This publication must be cited as follows: Frison-Roche, Compliance Law, Working Paper, 2016, http://mafr.fr/en/article/le-droit-de-la-compliance/
This article provides a basis for an article published in the Recueil Dalloz in French : "Le droit de la compliance".
‘Compliance’ issues have been increasingly discussed in recent years. Articles, handbooks, soft law, decisions or definition have been written. But nothing really converges. The term ‘conformity’ [conformité in French] is used in parallel, or even instead of the usual concept of compliance. There are as many definitions of what compliance is as there are authors writing on the matter. And yet it is used in manifold ways, from Competition law to International Finance law, from the hardest law (enforced with the help of the most stringent sanctions) to business ethics, according to which behaving should be enough to be compliant. At a time when compliance invades law, it should be first noted that we are too shortsighted to grasp the mechanism (I), whereas it is necessary to build a comprehensive Compliance law (II).
Read developments below.
I. COMPLIANCE, AN ODD CONCEPT JUGGLING BETWEEN COMPLETELY VOLUNTARY AND COMPLETELY COMPELLED BEHAVIORS
Compliance is an ‘odd concept’ (A). One might indeed understand it either as a behavioral program set by an undertaking on a voluntary basis, or as a regulation with a global scope enforced with unprecedented sanctions (B).
A. COMPLIANCE AS AN ODD CONCEPT
Compliance is strange indeed, because of the plasticity of its definition (1), to its literally foreign origin (2) and its untranslatable character (3), which leaves the definition of the compliance open to everyone (4).
1. Compliance, from a non-legal idea to a tautology of the Law
Compliance may refer to the fact of behaving well, of spontaneously taking into account the interests of others. As it is originally linked to moral principles, compliance takes place in business ethics
While reading at other sources though, one might find yet another assertion that compliance conversely refers to the commitment an operator makes to comply with all the regulations
2. Compliance as an American-originated, indirectly and brutally imported idea
Compliance, understood as the formulated requirement for a given company to give to see it is organized so that everyone who depends on it behaves according to the regulations in force, is an American idea.
The company proves beforehand that its entire structure, as well as anyone who depends on it, is consistent with the general rules of the system which itself depends upon. Thanks to this considerable effort, the company evades the burden of a hazardous Ex Post: compliance is the equivalent of the Anglo-American probationary maxim: Comply or Explain.
It is through the theories of banking and financial economics that were developed in the United States that compliance has arrived in Europe
3. Compliance as an untranslated or untranslatable term
Compliance is even more hardly understandable
4. Compliance as an open definition
As the French saying goes, compliance is now an “auberge espagnole”
B. FROM COMPLIANCE AS A "VOLUNTARY PROGRAM" TO COMPLIANCE AS THE GLOBAL REIGN OF RELENTLESS REGULATIONS
Compliance has emerged as the autonomous form of expression of a company that offers to self-regulate after it has been imposed a sanction (1), but it has started reversing and taking a global boom as the powerful expression of Banking and Financial Regulators which internalize the performance standards set by them in companies (2).
1. The emergence of compliance as an expression of the willingness of a company to change to be in line with what law expects from it: the ex-ante as the follow-up of a sanction
That is the definition that is most used in Competition law, whereby a company condemned by the Regulator adopts a "compliance program". Understood as a means to self-regulate, such a program—which includes training, new jobs, etc.–demonstrates the willingness of the company to ensure that its misconduct will not repeat in the future.
This commitment intervenes ex ante; however, not only does it originate from the company itself, but its scope is limited to the prevention of anti-competitive practices. The sanction is the cause.
2. The explosion of compliance as the global and limitless reign of relentless regulations
Conversely, in international commercial law, or in banking and finance law, compliance is the expression of the will of governments to impose rules which they do not have the strength to ensure the effectiveness of: lawmakers or government Regulators thus adopt standards that we might dub "monumental" considering their huge goal: e.g., the end of corruption, or the end of any trade with a country they consider unworthy of (embargo) or end of the terrorism— that is to say, global ills.
Regulators thus internalize the implementation of these monumental public standards into structures that are de jure and de facto informed and powerful: multinational companies which operate international financial operations. Hence compliance is the global internalization of a local public regulation within supranational companies that are designated as effective agents of global, monumental goals.
Since the goal set by public authorities is legitimate (fight against terrorism, crimes against children, drug trafficking, etc.), the company is bound. It can only outbid the ‘compliance device’ it is implementing to achieve the purpose of Regulation. If its organization and behavior is not consistent with the provisions taken by the laws in the very specific areas that are monitoring international and global financial flows to detect systemically harmful behaviors, then the company is sanctioned and cannot oppose neither any justification nor its own legal system: that is how regulation applies “relentlessly”. Sanction is not the cause of compliance anymore, but rather its consequence.
