Updated: Nov. 13, 2020 (Initial publication: July 15, 2020)


🚧 Building by Law the unity of Compliance tools from the definition of Compliance Law by its "monumental goals"

by Marie-Anne Frison-Roche

ComplianceTech® ↗️ pour lire ce document de travail en français, cliquer sur le drapeau français

RĂ©fĂ©rence : Frison-Roche, M.-A., Building by Law the unity of Compliance Tools from the definition of Compliance Law by its "Monumental Goals"", Working Paper 2020. 

This Working Paper has been the basis for an article in the collective book Compliance Tools, 2020


Working Paper summary: The "tools of Compliance" do not stack on top of each other. They form a system, thanks to a unity drawn from the goals that all these multiple and different tools serve: the "Monumental Goals" by which Compliance Law is defined.

All these tools are configured by these goals and in order to master all these techniques, it is essential to put them all in perspective of what Compliance Law is, which is designed teleologically with regard to its goals. Extension of Regulatory Law and as, Compliance Law is built on a balance between the principle of competition and other concerns that public authorities claim to take care of. Compliance Law has moreover more "pretensions" in this respect, for example in environmental matters. All the means are then good, the violence of the tools marrying without difficulty with the voluntary commitments since it is the goals which govern this branch of Law.

As adopted legal solutions show, a common method of interpretation and common levels of constraint for all Compliance Tools result from this definition. Starting from the goals (in which legal normativity is housed), the interpretation of the different tools is thus unified, without the necessity of a legislation including all these Compliance tools. Moreover, the different degrees of constraint do not operate according to the consideration of sources (traditional legal criterion) but by the goals, according to the legal distinction between obligations of means and obligations of results which result from the articulation between tools, of which the establishment is an obligation of result, and the goals, of which the achievement is only an obligation of means.

“Compliance Tools” do not stack on top of each other. They form a system thanks to a unity drawn from the goals that all these multiple and different tools serve: the "monumental goals" by which Compliance Law is defined.

All of these tools are configured, developed, and legally controlled through these goals. To master all these techniques in practice, to adjust them in relation to each other and to anticipate the requirements that supervisory authorities and courts will develop concerning them, it is essential to put them all in perspective of what Compliance Law is, which is teleologically conceived from its goals (I). As shown by legal solutions , this results in a method of interpretation and differentiation of legal constraints common to all Compliance Tools (II).



Let's start from the definition of Compliance Law. This definition explains the legal solutions applying to the various Compliance Tools and how they will develop in the future. Because its tools will vary, by technology and by the variety of organisation and culture of the various entities that build them, the Monumental Goals will be stable and unfold over time. Legal normativity being within them, companies will always be referring to these goals, which, for them, are guarantees of legal certainty.

Compliance Law is a new branch of Law that should not be reduced to being just a way of making rules more effective, which would limit it to being only a formal Law of enforcement, a sort of Ex Ante execution, being no more than a simple obligation for companies to show their effective respect of all regulations. Compliance Law is an extension of Regulatory Law (A). Borrowing its teleological nature, it confers unity to these so diverse  "Compliance Tools" that they all, by nature, serve the same "Monumental Goals" by which Compliance Law is defined (B).



Regulatory Law is the expression by the public authorities of specific pretensions: those to build and maintain in economic systems, whose competitive market dynamics is preserved, a balance between this and other concerns. This is the definition all agree to give to Regulatory Law!footnote-1917, Regulation Law that no one confuses with the administered economy or with Competition Law!footnote-1932.

Built in Ex Ante, Regulatory Law characterizes "sectors" for which a balance is initially created and then maintained over time by an unstable balance between the principle of Competition and other "concerns", such as, for example, prevention of Systemic Risks, universal Access to Care or plurality of opinions. To ensure the permanent effectiveness of these technical or political Goals in a liberal competitive system, permanent Regulatory Authorities are established and exercise their powers on a permanent basis, the relevant time of their action being the future.

It is accepted that Regulatory Law is teleological by nature. As it was made clear in 2001 in the very definition of Regulatory Law!footnote-1917, by definition it is required to start from the "Goals" of Regulatory Law to deduct all the right interpretations of legal rules applicable to its various mechanisms, for example "access to networks, constitution of crucial stocks, tarification or the allocation of exclusive rights".

