ComplianceTech®. Pour lire ce document de travail en français, cliquer sur le drapeau français
Référence : Frison-Roche, M.-A., Building by Law the unity of Compliance Tools from the definition of Compliance Law by its "Monumental Goals"", Working Paper 2020.
This Working Paper has been the basis for an article in the collective book Compliance Tools, 2020
Working Paper summary: The "tools of Compliance" do not stack on top of each other. They form a system, thanks to a unity drawn from the goals that all these multiple and different tools serve: the "Monumental Goals" by which Compliance Law is defined.
All these tools are configured by these goals and in order to master all these techniques, it is essential to put them all in perspective of what Compliance Law is, which is designed teleologically with regard to its goals. Extension of Regulatory Law and as, Compliance Law is built on a balance between the principle of competition and other concerns that public authorities claim to take care of. Compliance Law has moreover more "pretensions" in this respect, for example in environmental matters. All the means are then good, the violence of the tools marrying without difficulty with the voluntary commitments since it is the goals which govern this branch of Law.
As adopted legal solutions show, a common method of interpretation and common levels of constraint for all Compliance Tools result from this definition. Starting from the goals (in which legal normativity is housed), the interpretation of the different tools is thus unified, without the necessity of a legislation including all these Compliance tools. Moreover, the different degrees of constraint do not operate according to the consideration of sources (traditional legal criterion) but by the goals, according to the legal distinction between obligations of means and obligations of results which result from the articulation between tools, of which the establishment is an obligation of result, and the goals, of which the achievement is only an obligation of means.
“Compliance Tools” do not stack on top of each other. They form a system thanks to a unity drawn from the goals that all these multiple and different tools serve: the "monumental goals" by which Compliance Law is defined.
All of these tools are configured, developed, and legally controlled through these goals. To master all these techniques in practice, to adjust them in relation to each other and to anticipate the requirements that supervisory authorities and courts will develop concerning them, it is essential to put them all in perspective of what Compliance Law is, which is teleologically conceived from its goals (I). As shown by legal solutions , this results in a method of interpretation and differentiation of legal constraints common to all Compliance Tools (II).
I. THE TELEOGICAL NATURE OF COMPLIANCE LAW, ATTACHING ALL THE COMPLIANCE TOOLS TO THE MONUMENTAL GOALS THEY SERVE
Let's start from the definition of Compliance Law. This definition explains the legal solutions applying to the various Compliance Tools and how they will develop in the future. Because its tools will vary, by technology and by the variety of organisation and culture of the various entities that build them, the Monumental Goals will be stable and unfold over time. Legal normativity being within them, companies will always be referring to these goals, which, for them, are guarantees of legal certainty.
Compliance Law is a new branch of Law that should not be reduced to being just a way of making rules more effective, which would limit it to being only a formal Law of enforcement, a sort of Ex Ante execution, being no more than a simple obligation for companies to show their effective respect of all regulations. Compliance Law is an extension of Regulatory Law (A). Borrowing its teleological nature, it confers unity to these so diverse "Compliance Tools" that they all, by nature, serve the same "Monumental Goals" by which Compliance Law is defined (B).
A. COMPLIANCE LAW, EXTENSION OF REGULATORY LAW
Regulatory Law is the expression by the public authorities of specific pretensions: those to build and maintain in economic systems, whose competitive market dynamics is preserved, a balance between this and other concerns. This is the definition all agree to give to Regulatory Law
Built in Ex Ante, Regulatory Law characterizes "sectors" for which a balance is initially created and then maintained over time by an unstable balance between the principle of Competition and other "concerns", such as, for example, prevention of Systemic Risks, universal Access to Care or plurality of opinions. To ensure the permanent effectiveness of these technical or political Goals in a liberal competitive system, permanent Regulatory Authorities are established and exercise their powers on a permanent basis, the relevant time of their action being the future.
It is accepted that Regulatory Law is teleological by nature. As it was made clear in 2001 in the very definition of Regulatory Law
But the evolution of the world has led to go beyond Regulatory Law to generate Compliance Law, which extends and exceeds it; in two ways, firstly by transposing the goals of the first beyond the regulated sectors (1), and secondly by increasing the pretensions supported by the goals to achieve (2).
1. Compliance Law, a Regulatory Law beyond the regulated sectors
Initially, the concerns put in balance, face to the welcomed Competition principle, characterized specific sectors, for example the concern for Autonomy in the energy sector or the concern for the absence of Crucial Operators failure in the banking and financial sectors, have justified their incorporation into the enterprises themselves. This is why Compliance mechanisms were born in the banking and financial sectors, involving transparent companies supervised by public authorities interfering in their governance
It is possible to observe this consideration by Compliance Law of concerns that have not been covered by Regulatory Law, either because their scope exceed the sector that saw them arise, or because they arise. Deploy in a space that does not constitute a sector. This is particularly the case of the digital space, which cannot be qualified as a "sector" since Digital constitutes a new global configuration of the world in which we live
More generally, the issue of Equity, which had been legally taken in charge by Regulation Law, in particular by the tarification mechanism, is taken up through the theme of the requirement of "regulation of globalization", the world not being a sector either, this expression of "regulation of globalization" rather refers to International Trade Law.
