Nov. 27, 2019


How is "risk mapping" a new "tool" in the legal system? Legal theory of risk mapping

by Marie-Anne Frison-Roche

Pour lire le document de travail en français, cliquer sur le drapeau français


This Working Paper served as the basis for an intervention in the conference organized in the conference cycle organized by the Journal of Regulation & Compliance (JoRC) on the theme: Compliance Tools, in collaboration with many university partners: this first conference is organized in collaboration with the Sciences po Economics Department and is held on November 28, 2019 at Sciences po and deals with the more specific theme of Risk mapping.

It also serves as the basis for the book edited by Marie-Anne Frison-Roche, Compliance Tools, which will be released in the Regulations & Compliance collection.




Introduction and Summary.

 Most often we only describe the risk mapping mechanism, without qualifying it legally. The legislator does not do more. Thus, in the French legal system, in the law adopted in 2016 for fighting againt corruption, the so-called "Sapin 2 law", the article 17 describes cartography  as "la forme d'une documentation régulièrement actualisée et destinée à identifier, analyser et hiérarchiser les risques d'exposition de la société à des sollicitations externes aux fins de corruption, en fonction notamment des secteurs d'activité et des zones géographies dans lesquelles la société exerce son activité" " ("the form of documentation regularly updated and intended to identify, analyze and prioritize the risks of exposure of the company to external solicitations at the end of corruption, depending in particular on the sectors of activity and the geographic areas in which the company operates.").

In the law adopted in 2017 for obliging big companies to be "vigilant", the article 1 of this so-called "Vigilance law" of March 27, 2017 aims to do a "cartographie des risques destinée à leur identification, leur analyse et leur hiérarchisation ("map the risks intended for their identification, analysis and prioritization").

This is a description, not a definition, with the text only targeting the "form" that this piece of information takes, without saying more. The letter of the descriptive text inserted in the second part of article 17 referring to the first part thereof, which expressly covers it as a "modality" of "the obligation" to take "measures intended to prevent and prevent detect the commission, in France or abroad, of acts of corruption or trading in influence ". In the same way when consulting the documents by which the regulatory authorities, for example the Financial Market Authority, presents the way to properly identify the risks, including the risks of "non-compliance"!footnote-1734, there is a description of the ways of doing things, no definition, often no rights. We find this same tendency in Compliance itself, so often reduced in its presentation to a mechanical process, often not very legal, or only becoming so in its bad light: that of the sanction. This mechanical conception of Compliance as a process leads to proposing that machines and not human beings establish the tools, notably the risk mapping.

Because it is understood that cartography is only a "tool", the law designated it as a "modality". It is therefore a given that we must look for what the tool is made for. Either it is done so that the law is not ignored, mapping identifying for example the increased risk that it is not: it is usually referred to by the strange name of "risk of compliance". The mapping then allows the company to execute its "compliance obligation", that is to say to ensure in Ex Ante that the law is respected by eliminating in advance the risk that it will not be . Thus, in 2008, the OECD defined risk mapping by its objectives, namely to put in place efficient means to reduce the risk of fraud and corruption and to set up efficient investigations by focusing efforts on effective procedures "!footnote-1739.

Then there are the risks which do not concern the Law, and which the company manages as so many considerations for its action, such as economic, natural or political risks, as well as "market risks", about which the Authorities markets, as the Financial Market Authority regularly draws up a "risk map"!footnote-1740. But this mapping does not seem to concern Law, even though it is no longer the sole responsibility of the company's internal management. The more we read cards, the more we observe their diversity, without knowing whether they constitute a "modality" of an obligation, therefore constituting a legal object, or if it constitutes a good way of doing things, which is neutral. for the Law. But what does law today not mix with? Especially of a fact as important and significant and expensive as this one ...

However, we observe to what extent "risk mapping" has so far been little thought in law. Indeed, when it is exposed, and so often, that it includes both "economic risks", "political risks", and "compliance risks", when however as a whole it is not instrument of a Compliance Law, which organizes all of compliance, the lawyer who constantly orders no longer manages to follow: as "compliance" could be only part of a mechanism that itself is only part of "compliance"? There are very many writings which detail the cartography, which by a kind of mirror effect, draw up cartographies of the requirements country by country, texts by texts, sectors by sectors, law by law, cartography requirements. .. We are faced with a house of cards, always more meticulously described, without ever meeting any legal qualification. For example, does drawing up such a card constitute a legal fact or a legal act? I don't see the question even asked. Yet the consequences of diet are immense. Assuming that this is only a legal fact, can it be justified? The lawyers thought about it and instead found the door closed ... But why should it not be a legal act? The legal category of unilateral legal acts is there to welcome it. In this case, the risk mapping commits the company and we feel that regulators and judges are seeing it more and more. But if the company is engaged, with whom is it? More precisely still, if it becomes debtor of the obligation to map, even if no specific law prescribes it in a precise way, then there is necessarily a creditor beneficiary of this obligation. Who is he ? And why is it?