Anyone can measure that the single word of compliance actually includes foreign and opposite techniques. It should be noted that in the field of the law, when concepts are not defined properly, then control over them is lost and nothing can be done anymore to prevent power from replacing the Law. This is even more true for European undertakings, since these compliance techniques have been developed outside of Europe but are now applied extensively on European companies, which discover their fate on a case-by-case basis.
Compliance law should thus be built, and its components firmly determined.
II. ELEMENTS OF "COMPLIANCE LAW"
It is necessary to build a new branch of law—Compliance Law (A) as well as to determine who would be in charge (B) and what would its guiding principles be (C).
A. THE NEED TO BUILD COMPLIANCE LAW
Accordingly, economic operators should be disciplined and accountable; however, it is unacceptable to make their fate dependent on case-by-case assessments based on concepts whose sense keep fluctuating. If the objective is merely to affirm that the operators must comply with the laws, then we must challenge the very existence of compliance and recall that compliance with the Law is always assumed.
However, if the stance is that Law can be dissociated from the State, and that it is legitimate to fight against global ills such as terrorism, then it can be argued that national spaces are too narrow, that international treaties are inadequate and that the States lack both money and information to achieve such objective.
It is then legitimate to consider that a set of various duties to ‘inform to inform’ rely on powerful operators, this ex ante system of compliance being the consideration for the position of power.
B. ON THE DETERMINATION OF THE ACTORS IN CHARGE OF COMPLIANCE LAW
1. States and Regulators as the issuers of compliance standards
Political bodies shall be responsible for setting the goals companies must achieve. There is a consensus on the determination of global ills. The United States are neither the moral conscience nor the legal voice of the world despite their technical ability to punish everything all over the world. Europe must express an equal ambition which would imply the same technical consequences.
2. Crucial undertakings as the activating bodies of the compliance standards
Undertakings that are willy-nilly charged with the duty to inform themselves in order to inform others are those in position to have information on practices that fuel global ills or that may affect global public goods, including the trust in the economic and financial system. Their nationality is irrelevant—only their ability matters. They can be condemned and compelled to be ‘able’, provided they are they are sufficiently powerful to assume such a burden. Banks or companies managing digital platforms are likely to be designated, but all companies that have a "crucial" position in a sector or industry are concerned.
There will thus be a certain marriage of convenience between the crucial undertaking that has or should have the information and the Regulator which pursues the systemic goal (e.g., the fight against terrorism or crimes against children). This will not raise any issue if the Regulators at stake are ‘Information Regulators’, such as Banking and Finance Regulators or the Regulators in charge of the digital space. But if the capture and transmission of information by the company is driven by an objective that is not intrinsic to the sector, such as the protection of nature or of the human species, then the relevant authorities would rather be public authorities or ministries.
As compliance involves a continuum between the Ex Ante and Ex Post stages, courts and Regulators assuming a sanctioning role are essential, as well as the various commitments and compliance programs implemented by companies, including the presence of compliance officers after a sanction has been imposed on the company. Nonetheless, this compliance officer, hand of the judge, must respect the secrets and rights of defense.
Both European Courts (ECHR and ECJ) and the texts on the Banking union should be enriched so that such devices are set to apply to all critical undertakings, including non-European companies which do not sufficiently contribute to the information in Europe for completion of global goods and the fight against global ills.
C. ON THE DETERMINATION OF THE GUIDELINES SPECIFIC TO COMPLIANCE LAW
1. On the necessarily (?) global scope of Compliance law
Compliance has developed in financial law because finance is global, and sanctions are imposed by the United State because operators think that their global reach through the United States. A single State thus imposes its own law invoking global hopes, such as the end of terrorism.
However, the economic power of Europe and of the new Banking Union can enable Europe to endorse the same hopes; furthermore, nothing separates the two legal areas in these common struggles against child crime and the protection of intellectual property. What will change is the conceptualization of the key concepts of Compliance law that can develop from a continental European law, which is not casuistry and probably safer, and which has an equally wide range, as shown with European Competition law or Data Protection law.
2. A clear identification of the source of the obligation and of the responsibility ensuing
The guiding principles of Compliance law shall be clear, and they shall not depend on situations or on arrangements. The company should be obliged under a general text and not by its own will: however, the various charters that spray mandatory standards complete the blurriness of compliance and weaken operators.
Compliance law does not appeal to the morality of agents in charge of its implementation, nor is available to companies who are subject to it. Companies must be literally responsible in the classic understanding of the term.
