its body and its spirit . This means that the human being manifests his personality by what he "says": like the Law itself, which is only a word, the human being is for Western thought, different from any other form existing because he formulates in words what, as a person, he designed.

This is particular to Europe, it is deeply rooted in it. This invention is not self-evident. It is today worse than disputed since it tends to be forgotten, not by contesting individualism or liberalism, but by imputing "personality" to machines which would speak, which would have "emotions", which " would learn ", and who would be the owner of what can afford them!footnote-1432. This development which does not find it difficult to see in machines "people" corresponds well to this poor definition of Compliance as a set of processes on masses of regulations which it is not a question of applying and not of understanding , which we expect nothing, regulations to which we submit without waiting to be informed.

But if we think on the contrary that "the law is made for men and not men for the law", as wrote Portalis who thought that the law should be understood and useful and that human beings do not were not the servants, it is then necessary to raise the claims of the Law of Compliance and that it contributes to what is the aim of Law, namely Justice. The organizations that thought of the rules as being at the sole effective service of an efficient system without thinking of human beings are of grim memory.

Indeed, it should not only serve to prevent system crises. It must also serve human beings, "regulations" being never more than a form of Law, unbreakable from the interpretation given to them by this primary purpose, which is concern for justice. If one wants to admit yet the "regulation" is not divisible from the Law and that the Law is made for human beings. And not think of regulations as instruments to attach not to law but to the technical object in question (banking, finance, transport, etc.) and that it would be from them that scattered regulations would receive their "law".

Europe has built the Law to serve the human being and not the systems. The disasters of the XXth century which took place in Europe are also due to the fact that the Law was used to serve systems effectively!footnote-1434 and we developed a kind of "passion" for the rule, which Carbonnier denounced in 1995!footnote-1435, since passion has no measure.

If we want Compliance Law to belong neither to this kind of passion for regulation for itself, which it seems to raise which makes it blind to the facts nor to this pure instrumentalization of the legal instruments sought for their only efficiency which leads to a mechanical system, two tendencies which forget human beings in two different ways, why not draw its mark from European tradition: to put the human being in the sense and thus conceive the Compliance Law?

Through Compliance with regard to personal data, the European Union has set an example. But this is just one example.

2. Compliance, concern for others and the humanization of "Compliance Law"

Indeed, by bringing into the companies the aims pursued by the regulators, it was a question of making the people who compose it charge "the virtue of justice", which is defined by Aristotle as the "concern for others" "!footnote-1433. If we consider that efficiency cannot be a goal since it is only a measuring instrument, the concern for others on the other hand becomes one.

"Data" is an available element of information which constitutes a value, perhaps the first in that it is an inexhaustible resource, in that it constitutes an element which by the industry of knowledge and its commerce, new elements of knowledge are born, new data (metadata) on which new markets are built.

There are several ways to design compliance less mechanically. The first, rather American, consists in estimating that it is above all the human being concerned who is most likely to make a sector work well, including in its detection of risks by weak signals that machines do not apprehend not. Consequently, the human being is put as an active collaborator of the compliance system because "data" only becomes "information" if it is understood and used wisely. The human being is not considered as a goal, as what the Compliance Law compels to protect as it deserves to be, but as the most effective means for the whole system to function at its best.

So in terms of health, Cass. S. Sunstein wanted to "humanize health regulation"!footnote-1444 in the United States because "regulations" do not work without the understanding of the recipients, or even their active support. The public authority must give the person the necessary incentives to act in such a way that the system works well, including information. The Dodd-Frank Law will go in the same direction after the 2008 financial crisis by forcing companies to better inform investors so that they can make more informed choices. In this respect, Compliance Law remains a liberal right since companies are above all obliged to inform so that people act in their best interest.