The essence of this contribution is to ask these questions. They are elementary. They open up avenues, those that the exercise of legal qualification, legal categorization and legal definition, opens up.

If for the moment it has been little practiced, risk mapping being strangely left to algorithms, capable of heaping up data and incapable of defining and qualifying legally, this may be due to the fact more general than Law and risk are rarely directly associated. The mechanism of good management that constitutes risk mapping, especially in organizations that are not companies but are in charge of administering and adopting this good method without constraint!footnote-1735, incites it even less that we can read that it would be for the meticulous entity to identify in advance in particular the "legal risk"!footnote-1731, that is to say the application that could be made of law, uncertain application, annoying application. How many successful seminars on "penal risk" ... As in defense, lawyers explain too generally that the Law is constituted to fight against the risk, which is a fact. In fact, we repeat over and over again that the legal system is there to "secure", sometimes reducing it to this technical performance due to its very nature, by the principle of "legal security", that the State by its permanence , its legitimate violence, its imperium, gives us in exchange the peace, that the contract by the "little law" which it constitutes offers to the parties which enact it a haven of security for this island of stability in a future that never quite knows; beware of us if we get out of the legal order because we fall back into risk ... Thus, either one is in the Law, subject to the Law, and one benefits from its specific security, which economists would readily refer to as "regulation", or one is in the freedom of action, and the 'then we are at risk .... It would be like for the markets, about which we must choose between liquidity and security: if we want freedom of action, then we need less regulation , and therefore less security, more risk .... This traditional opposition, so often relayed in economics, is called into question by the obligation of risk mapping because if these are established, it is not for know in itself but to combat them, beyond the traditional obligation of information on risks, of which there are many anchors in the branches of Law, in particular Company Law, in particular those exposed to the financial markets (I) .

Consequently, since there is under the classic information of the political pretension, of the will to "prevent" the evil, which is quickly transformed into the will to "promote" the good, the new appears. The novelty is first of all institutional (II). In this, the so-called "Sapin 2" law, through the establishment of the French Anticorruption Agency, institutionalized this mechanism by which companies "exposed" to financial markets and / and to international investors, and / and to international trade , present in a clear and orderly manner - that is to say by a map - the risks they have identified in their present and future actions, must more concretely account for their structural organization. Public authorities will supervise the companies exposed to these risks. Certainly banks are legally accustomed to it, but banks are in a sector which is regulated and supervised. What is remarkable is that the Compliance Law applies via the risk mapping requirement the legal technique of supervision to companies which operate in sectors which are not supervised, which are sometimes not even regulated. Thus, they become structurally transparent. The liberal principle according to which a company only reports on its behavior and not on its internal organization is undermined. Thus, by the only technique imposed by law, the transparency method, specific to supervised companies becomes general, as soon as a risk exists. This is a radical innovation, since the risk in question is not a sector risk and a general crisis is no longer to be feared. The rupture is thus effected with the Law of supervision which until now was unbreakable from the Law of Regulation, the obligation of risk mapping applying to any "crucial operator" exposed to the risk of corruption, in that this must be fought in a global manner.

Therefore, risk mapping is a tool which, beyond the simple description, takes its definition in a teleological way. Its aim is to prevent risks which compromise ambitions which are not always of an economic nature but which are of a political nature (III). The fight against corruption is only one example, the so-called "vigilance" law also requiring a "risk mapping" in the area of ​​human rights, while this technique is taken up by more or less binding texts in environmental matter. Certainly companies in a position to carry such political ambitions, by force - because of their position - or willingly - by their reason for being or by their policy of social responsibility - must support it, transforming them into major political actors . They cannot, however, take the place of the Public Authorities, which on the one hand fix the "monumental goals" which it is a question of achieving on the one hand and which on the other hand supervise in Ex Ante and in Ex Post the implementation and operation of these tools within crucial companies.