But the evolution of the world has led to go beyond Regulatory Law to generate Compliance Law, which extends and exceeds it; in two ways, firstly by transposing the goals of the first beyond the regulated sectors (1), and secondly by increasing the pretensions supported by the goals to achieve (2).


1. Compliance Law, a Regulatory Law beyond the regulated sectors 

Initially, the concerns put in balance, face to the welcomed Competition principle, characterized specific sectors, for example the concern for Autonomy in the energy sector or the concern for the absence of Crucial Operators failure in the banking and financial sectors, have justified their incorporation into the enterprises themselves. This is why Compliance mechanisms were born in the banking and financial sectors, involving transparent companies supervised by public authorities interfering in their governance!footnote-1933, in charge of ensuring themselves to prevent market abuses that can be committed within themselves!!footnote-1927

It is possible to observe this consideration by Compliance Law of concerns that have not been covered by Regulatory Law, either because their scope exceed the sector that saw them arise, or because they arise. Deploy in a space that does not constitute a sector. This is particularly the case of the digital space, which cannot be qualified as a "sector" since Digital constitutes a new global configuration of the world in which we live!footnote-1926. This is all the more difficult as the Freedom principle alone cannot suffice to civilize a space: for the moment it is this sole universal principle which has produced a space without a real architecture!footnote-1930.

More generally, the issue of Equity, which had been legally taken in charge by Regulation Law, in particular by the tarification mechanism, is taken up through the theme of the requirement of "regulation of globalization", the world not being a sector either, this expression of "regulation of globalization" rather refers to International Trade Law.

Thus, the "vigilance" mechanism, of which the French law known as the "Vigilance law" of 2017 is only one example, is an essential tool in Compliance Law in that it makes it possible in particular to take charge of the regulation of an economic chain regardless of sectors, because it is right to do so!footnote-1931 The obligation of "vigilance" will develop in the years to come, the notions of industry, chains and network replacing the abstract notion of "market" to account for organizations of power and oblige companies accordingly!footnote-1934, including those providing only capital.

Compliance Law will thus take over from Regulatory Law by organizing management of its regulatory concerns while breaking the prerequisite which nevertheless seemed sine qua non for the existence of a sector!footnote-1918: by internalizing directly in companies, whether or not they belong to a sector, concerns for a balance between the principle of Competition, which has been retained, and concerns hitherto limited to several sectors.

For example, Compliance Law will internalize compliance obligations in banks, no longer because they belong to a regulated and supervised sector but because of the fact that they "are in a position" to be vigilant, in particular regarding their clients, which they must "know", a technique (KYC) for obtaining information that they will transmit to the authorities to fight against corruption. In the same way, concern for the environment is internalized, through the now legal notion of "green finance" because they are the most able to put in place the tools to satisfy environmental pretensions. Compliance Law now appears, taking over from Public International Law, as the branch of Law that could claim to "regulate globalization"!footnote-1919

Because Compliance Law is the extension of Regulatory Law in sectors that are already regulated but also outside of any sector consideration, the application of the mechanisms therefore operates from the "goals" of Compliance Law , which are the same as those for Regulation Law. This is particularly clear where banking and finance are concerned, where this extension was first conceived!footnote-1920 but the scope of these goals is now increased.


2. Compliance Law, bearer of pretensions beyond those of Regulatory Law: the Compliance "Monumental Goals"

Compliance Law represents an extension compared to Regulatory Law not only about the activities targeted but also about the pretensions articulated. The United States, which were the first to design Compliance Tools with regard to the goals pursued by Regulatory Law, have remained with these goals, mainly the prevention of systemic risks, corruption being integrated into them. 

This is where the "Europe of Compliance" stands out!footnote-1921. In this, Europe strengthens both its autonomy and its identity!footnote-1935. Indeed, while the other legal systems aim first of all the preservation of systems by the Ex Ante surveillance of the risks that threaten them thanks to the various Compliance Tools, Europe is characterized first and foremost by the association immediately made between the protection of the person and Compliance mechanism. This of which Compliance tools to protect personal data are exemplary.

European Compliance Law is therefore intrinsically more complex than the others, than American Law or Chinese Compliance Law for example, because it aims at the same time on the one hand on the concentration and communication of information for preserving systems and people from future systemic damage (for example a market collapse or an epidemic) and on the other hand the exclusion of this same concentration and communication, as soon as this information concerns the individuals. One is not the principle and the other the exception. These are two central principles.