It is above all to the people concerned that the Compliance Law thus defined will be addressed, since it is made for them and not, or not only for the system. This concern for the person reflects the concern that the person has for the system, when the phenomenon of the "whistleblower" is called in practice, in particular by triggering the Enron case, before being systematically organized. It is therefore a matter of creating "common concerns" between regulators, judges and individuals about the need to preserve the integrity of the systems!footnote-1445. This will concern both people in the company subject to Compliance but also people affected by the rules in question, often called "stakeholder". Traditional branches of law are becoming more and more porous.

Compliance Law then becomes above all an education system because if the patient does not understand why he must take a medicine, if the portfolio manager does not understand why he must know his client, if the user does not understand why its energy consumption must be measured, all mechanical systems, all orders and all sanctions have a weak result. The essential thing then becomes to understand why this is all done, that is to say in the first place to make these legal mechanisms genuinely substantial and in the second place to obtain from all the persons concerned a genuine adherence to this substance, for example the fight against corruption or the fight against change, because they themselves perceive the importance of it, are against it and think they can do something by applying the technical prescriptions in question.

To achieve this, we must rediscover the unity of all of these rules which are spread over thousands of pages, however segmented from sector to sector: it is always a question of protecting human beings. And on this imperative of protection, for which the Law itself was constituted, for the protection of which Europe invented the legal concept of "person", the human beings in charge of following the compliance rules can agree .

This protection of human beings can be immediate, when it comes to protecting the privacy of individuals. It is remarkable that the concern for the protection of human beings which companies are now responsible for through the rules on personal data did not originate from the European Court of Human Rights but the Court of Justice of the European Union. European Union which in 2014, in its Spain Spain judgment!footnote-1436 invented the "right to be forgotten", the basis of the General Regulations of 2016!footnote-1437, now activated in the member states of the 'Union and often taken as a model in other areas, for example in California!footnote-1438.

The protection of human beings can be mediated through the protection of systems, if we accept in a conception more continental than British or American, that the banking system must remain solid to finance the economy and allow the development of businesses that are themselves groups of human beings. If we see the protection of systems in a less mechanical but more humanistic way, as France does for example, which links the bank and the financing of small businesses!footnote-1439, we then find a link with these Compliance mechanisms and the concept of "public service" more focused on the notion of general interest than on that of efficiency.

3. Extension of the subjects concerned

If we state that the purpose of Compliance Law is to protect people, no longer in an immediate way (investors by protecting the integrity and stability of the financial markets) or mediated (entrepreneurs and consumers by the fight against corruption which damages economic and social systems), but as such, then the aim of Compliance Law is to ensure that all human beings are treated as a "person" in the legal sense that Europe has given him!footnote-1446, as an absolutely unique being and at the same time absolutely equal to others.

This is particularly difficult to admit in companies organized in a hierarchical mode but corresponds to an evolution of managerial conceptions more distant from this model, in which Compliance has its share, since everyone is subject to it regardless of their place in the company .

In this conception of Compliance Law, management, ethics and Law become closely linked.

Under Compliance, the law relating to equality between persons, non-discrimination and the promotion of minorities is therefore concerned.

4. The methods involved

The main method is the teaching method. Indeed, if a machine does not have to "understand" a regulation whose pages are stored in its "memory", on the other hand a human being who will apply it, who will be the object of it, who will know its existence, will have to understand it.

Most of his understanding will not relate to the regulations themselves, but to their purpose. This corresponds to the definition of Regulatory Law, whose normativity is one of the aims, and whose Compliance is the extension. If the goal is the efficiency of systems, the "complexity" of which is constantly underlined, we will not try to make people with little technical knowledge understand the Compliance Law. If it is a question of making the goals understood, this understanding must target all of the people working in the companies concerned and the stakeholders.

In addition, the uniqueness and the diversities change.

Indeed, uniqueness appears despite the plurality of sectors. For example, concern for the health of others is a goal which is the same for the medical sector, for the agro-food sector, for the mass distribution sector. Why should there not be links between these sectors since the aim of various regulations is the aim: concern for the health of others?