If we look at the world through the gaze of its market conception - relayed by Competition Law, the "Law and Risk" couple would rather operate in communicating vessels: the more there are "regulations" in Ex Ante and less there are risks. So if we associate the risk with the liberal economy, because this supposes risk taking, then the Law - which we do not distinguish from the "regulation", which also did not distinguish of "regulation", is not welcome there ... It is besides the position of many economists, who recommend without hesitation that there is the least possible of "regulation", and, of linguistic confusion in approximation in the translations, that there is the least possible of Right.

This is expressly taken up by institutions such as the World Bank, which advocates for the economy to be prosperous that there is as little law as possible so that the economic initiative can develop: this is the postulate of the Doing Business reports. . It results from this syllogism a rather bad classification of France, which is a State of Droi; it cannot be otherwise because it is by the effect of another syllogism that France, or the European Union, conceive the Law: the assumption by the Law of the risks.

But in the face of competition law, centered on risk-taking, that is to say favorable to those who are so many opportunities, is developing Compliance Law, centered on risk prevention, c is to say hostile to these, which are all prospects of collapse in the future.

If we turn economic systems towards Compliance techniques, the risk changes in nature: there is no longer an opportunity to be seized and becomes something to watch. And the tool to do so is constituted by the risk mapping which appears in recent texts, thus validating legal cultures of which competition is not the only ideal.

Indeed, the development of Compliance Law, in that it internalizes in large companies the concern for risk prevention, thus extending the Law of Regulation which had before him faced Competition Law - centered on the ideal of risk taking - the contrary principle of risk prevention due to the specificities of certain "sectors", comes today to give reason to the continental model of a Law which is directly concerned with risks. Thus this couple "Law and Risk", formerly an unnamed couple, becomes omnipresent, because the Law technically expresses in Ex Ante its concern for others, and what can happen to it in the future (A). This is not so revolutionary. On the contrary, not only does this correspond to a humanist conception of the rule of law, which cares about human beings by removing them from the risks that threaten them. We find a solid trace of it in the information obligations because a "cartography" is information organized in Ex Ante around a previously established goal, for example the prevention of corruption or the prevention of the violation of human rights. . Before the so-called "Sapin 2" and "Vigilance" laws, this structural obligation to provide information on risks existed, both in company law, in financial market law, and in all branches of law expressing a " systemic concern "(B).


To define risk mapping, when the risks are so diverse, we must return to the act of mapping. This act, covered by the Sapin 2 law as a "modality" of the obligation to ensure that there is no corruption or trading in influence by the company, appears to be a fact. In the latter case, it is therefore a "constrained" legal fact, since it is only the execution of a legal obligation, but the company can draw up this for the sake of good management, because it wants not to commit a breach, by diligence, even this "love of the Law" that Rousseau wanted us to be common to all! footnote-1741. These two gestures should be given to map different statuses (1). Indeed, depending on their status, this effort - whether compulsory or not - that constitutes a risk mapping will constitute mitigating or aggravating circumstances in the retrospective analysis made by the judge or the law enforcement authority (2). Even more, because mapping only makes sense with regard to a purpose, if this exceeds that for the company of measuring its risks in order to control them and encompasses the concern of third parties so that allowing these to evade the risks thus revealed, then the fact of mapping turns into general engagement of information - of which the financial law is only one example - allows the third party to his third party to measure his own risks (3 ).

1. Risk mapping by order of the Law and risk mapping by diligence: different statuses

It is advisable to distinguish when a company makes an act of mapping of the risks on order of the Legislator, to concretize exactly what this one required from it, from the other cases, where the company makes a mapping of the risks to other purposes, where in the case of a business which is not covered by the Legislator.

For example, the so-called "Sapin 2" law requires companies as a "modality" of their compliance obligation "to draw up a risk map. But not all risks: only risks of breach of probity, which constitutes corruption and influence peddling. If the company, because it is useful for it, targets other risks, it no longer does so in fulfillment of a legal obligation but because it is useful for it to measure its risks and not to commit offenses.

A distinction must therefore be made between the compulsory action of mapping and the action of mapping by diligence. This is where Compliance Law has points of contact with management on the one hand, because it is good management to make sure not to commit offenses, and this goes far beyond corruption and of influence peddling.