The "Personal Data Law", which is still little advancedfootnote-1922, is indeed at the heart of Compliance Law and itself implies a teleological understanding of its rules, since it is always a question of both cases to protect individuals. In the future, beyond texts, such as the European Digital Services Act, it is the courts that will adjust the simultaneous application of these two principles!footnote-1928, more difficult to operate than the correlated application between a principle and an exception.

This primary concern of human beings in Compliance Law such as European Law carries it increasingly, in particular through this new unique tool that are all the subjective rights, which are intended to become the primary tools because they are its most natural tools!footnote-1929, explains the increase in the "pretensions" expressed: it takes the legal form not only of the protection of the privacy of persons, but also of the requirement of " probity "which places the person at the center of the markets, justifying the tools imposed in terms of fight against corruption, money laundering, terrorist financing, market abuse (financial abuse!footnote-1936 or anti-competitive behavior). The whole will be increased and unified by a renewal of their interpretation by the primary consideration of the protection of persons.

The article published in 2016 on Compliance Law!footnote-1923  thus places in its definition the "Monumental Goals", of a negative nature (preventing the advent of a phenomenon, such as corruption, drug or human beings trafficking, etc.) or of a positive nature (obtaining the advent of a phenomenon, such as the preservation of nature, equality between human beings, etc.), the whole converging towards a unified goal of protecting human beings. The evolution of positive legal rules shows that the general definition of which European Law, in particular through Personal Data legal protection, has given the example, is anchored more and more in legal techniques; these tools of Compliance finding their unity by the uniqueness of the "Monumental" Goal for which they were set up.



Because Compliance Law places these monumental goals at the very center of its definition, they are infused into the legal regime applied to the various tools both in the required interpretations and in the constraints associated with them.

This is why the various compliance techniques are "tools", not independent from each other, the extreme diversity of which posing no difficulty.

Indeed, the term "tool" refers to an instrumental definition of what we are talking about, the technique in question only taking its final legal form with regard to what it serves. A "tool" has no meaning in itself, it is only a sketch and it is to lose oneself in its technicality to cut it off from its intimacy with its goal.

This is why if Compliance Law was reduced to being just a "tool", stopped there and didn't include the goals in the definition, not only its learning would become very difficult, and one would, no doubt, then prefer to reduce "conformity" to "legality", inviting simple and understandable "codes of ethics" to express "what is right"!footnote-1937, but still it could be an instrument of efficiency in the service of anything. This would be eminently blameworthy. Because the monumental goals of Compliance are at the heart of the definition of Compliance Law. They legally shape all the rules applied to the various "tools" used, such as risk mapping, training, reporting, suspicious transaction reports, whistleblower protections.

Even more, because Monumental Goals are consistent with each other, even in this apparent contradiction between the obligation to centralize and disseminate Information and the prohibition to centralize and disseminate Information, because one can define the whole of Compliance Law through Monumental Goal of protecting human beings, which sometimes involves one and sometimes involves the other, it is these monumental goals that ensure the Compliance Law unity and therefore allow its application globally consistent over time.

Without this unifying function of negative and positive Monumental Goals, which can themselves be expressed by the human beings protection, there would be no Compliance Law, but simply a small enforcement Law in Ex Ante which extends each branch of Law, because all branches of Law gain from being ever more effective and we should then speak of "Competition Compliance Law", "Labor Compliance Law," "Environmental Compliance Law", and so on, as in many stages of a tower that would never finish rising.

Indeed, why not stop at these previous branches of Law, because for instance Family Law also requires effectiveness in Ex Ante and there should indeed be a Compliance Family Law, and a Compliance Property Law, and so on. While in this simple procedural definition, it is difficult to justify the presence of Personal Data Law into Compliance Law if the new branch of Law would not guarantee the effectiveness of a corpus that is external to it, the insertion of Data Law into Compliance Law being contested.

Starting instead from Monumental Goals to make the whole of this new branch of Law work, the outlines of which being quite easy to define, the result is firstly a better understanding of the methods of interpretation of compliance mechanisms, transparent tools by relation to these normative goals, and secondly a method to measure the degree of legal constraint associated with these different compliance processes.