Conversely, to think that information is always at the heart of compliance systems is to reduce these to the only prevention of system risks. But this is true for the financial sector or for the agricultural sector or for the risks of contagious disease, in the rules which aim at risk prevention, the pooling of information, the rapid action of an actor even in an area where it is not necessarily located.

But in many cases the protection of human beings implies on the contrary the keeping of secrets. And it is under the same vocabulary of "Compliance" that secrets are pulverized, the principle of transparency being promoted as a general principle of the functioning of markets and companies. For example, professional secrets are on the way out!footnote-1440.

The "person" has for etymology the "persona", that is to say the mask that each human being can, thanks to the Law, wear on the face so that to live his life without the observation by all of everything. Compliance Law taking more and more autonomy from Regulatory Lawfootnote-1441, in particular in that it extends beyond the regulated sectors to penetrate all businesses, especially in commerce international, must not separate its two sides: the protection of a systemic system risk and the concern for an economically more virtuous system, on the one hand, but also the more direct concern for human beings mainly by the protection of its secrets.

We cannot disseminate these different aspects because if we do not, then Compliance would probably not even deserve to belong to the legal order, but it would only be a very effective technical tool of repression to fight against systemic risks by circulating information without any possible opposition, which is understandable due to the global nature of the risk considered, extraterritoriality and the transmission of information should only be linked to this

If the Compliance Law, drawing on a Western model, is based on a more political and higher claim of establishment of a virtuous economic model, of honest and transparent trade where the price results from the free meeting of the supply and demand it is therefore appropriate that the Compliance Law is not based on extraterritoriality but for ambition it because in a global competition not only the rule must be the same but the courts must apply in a way equals the rules. We therefore expect how the Chinese courts will apply the new Chinese laws against internal and international corruption.

If Compliance Law, drawing on a European model, is based on a more political and even higher claim of protection of all human beings who would be established as a "person" by Law, even in a country which does is not European, as required by the law of April 27, 2017, says "Vigilance Law"!footnote-1442, it is therefore necessary not only to develop the relationship now often made between Compliance and Human Rights!footnote-1443 but above all to restore unity to existing rules and thus instilling them in the human beings who put them in place in companies, so that, as Europe has always done, the Law is a link between people and not between machines.





It follows from all of these reflections that Compliance Law still suffers both from its lack of unity, segmented by the different techniques in which it specifically plunges its requirements and excessive unity, since this is of procedural nature, the form of sanction or obligation Ex Ante reducing Compliance to forms emptied of substance.

But at the same time, when looking for the substance of Compliance Law, we tend to confuse two types of goal, which no doubt explains the current confusion. Indeed, the protection of systemic risks, for example the collapse of a system by an immediately contagious crisis justifies an imperative Ex Ante and a violent and rapid Ex Ante, where the classic principles of Law no longer have much room, the information and speed prevailing in a world public order held above all by Regulators, while the protection of people is both a more ambitious goal but, because the concept of crisis is absent, the classic legal principles must balance, such as respect for respect and reciprocity of obligations, in what would be more of a global public service.

If the legal regime is no longer the same, one should not, for example, if there is no risk of a system breaking down national legal balances, in particular secrets, while European rules should be promoted which in the balance of Competition Law may take into consideration the way in which foreign companies carrying out economic activities on the territory of the Union are in conformity with respect for the "person", as Europe conceives it.

Since the European Union did so without text to protect personal data, since the ECHR did so without text to protect the whistleblower, the conception of a truly liberal market, that is to say of a market in which the person is the center, of which the person is the end and not the tool, European Law can do this in a broader way by having better designed Compliance Law.

If this is expressed more clearly, then appear the difficulties of which this more global perspective outlines more clearly. For example if the environment has a systematic perspective, due to the elements of immediate risks, phenomena of contamination and globality, on the other hand energy is rooted in politics. The knot between energy and human support for climatic phenomena because negatively disrupted by human activities makes it difficult to distribute powers between politicians, regulators, jurisdictions and the companies themselves!footnote-1447.