For example not to commit market abuse, neither in the form of anti-competitive behavior, nor in the form of acts on the financial markets (dissemination of false information, use of information, withholding of information, ignorance of the obligation to provide information on the future in the event of a takeover by public offer). For this, it is wise, mandatory to draw up a risk map in advance, in particular with a view to possible anti-competitive behavior, but the Competition Law does not currently include devices similar to those of the so-called Sapin law 2 (with criminal and administrative sanctions) or those of the so-called Vigilance law (with an ordinary mechanism of civil liability for others).

2. Risk mapping: a justifying fact or an aggravating circumstance: a faulty diversity of case law solutions


3. The spontaneous and engaging act of mapping: researching the risks in order to better counter them




1. Inform in advance about the interference of the risks incurred from the perspective of Company Law

Jurisprudence stated before the Law that information is a general principle of Company Law, even if they are not exposed to the financial markets. This principle is established for the benefit of partners and creditors, who are now clothed in the English language of shareholders and stakeholders, which does not change their legal nature.

Because under the new terms, is it not classic law that is retired? Besides, isn't the first Risk Mapping the mechanism of the balance sheet, which is inseparable from Company Law?

However, the evolution of the conception of what a balance sheet is, as not only a reflection of the past but as anticipation of the future since it is a primary information tool to enable holders of securities, present and potential to act in anticipation of this one makes it possible to maintain that the balance sheet is becoming a kind of business risk mapping.


This is true through the group's accounting consolidation, through the increasingly restrictive status of the provision, through the evolution of accounting standards. The work of the French Accounting Standards Authority (ANC) on this subject shows that these are aimed at the future, that is to say also at risk.

Even if the "false balance sheet", because it still falls under criminal law, a branch of the law which remains strictly interpreted, is not a reflection of the obligation of an exact, faithful and sincere balance sheet, that the balance sheet does not does not have to be "true", that it has even less to predict the future, the commitments made by the agents having the function of injecting stability into the future by this specific technique, the fact remains that for example the general obligation of "prudence" and the provisioning techniques correspond to this idea today formulated under this expression "risk mapping".

2. Inform in advance about the interference of the risks involved in the perspective of financial market information: the prospect of a "right to be worried"

The judgment of the Commercial Chamber of the Court of Cassation of March 7, 2018, Huit-Clos shows. It is a company whose securities were listed on compartment C of Nyse Euronext Paris. After its judicial liquidation, its directors were sanctioned by the Sanctions Commission of the Autorité des Marchés Financiers for having communicated the difficulties of the company to the market late. The appeal argued that the managers' knowledge of the upcoming deficits was information that was not precise or certain enough to justify such an obligation. But the Court of Cassation noted that the managers had done everything to reassure the markets, in particular by the statement in the half-yearly financial report posted online at the end of November that "the main risks and uncertainties to which the group may be exposed in detailed in the Annual Report". The managers immediately add that "to their knowledge, no major event, modifying the mapping of these risks and uncertainties, could have a significant influence on the second half".


The leaders believe their condemnation unfounded because they had given the facts to the market, including the restructuring plan with the banks and the difficult conjunction. The Authority recognizes that "the situation was not concealed and the difficulties were not masked", but it considers that the presentation which was made was "positive and reassuring", which constitutes the breach. The Court of Cassation considers that this is founded.

Thus to read this judgment, which expressly refers to "risk mapping", it is not only a matter of figures and dates, acquired or anticipated: it is also a perspective in a discourse that gives them a tone. And this tone is what constitutes the legality of cartography as it is an information tool: should the figures worry or reassure? Here, the leaders had done everything to ensure that the facts present in the mapping were interpreted as reassuring and not worrying. Yet it is their conviction for default is founded.

This is very consistent with the letter of the laws "Sapin 2" and "Vigilance" which requires mapping not only that it lists but also that it "analyzes" and that it "prioritizes" the risks. We can here consider that this first requirement of analysis "is here taken up by the common right of information of the markets, even of the investors, as the Court of Cassation conceives it. Consequently the laws however special which are" Sapin 2 "and" Vigilance "would only be the advanced bastion of the more general obligation to map risks, made to companies exposed to the markets.

This is a first question: are these two laws derogatory or are they, on the contrary, exemplary of a more general obligation to map, of which the obligation to have a balance sheet which includes accounting for risk information is a another example  ?


The second question which arises arises from the second requirement covered by the letter of these two laws: the "hierarchy" of risks. Is this requirement confined to the types of risk covered by special laws, one for the fight against breaches of probity, the other for the protection of social rights in economic chains of dependence?