3. The transformation of the probationary system
One must be aware of the actual weight that Compliance law represents for crucial undertakings, as it is consideration for their position and their power in terms of information that are decisive to the pursuit of global goods and ills others are concerned about.
This is why companies must be protected against their main risk, which often occurs: unforeseen and random sentences, whereas compliance devices had been implemented in good faith.
The classic rules of law must be respected in Compliance law, where repression is placed at heart: a general norm that is known and that has been previously established, non-casuistic application of the law, and a set of pre-established rules on evidence gathering.
Anyone kept posted on global economic and financial news can measure the extent to which Compliance law remains to be built and how urgent it is now to do so.
The Revue Internationale de la Compliance et de l’Ethique des Affaires (International Review on Compliance and Business Ethics) is exemplary in this regard
See, e.g., Classiot, O., Renouard, N., « De la compliance à l’éthique des affaires, de la règle descendante à la culture partagée, de la direction juridique à la direction RSE. Analyse d’un changement clé dans l’approche des entreprises », in Revue Internationale de la Compliance et de l'Éthique des Affaires n° 1, 2016. This strong ‘compliance’ movement is often taught in Business school like business ethics or in parallel with it.
In this sense, see the communication of the European Commission in 2013, Compliance matters!
In the same way, in its introduction to a complete dossier on Les grandes entreprises échappent-elles au droit? (2016), Marjorie Eeckhoudt writes: "Too complex to be subject to conventional regulation, large companies are in a hurry to apply a new form of regulation: compliance to which European and national legislators now refer. This policy of compliance consists for the companies to set up a device aiming at ensuring the conformity of the practices to the rules of law. ". (p. 152).
In this same dossier, Björn Fasterling defines compliance as follows: "The term compliance, translated by" compliance ", can be defined by its prospective result as" adherence to the rules ". But the term compliance also means such as the management of an information and communication system aimed at protecting the interests of the company to the extent that it is exposed to the risk of violation of legal and ethical rules. compliance is assimilated to the attempt to influence, by regulation, management systems so that they ensure better prevention, identification and punishment of infringements. " (p.218).
As the French system Law says "Nul n'est censé ignoer la Loi", and now we can say "Nul n'est censé ignorer la compliance" .... In this sense, Creux-Thomas, F., Nul n'est censé ignorer la compliance ?, 2011.
On the historic development, see, e.g., Lefèbvre-Dutilleul, V., Codes de bonne conduite – Chartes éthiques, 2012, n°5°, p. 11 et s. "Origine américaine”
Plihon, D., Global Regulation in the Altermath of the Subprime Crisis, in Crifo, P. and Ponssard, J.-P., Corporate Social Responsability : From Compliance to Opportunity ? , 2010
Maître Virginie Lefebvre-Dutilleul evokes what she designates as a "talking definition" and which is the one that appeared in 2012 on the site of the company today called ENGIE: "Ethics has for definition the concrete application of which is morally acceptable, consistent with values, in a given situation. Compliance brings together all the devices to be implemented to achieve the objective of compliance. Ethics and compliance thus constitute two sides of the same coin which concern all Group employees and which must therefore be brought to their attention through a dedicated organization and existing standards ". (Lefèbvre-Dutilleul, V., Codes of good conduct - Ethical charters, 2012, n ° 18, p.17).
In 2016, the ENGIE site retained the same definition. It is thus declined:
Act in accordance with laws and regulations: In all circumstances, Group employees must observe international, federal, national and local regulations as well as the rules of professional ethics relating to their activities.
Establish a culture of integrity: Integrity prescribes avoiding any conflict between personal interests and the interests of the Group. It builds the conviction that we have a duty to respect certain values. It thus creates a climate of trust and constitutes a shield against corrupt practices.
Demonstrate loyalty and honesty: Employees keep their commitments on time. Whenever they communicate, both externally and internally, they do so in good faith, in a constructive spirit, with a concern for sincere, precise and complete information.
Respect others: This principle covers in particular respect for the rights of people, their dignity and their uniqueness, as well as respect for cultures. It also applies to tangible and intangible property belonging to others. "
Such a definition is surprising considering the technical definition conferred to legal deontology and considering how the legal system always distinguished legal rules from moral ones, whereas they are completely confused here. See, e.g., Gutmann, D., L'obligation déontologique entre l'obligation morale et l'obligation juridique, 2000.
See, e.g., Lefèbvre-Dutilleul, V., Codes de bonne conduite – Chartes éthiques, 2012, who exposes the various attempts to define the notion ("tentatives de définition" (n°15 et s.), p.16 et seq.), while considering that compliance relating to the banking and finance sector is specific and has a different meaning that the usual acception of ‘compliance’ in the other sectors (n°14, p.15).