From the moment that Compliance Law was the extension of Regulation Law, implying, as it de jure a teleological reasoning, the result is a method of interpretation which is usual: starting from the goals, in which legal normativity is housed, to deduce first of all the way of interpretation of the different tools (A). This is usual for branches of Economic Law. The  uniqueness of the different tools being obtained by the goals, the different degrees of constraint are not operated by the sources but by the goals, according to the legal distinction between obligations of means and obligations of results (B).



As soon as the legal normativity of Compliance is in its "Monumental Goals", this means that the interpretation of its mechanisms, because they are only "tools, must follow.

Interpretation is an intellectual operation that is required in the silence, contradiction or obscurity of the rules. In such an assumption, which is so frequent, the question is then how to apply a compliance mechanism, when it produces constraints on others or when it produces prerogatives: in the uncertainty of the texts, should it be interpreted ? restrictively or broadly ?

If  the goals are not integrated into Compliance Law, then the only principle at work in Economic Law remains the Competition Principle, which on the one hand is based on Freedom and prohibits a broad interpretation of constraints, and which on the other hand excludes the concentration of Information and its dissemination. Thus, all Compliance Tools being mechanisms organized by operators of centralization, connection and transmission of Information, they seem to be an exception to the principle of Competition, where everyone keeps Information to himself and fights against others in instant relations. 

Thus each Compliance Tool, legitimate in itself (in particular because a law would have anchored it in the legal system), should be interpreted restrictively if we continue to think of economic systems around the Principle of Competition, with only some scattered special provisions. This would be even more true that Compliance Law would be only a tool of effectiveness!footnote-1942, in particular the effectiveness of Competition Law, concealing not in itself any autonomous principle, which can face others, in particular the Principle of Competition. In this conception, the interpretation of the Compliance Tools should always be restrictive.

But if considering, on the other hand, that Compliance Tools, including in the powers they confer on those who wield them, for example the companies managing digital platforms in charge of fighting hate speechs, a particular form of  human beings protection, must be interpreted with regard to the Monumental Goals, then each provision within each Compliance Tool must be compared to the  Monumental Goal: if the particular technical provision serves this goal, then it must itself be interpreted as a Principle, and therefore interpreted widely. It is only if it does not contribute to the Monumental Goal achievement that its restrictive interpretation is required.

The stake is then of a probative nature.

It is up to the company which avails itself of a principle interpretation of a Compliance Tool which gives it power over others, for example obtaining Information, to demonstrate that this serves the Monumental Goal. It will be wise to preconstitute the proof of such a positive link between the technical and legal Tool and the Monumental Goal,

The operateur should associate with the first proof a second one. It must preconstitute in advance the proof of a proportional relationship between the constraint on others and the achievement of this Monumental Goal, this demonstration being the subject of a preconstituted proof and being at the disposal of the Regulatory and Supervisory public bodies.



To measure the Compliance Tools legal force of constraint, it is not necessary to start from the sources of these tools but rather from the goals they serve. Indeed, as the Law of Regulation had done, the essential is in the "mission", that is to say the objective which is aimed and which is defined by the public authorities. This definition takes on all the more consistency in Compliance Law which treats the implementation of the various Compliance Tools in the same way whether they are provided for by various regulations or whether they are provided for by the enterprises themselves. , in particular through the mechanisms of charters, the "Compliance Charters" coming to take place alongside the "Codes of Conduct" and "Codes of Cthics", the teams in charge of Compliance contributing to the drafting of all these various documents to create a "Compliance Culture" within the company.

The legal question is whether the establishment of the various Compliace Tools constitutes a legal obligation of means or a legal obligation of result. It is precisely not the distinction between the sources of elaboration and no more between the various Compliance Tools that provide the dividing line, but the relationship between Compliance Tools and Monumental Goals for which they have been drawn up, willingly or face-to-face, by one technique or another (1). If this distinction begins to become clear in the legal systems, on the other hand, the probationary system which should result from it remains to be built (2).


1. The handling of the distinction between the legal obligation of means and the legal obligation of result in superposition of the distinction between "Compliance Tools” and "monumental goals”

As soon as entreprises will themselves have "pretensions" to take care of interests which go beyond them, through their social responsibility or a new conception of their "mission", thus claiming to have a "raison d'ĂŞtre" , being no longer concerned by the sole profit, they will be linked by them for the benefit of those who observe this handling of Compliance Tools.