But insofar as European Union law invented the Right of the person to respect for his personal data, enforceable worldwide, this first step of a European Compliance Law having thus integrated into the Union market "concern for oneself", Europe can pretend to set an example by inserting "concern for others" into European Compliance Law, thus relaying the very definition of Law, by demanding from any company, even non-European that they comply with this same concern, in particular in the way their workers are treated.




We could then move on from the mechanical application of obligations (Compliance) to what some propose, that is to say a mechanical conception of laws by algorithms that can make as many laws as there are of obligated. See in this sense, Elfin-Foren, N. & Gal, M., The Chilling Effect of Governance-by-data on Innovation 2018.


For example, Raspiller, S., Intelligence artificielle et finance : les nouveaux enjeux réglementaires,,: "AI also offers important perspectives in compliance. For example, the American start-up Neurensic offers, thanks to its algorithms, power detect fraudulent behavior in the financial markets in real time. More generally, fraud detection should be made easier by a more exhaustive and rapid audit using data and AI. ", Banque review, Sept. 8, 2017.


Conference at Collège de France around Simone Weill's thought, 2017. 


The Notat-Sénard report taking up on this point the thousands of doctrinal exchanges, to lean after a brief but useful synthesis, towards the idea that the commercial company as a legal person is "instituted".


Frison-Roche, M.-A., Du Droit de la Régulation au Droit de la Compliance, 2017 ; Martin, D., , in Pour une Europe de la Compliance2019. 


For example, read the report of October 4, 2018 under the chairmanship of Senator Philippe Bonnecarrière, Extraterritorialité des sanctions américaines : Quelles réponses de l'Union européenne ?, October 4, 2018, in particular the description of the "difficult exercise of" conformity assessment " imposed on European companies "(p.11 ff.). The report was presented as follows: "Face à l’extraterritorialité des lois américaines, l’Union européenne doit sécuriser ses entreprises et ses marchés internationaux".

As shown by the reading of deputies Pierre Lellouch and Karine Berger of October 5, 2016 on L'extrateritorialité de la législation américaine, which only concerns compliance issues, the so-called "Sapin 2" law is itself a reactive type law .

On the question, see. eg. Audit, M., Les lois extraterritoriales américaines comme facteur d'accélération de la compliance, 2018; Bree, E., FCPA. La France face au droit américain de la lutte anti-corruption, 2017.


V. for example, Will ISO standards transform Compliance in China ?2017, the Chinese texts being considered as unclear enough in terms of data protection (China's Cyber Security Law: The Impossibility Of Compliance?, 2018).


Lenaerts, K., Le juge de l'Union européenne et l'Europe de la Compliance, in Pour une Europe de la Compliance, 2019. e


contra Frison-Roche, M.-A., Droit de la concurrence et Droit de la compliance, 2018. 


Frison-Roche, M.-A., Compliance : hier, aujourd'hui, demain, 2018


Directive of 19 of December 1996. V. for ex. Frison-Roche, M.-A., Transcription en droit français de la directive européenne sur l'électricité, 1999.


Directive of 19 of December 1996. V. for ex. Frison-Roche, M.-A., Transcription en droit français de la directive européenne sur l'électricité, 1999.


Nouvelles perspectives pour l'adhésion des patients aux médicaments, 2019: "Patient adherence, also known as patient compliance or compliance, is the extent to which a patient follows medical advice. In the context of pharmaceutical products, it means taking the right medicine, at the right time and respecting the right dosage. A poor adherence of the patient can cause health problems due to a forgetting to take medication or to too much or too bad quantities required. "


While it should have been put in place first since it embodies freedom of movement, the Transport Union is only in its infancy, the year 2050 being targeted as a stage to go beyond technical interconnection issues.


Frison-Roche, M.A. Le Droit de la Compliance, 2016. 