The answer depends on the representation that the judge will ask for on the part of analysis and therefore of responsibility which belongs to the company itself and to those who observe it.

Indeed, if we follow this recent judgment, it takes up the idea formulated by Churchill that nothing is more misleading than a table of figures and data. It is therefore not so much the risk mapping by the company but the presentation that it makes of it that is the real information. However in a liberal conception, the financial market is a machine to understand, the investors should not be charmed by a speech of leader who always seek to please them and must have to use the tools directly, for example to correlate the data mentioned in the cards of risks, as recommended by Warren Buffet. The Court of Cassation approved a more protective conception of the market, which should not be "surprised", and discovered later that the possible deficit was already not eliminated by a promising restructuring but on the contrary already proved by an irreparably compromised situation. it is therefore more towards the obligation of intelligibility of information, weighing on the company and not on the market, which is therefore not a "machine to understand", in terms of what one could call it "the right to be worried".

The investor would therefore have a "subjective right" to be worried and that is committing a breach, sanctioned by the Autorité des Marchés Financiers, if the company communicates a map which, to use the accounting vocabulary, is certainly accurate but n is not accurate in that the injected color is not the right one.


This case law is very protective of markets and investors, since it internalizes in the company the obligation to make the first understand the correct interpretation of the data. In this, it corresponds to what Compliance Law is in a more general way, that is to say the internalization of Regulatory Law at the very heart of companies!footnote-1732, including by the means of sanctions, which therefore become the usual "modalities" of Compliance Law, further dividing conventional criminal law and the enforcement of Compliance. It is not certain that this conception, so instrumental of sanctions, here admitted by the Commercial Chamber of the Court of Cassation, is admitted by the Criminal Chamber or by the Constitutional Courts, guardians of classical criminal law!footnote-1733.

3. Inform in advance about the interference of the risks run from the perspective of system risks

But because risk mapping is only a "modality", a "tool", it will impose itself all the more since the purpose for which it is used spontaneously or imposed by law is imperative. In the so-called "Sapin 2" law, this is all the better understood since these are the goals most often expressed by criminal law, such as the prohibition of corruption, trading in influence, bribery , money laundering. In the law known as "Vigilance", it is more directly the concern of others which is put in goal, and if the Constitutional Council in its decision of April 2017 excluded that we associate a sanction of penal nature to it admitted that the law organizes the internalization of this concern in companies not directly related to the persons thus protected, thus triggering vicarious liability, including the tool imposed by this law to map the risks of harm to health, safety at work and human rights shows that it is a responsibility for others in Ex Ante. Thus, as Alain Supiot rightly wants, French law "takes responsibility seriously"!footnote-1736.


But from before the only prospect of good management of a company was since the constitution of the Compliance Law outdated since it was created in the United States to prevent in Ex Ante the systemic crises of the banking and financial systems!footnote-1737. It is to prevent the collapse of the system that so much information must be obtained, stored and transmitted by the operators themselves. It is on this idea of ​​risk prevention, all companies becoming "risk centers" as were specifically banks and insurance companies. This is why risk mapping, which has often been presented as specific to the insurance sector!footnote-1738, has been extended to all companies in all sectors imbued with systemic risks, and that it is today 'hui being generalized to all "crucial companies" which are not always systemic companies, like global companies in international trade or having an environmental impact, which does not suppose a sectoral anchoring.

Indeed, from the moment that the Law will identify a collective risk, the detection of which can be carried out by companies better than by a public organization, it will internalize this mapping work in companies. In this, the company becomes a sensor of information and classification of this with regard to a goal which is obviously external to them.

This is in particular what has been expressly proposed for many years in environmental law. The environment is neither a market nor a sector.



Like Monsieur Jourdain, any reasonable and rational enterprise sought for its own good to measure its risks, to limit the cost of corruption. What is new is the legality of this management practice. Indeed, as Carbonnier pointed out, what makes a legal situation is that it can be subjected to the analysis of a judge. For the moment, there are so few jurisdictional decisions about risk mapping that it seems to remain in the magma of the facts. But this is changing. It must even be said that this can only change.

First of all because risk mapping is at the heart of the Compliance mechanisms, that Compliance is crystallized in a now specific Law, the "Compliance Law", and that this is applied by specific Public Authorities by decisions subject to appeal brought before courts, which on the one hand and has always been a management tool and on the other hand was an information mechanism in classic branches of the Law takes on a specific legal qualification.