It is often emphasized that Compliance Law gives a great place to Soft Law, which is the case for companies as well, by these numerous charters. But it is also the fact of the public institutions, in particular by guidelines. Now each one is able to produce "codes" like new little Napoleon made with the French Code civil in 1804... Why not, on condition that those who write these "codes", which can not only be educational!footnote-1925, are bound to them by the concrete consideration of the goals they aim for. Because in Law one cannot speak without saying anything.

The existence of a constraint or not will therefore not come from the source, because one cannot maintain that only the Hard Law would be able to constrain and not the Soft Law, because the guidelines of the Authorities are at this point  binding !footnote-1938 that they cannot provide for sanctioned bans!footnote-1939 and that the multiple internal documents bind the enterprises adopting them!footnote-1940

For all Compliance Tools, whatever their source, the distinction is therefore made between legal obligations of means and legal obligations of result. The enterprise, whether coerced or spontaneously adopting the compliance tool, cannot be forced to achieve the Monumental Goal. Such a requirement would be all the more unreasonable since it is a question of "monumental goals", all being expressed by the effective and efficient consideration of the weak person. The consideration can only be a legal obligation of means. But putting in place the Compliance Tools to achieve this is a legal obligation of result.

Thus, no matter whether the source of commitment to the goal is based on legislation, an order from an authority (through a Compliance Program, for instance) or an act of Corporate Societal Responsibility, the rule of constraint must always be the same, whatever the Compliance Tool considered: implement tools to measure (principle of proportionality) of monumental goals. This implementation is an obligation of result. To reach Monumental Goals is an obligation of means. 

This effective implementation being an obligation of result, it implies a Probationary Compliance Culture to be built by enterprises.


2. The Probationary Compliance Culture, based on a systematic program of pre-constitution of evidence

Indeed, Compliance Tools are not mechanically controlled and should not be mechanically designed: their impregnation by the Monuental Goal will itself be controlled by the Supervisory Authorities!footnote-1941, this impregnation must be subject to a pre-constitution of proof by enterprises.

Thus a systemic probation program must be set up in enterprises, translating Compliance Tool by Compliance Tool the way in which they converge effectively and efficiently towards Monumental Goals (without necessarily reaching them).

For example, collaborations on various Audits, which does not always result in detecting everything but which makes it possible to conclude that there is a "Compliance audit" within the enterprise.

For example Internal Investigations which do not produce a denunciation of any disregard of the rules but which demonstrate the effectiveness of the "Vigilance" of the enterprise, Vigilance by which the enterprise expresses the distance it organizes towards of itself and the care it takes in the sector in which it fits upstream and downstream.

For example Training Programs, which do not always result in fully disseminating a "Culture of Compliance", but which are effectively designed for this, the success of training to be measured beyond actual presence.

For example, Risk Mapping which does not detect all the crises that will occur, but follows commonly accepted methodologies to do so.

For example, Whistleblowing Systems which do not lead all the holders of information to transmit pertinent Information (and only this), but which encourage them to do so thank to the effective protection that is organized.

For example, Exemplary Behavior form top managers, behavior which is not always sufficient to convince everyone that Compliance Law is an opportunity for enterprises and for Europe and not a scourge, but which tends to do so, in particular by the non-contradiction between their words and their acts.


This structurally organized set of Ex Ante Compliance Tools then appears in its unity which respond to each other, reinforce each other and thus satisfy the obligation of result which now weighs on enterprises, new "crucial operators" of a world that seeks its anchors, obliged to show that they take charge of non-immediate global concerns.





Frison-Roche, M.-A., Le Droit de la Régulation, 2001.


On the various relations that legal techniques of Regulation maintain with the principle of competition, see. an educational reminder with a lesson on Regulation Law conceived first of all in relation to the Principle of competition, that is to say that Regulation Law (then "transitory") is what makes it possible to build a competitive market , Regulation Law being the accompaniment of the liberalization of sectors formerly monopolistic, either in that Regulation Law is what responds to a "market failure", equipment required for an organization whose ideal remains the principle of competition. A third conception of Regulation Law, proposed in 2001, which tends to generalize, more political, of a Regulation Law which does not take the principle of Competition, neither as a reality to be constructed nor as an ideal against which to manage market "failures", but as a branch of Law that creates and maintains a balance between the principle of competition and other concerns definitively pursued, even in situations where technically the law of supply and demand might be enough. This conception is more widely shared today than 20 years ago.