About this idea of competition order, v. Mélanges pour Antoine Pirovano, 


As the competition authorities would like, which assert that competition law would constitute a kind of "horizontal regulation law", while sectoral law would be a kind of "vertical rights", this presentation allowing on the one hand to put a hierarchy of institutions for the benefit of the former vis-à-vis the "specialized" regulators and on the other hand giving implicitly but necessarily competence to the "general" competition authority to enter a sector since it would be a kind of "general regulator" ". It is to think that Competition Law and Regulation Law would be of the same nature and would only have their object difference when precisely they are not of the same nature because they do not have the same goal. So when a Competition Authority intervenes in a regulated sector, it is to concretize there an objective of good competitive functioning, while a Regulatory Authority intervenes there to concretize the finality which is proper to it, for example security, protection of privacy, etc.


V. for ex. Canivet, G., L'efficacité et les garanties fondamentales, ....


V. supra.. 


Supiot, A., La poïétique du Droit, 2018. 


Supiot, A., Poïétique de la Justice, 2018. 


V. supra. 


About the ISO norme in terms of corruption... 


On the idea that Compliance would not be Law but would be Ethics and should, for example, be taught as such, a strange idea in particular due to the omnipresence of Criminal Law, c. ....;

On the actual presence of Ethics in terms of Compliance, which is not contradictory because Law and Ethics have always been not mutually exclusive but linked, see. Canto-Sperber, M., ....


On the fact that this is a very unfortunate and clumsy translation, c. Frison-Roche, M.-A., Compliance Law, 2016.

We see here that such a translation absorbs the entire legal system .....


About the criticism of that, v. Supiot, A., La poïétique du Droit, 2018. 


V. supra.


Frison-Roche, M.-A., Le Droit de la Régulation, 2001. 


About a criticism of this, v. not. Frison-Roche, M.-A., Le droit est-il un atout ou un handicap pour nos entreprises et nos territoires ?in Pébereau, P. (dir.), Réformer , 2018.


For a criticism in this sens, the Alain Supiot's intervention in the conference at Collège de France dof 6 of october 2018.


V. supra. 


Frison-Roche, M.-A., Le Droit de la Régulation, droit spécifique et propre, ....


Frison-Roche, M.-A., Du Droit de la Régulation au Droit de la Compliance, 2017. 


V. supra. 


V. supra. 


V. supra.


Frison-Roche, M.-A., La disparition de la summa divisio entre les personnes et les choses, 2018. 


V. for ex. Chapoutot, J., La loi du sang


Carbonnier, J., Droit et passion du Droit sous la Vième République, 1995. 


Pharot, P., Le souci d'autrui, la justice selon Aristote, 


Cass. R. Sunstein, Humanizing the Regulatory State, 2014. 


On whistleblowers as an instrument of effectiveness of the principle of market integrity, an instrument as such neutral and global, c. Boursier, M-E., L'irrésistible ascension du whistleblowing en droit financier s'étend aux abus de marché, 2016; for a broader overview of whistleblowers, see. Charcornac, J. (ed.), Les lanceurs d'alerte, 2019.


CJUE, Google Spain, ....


RGPD, ...


California Consumer Privacy Act of July 2018 (voted on 12 and promulguated on 28).  About the links with the European Reglement : How will California's Consumer Privacy Law impact the Data Privacy Landscape ? , 2018. We will underline that the Californian Law will be valide since 2020


V. for ex. Frison-Roche, M.-A., Banque et concurrence, 2018.


Professional secrets and Compliance, .....


About the so-called "Vigiliance Law", v. for ex. Boucobza, X. et Serinet, Y.-M., Loi "Sapin 2" et devoir de vigilance : l'entreprise face aux nouveaux défis de la compliance, 2017,


About Compliance and Human Rights, ....


About this particular question of "actors", v. Frison-Roche, M.-A. : Entreprise, Régulateur, Juge : penser la Compliance par ces trois personnages, 2018. 

comments are disabled for this article