From the moment that failing to draw up a risk map in accordance with legal requirements justifies a contentious sanction transforms the risk map into an independent legal concept. One quickly gets lost in guesswork because the vocabulary is not very legal. Thus the AFA asserts that its mission is to control that the mapping must be "real and efficient". How can this "obligation of efficiency" be brought into what the Law gave, namely the distinction between the obligation of means and the obligation of result? We know that the law tends to replace this opposition by a gradation and through the decisions it is rather as will take shape "the obligation to map" (A).

In addition, if the various risks that must be mapped are observed, we




1. The qualification of the legal obligation of the company to operate a risk mapping through the specific Compliance Law against corruption

An obligation can only be qualified through the sanction which is made for its non-performance. This is why it is the decisions of the Sanctions Commission of the French Anticorruption Agency (AFA) that provide the answers!footnote-1728.

Indeed, in a remarkable decision of July 4, 2019!footnote-1729, the AFA Sanctions Commission had been seized by the Director General of the AFA, a prosecuting body requesting the conviction of a company which had not in particular not according to him and among others failure established a risk mapping in an efficient and useful way.

While it is true that, in application of article 17 of the so-called "Sapin 2é" law, the company in question had first received recommendations from the Agency, it did so was then conformed. In law, this constitutes a vice. Indeed, if it is true that flexible law can constitute a source of protective law for the persons concerned in that they can rely on it, see attack by recourse for excess of power!footnote-1730, one cannot go so far as to say that a recommendation compels the operator, except to transform any flexible right into hard law. The operator therefore remains free to choose the technical means by which it establishes its risk mapping. This corresponds to the fact that Compliance Law, however violent it may be, corresponds to a liberal vision of the world.


However, the company must bear the burden of proof not only of the "reality" of risk mapping but also of its "effectiveness". This double charge corresponds to the suspicion of the Legislator, even of the supervisor, according to which the structural tools of compliance are only pretenses. It is therefore not enough that they exist, they must also be effective and the company must prove it.

Even more, Compliance Law is a structural right, not a behavioral one.

2. The hypothesis of the generalization of legal qualification beyond the specific right to the prevention of breaches of integrity

In Law, the most important question is always the interpretation of silences: is it because the Legislator only raised his voice when it comes to breaches of probity that the legal regime attached to the legal obligation to map , therefore leaving good business management practice and good state bodies in charge of public policies, it should be inferred that apart from these cases the risk mapping remains a welcome diligence, which the judge or the supervisor will eventually take into account, as a fact, good point given to the one who took care of it? Or can we say, in the silence of the other risks that the Law is crystallizing around a general obligation to crystallize the risks, in particular because there would be a subjective right of others to be worried about the fact of this risk?

To respond to this, the judgment rendered by the Council of State on March 17, 2017, COFOR, is enlightening. In this case, the ministry in charge of the environment adopted a "technical note" establishing a "risk mapping" for the implementation of forest fire prevention plans. According to the applicants, this mapping in relation to the text of the Environment Code increased the powers of the prefect, thus justifying a recourse for excess of powers. This was rejected by the Council of State. Indeed, he believes that the goal being that fires do not occur, this mapping tool was necessary and therefore founds the power of the prefect who avails himself of it to compel the companies exploiting the forests.


This decision is particularly interesting because a "technical note" is not a law. But a fire is a systemic crisis like a bankruptcy or a health epidemic. Consequently, the mapping tool, because it is necessary to make the fire prevention plan provided for by law "efficient", therefore becomes legitimate, including in its binding effects.

We measure here the transversality of reasoning.


1. As a tool, cartography has the contours of risks and does not know borders

2. At the heart of Compliance Law, risk mapping abounds with the consubstantial extraterritoriality of Compliance Law


1. As a tool, cartography has the contours of risks and does not know borders

2. At the heart of Compliance Law, risk mapping abounds with the consubstantial extraterritoriality of Compliance Law




Taken literally, article 17 of the law known as "Sapin 2",


1. The necessarily teleological interpretation of the tool constituted by risk mapping

2. From a specific obligation to prevent the risk of corruption to a general obligation to prevent risk for the company established as a "crucial operator"

3. From a general obligation of systemic crisis prevention to a general obligation of risk prevention for all "crucial operators", even outside the regulated or supervised sector

4. The determination by the Politics of "monumental goals" justifying the obligation of the internal implementation of this tool of common good


1. Global prevention of corruption, the epigone of General Compliance Law



comments are disabled for this article