Frison-Roche, M.-A., Le Droit de la Régulation, 2001.


Frison-Roche, M.-A. (ed.), Régulation, Supervision, Compliance, 2017.


On this historical dimension, see Frison-Roche, M.-A., Compliance : before, now, after, 2017.


See in general, Frison-Roche, M.-A., Having a good behavior in the digital space, 2020.

This may be enough for operators who want to deploy their technological, economic and financial power without any limit, which translates into the legal argument built by the crucial digital operators, who have built these new spaces from the sole principle of freedom and want that one alone to be retained as a principle of government. The reaction of the actions in Ex Post of competition, which take place all over the world, are built on the principle of freedom, the Ex Post of the sanctions responding to the excesses of the Ex Ante of the companies. It cannot produce a "civilization effect".

The Conseil Constitutionnel (French Constitutional Court), in its decision of June 18, 2020, relating to the so-called "Avia" law, also remained with the principle of freedom. He could therefore only censor this voted law which is based on a law based on the principle of "dignity of human beings". The principle of "dignity of human beings", which, linked to the principle of freedom, can civilize a space, is notably promoted in Michael Sandel's work: The tyranny of Merits. What becomes common good? , 2020. This work joins the ideas developed by Alain Supiot on the dignity of human work: Frison-Roche, M.-A., Qu'est-ce qu'un régime de travail réellement humain?, 2017


For the exposition of the vigilance mechanism and its justification, see Supiot, A., Prendre la responsabilité au sérieux; 2015. 


On the description of all of this, see the essential works of Alain Supiot about the "refeodization of the world": Supiot, A., Les deux visages de la contractualisation: déconstruction du droit et renaissance "féodale", 2007


Frison-Roche, M.-A., Globalization from the Point of view of Law, 2017.


Frison-Roche, M.-A., Compliance : before, now and after, 2017.


Frison-Roche, M.-A. (ed.), Pour une Europe de la Compliance, 2019. 


Frison-Roche, M.-A., Rethinking the world from the notion of "data", 2016. 


About the simultaneous application of this two principles, see for example, in the litigation related to the exploration of Facebook's data, the ordinance of the European Union Court Président on 29th of October 2020.


Frison-Roche, M.-A., Rights, primary and natural Compliance tools, 2020.


American Law, through the Dodd-Franck Act, organizing the prevention of crisis  by protecting each investor with new rights, right to portable information, right to court action. 


Frison-Roche, M.-A., Compliance Law, 2016 ; for a more longitudinal description of this description, see The Adventure of Compliance Law, 2020. 


See for example Novartis's "Code of conduct", transformed in 2020 in "Ethics code", which is supposed to express what is fair : "Our Code of Ethics: Our committment to doing what's right.

Compliance teams participated to the elaboration of this Ethics code.


On the exposition of this conception and its refutation, see Frison-Roche, M.-A., Competition Law and Compliance Law, 2018. 


On the pedagogic dimension of every Compliance tool, see Frison-Roche, M.-A., Training, container and content of Compliance, 2020


Conseil d'Etat, 16 mars 2016, Numericable , and Finverest. ; see also C.E., 12 juin 2020, Gisti.  , which raises the admissibility of an action for excess of power against a document as soon as it presents a "portée générale" (general scope).


About CNIL's guidelines, which was broken by the Conseil d'Etat (Supreme Administrative Court), C.E., 19 juillet 2020,Association des Amis de la Terre . 


This is acquired for the multiple charters, through ethical commitments. But this can also be supported for documents of a more "internal" nature, such as risk mapping, as soon as this compliance tool can be linked to subjective rights, in particular the right of third parties "to be concerned" , particular form of the right to information. See in this perspective, Frison-Roche, M.-A., Drawing up risk maps as an obligation and the paradox of "Compliance risks", 2020 ; See in a more general way the great future of subjective rights as primary Compliance tools, Frison-Roche, M.-A., Rights, primary and natural Compliance tools, 2020

comments are disabled for this article