Thus, the "vigilance" mechanism, of which the French law known as the "Vigilance law" of 2017 is only one example, is an essential tool in Compliance Law in that it makes it possible in particular to take charge of the regulation of an economic chain regardless of sectors, because it is right to do so
Compliance Law will thus take over from Regulatory Law by organizing management of its regulatory concerns while breaking the prerequisite which nevertheless seemed sine qua non for the existence of a sector
For example, Compliance Law will internalize compliance obligations in banks, no longer because they belong to a regulated and supervised sector but because of the fact that they "are in a position" to be vigilant, in particular regarding their clients, which they must "know", a technique (KYC) for obtaining information that they will transmit to the authorities to fight against corruption. In the same way, concern for the environment is internalized, through the now legal notion of "green finance" because they are the most able to put in place the tools to satisfy environmental pretensions. Compliance Law now appears, taking over from Public International Law, as the branch of Law that could claim to "regulate globalization"
Because Compliance Law is the extension of Regulatory Law in sectors that are already regulated but also outside of any sector consideration, the application of the mechanisms therefore operates from the "goals" of Compliance Law , which are the same as those for Regulation Law. This is particularly clear where banking and finance are concerned, where this extension was first conceived
2. Compliance Law, bearer of pretensions beyond those of Regulatory Law: the Compliance "Monumental Goals"
Compliance Law represents an extension compared to Regulatory Law not only about the activities targeted but also about the pretensions articulated. The United States, which were the first to design Compliance Tools with regard to the goals pursued by Regulatory Law, have remained with these goals, mainly the prevention of systemic risks, corruption being integrated into them.
This is where the "Europe of Compliance" stands out
European Compliance Law is therefore intrinsically more complex than the others, than American Law or Chinese Compliance Law for example, because it aims at the same time on the one hand on the concentration and communication of information for preserving systems and people from future systemic damage (for example a market collapse or an epidemic) and on the other hand the exclusion of this same concentration and communication, as soon as this information concerns the individuals. One is not the principle and the other the exception. These are two central principles.
The "Personal Data Law", which is still little advanced
This primary concern of human beings in Compliance Law such as European Law carries it increasingly, in particular through this new unique tool that are all the subjective rights, which are intended to become the primary tools because they are its most natural tools
The article published in 2016 on Compliance Law
B. UNICITY OF COMPLIANCE TOOLS THROUGH MONUMENTAL GOALS NORMATIVITY IN RELATION TO WHICH THEY COMBINE
Because Compliance Law places these monumental goals at the very center of its definition, they are infused into the legal regime applied to the various tools both in the required interpretations and in the constraints associated with them.
This is why the various compliance techniques are "tools", not independent from each other, the extreme diversity of which posing no difficulty.
Indeed, the term "tool" refers to an instrumental definition of what we are talking about, the technique in question only taking its final legal form with regard to what it serves. A "tool" has no meaning in itself, it is only a sketch and it is to lose oneself in its technicality to cut it off from its intimacy with its goal.
This is why if Compliance Law was reduced to being just a "tool", stopped there and didn't include the goals in the definition, not only its learning would become very difficult, and one would, no doubt, then prefer to reduce "conformity" to "legality", inviting simple and understandable "codes of ethics" to express "what is right"
Even more, because Monumental Goals are consistent with each other, even in this apparent contradiction between the obligation to centralize and disseminate Information and the prohibition to centralize and disseminate Information, because one can define the whole of Compliance Law through Monumental Goal of protecting human beings, which sometimes involves one and sometimes involves the other, it is these monumental goals that ensure the Compliance Law unity and therefore allow its application globally consistent over time.
Without this unifying function of negative and positive Monumental Goals, which can themselves be expressed by the human beings protection, there would be no Compliance Law, but simply a small enforcement Law in Ex Ante which extends each branch of Law, because all branches of Law gain from being ever more effective and we should then speak of "Competition Compliance Law", "Labor Compliance Law," "Environmental Compliance Law", and so on, as in many stages of a tower that would never finish rising.
Indeed, why not stop at these previous branches of Law, because for instance Family Law also requires effectiveness in Ex Ante and there should indeed be a Compliance Family Law, and a Compliance Property Law, and so on. While in this simple procedural definition, it is difficult to justify the presence of Personal Data Law into Compliance Law if the new branch of Law would not guarantee the effectiveness of a corpus that is external to it, the insertion of Data Law into Compliance Law being contested.
Starting instead from Monumental Goals to make the whole of this new branch of Law work, the outlines of which being quite easy to define, the result is firstly a better understanding of the methods of interpretation of compliance mechanisms, transparent tools by relation to these normative goals, and secondly a method to measure the degree of legal constraint associated with these different compliance processes.
II. INTERPRETATION METHOD AND STRENGTH OF CONSTRAINT OF COMPLIANCE TOOLS
From the moment that Compliance Law was the extension of Regulation Law, implying, as it de jure a teleological reasoning, the result is a method of interpretation which is usual: starting from the goals, in which legal normativity is housed, to deduce first of all the way of interpretation of the different tools (A). This is usual for branches of Economic Law. The uniqueness of the different tools being obtained by the goals, the different degrees of constraint are not operated by the sources but by the goals, according to the legal distinction between obligations of means and obligations of results (B).
A. THE INTERPRETATION METHODS REQUIRED FOR ALL COMPLIANCE TOOLS
As soon as the legal normativity of Compliance is in its "Monumental Goals", this means that the interpretation of its mechanisms, because they are only "tools, must follow.
Interpretation is an intellectual operation that is required in the silence, contradiction or obscurity of the rules. In such an assumption, which is so frequent, the question is then how to apply a compliance mechanism, when it produces constraints on others or when it produces prerogatives: in the uncertainty of the texts, should it be interpreted ? restrictively or broadly ?
If the goals are not integrated into Compliance Law, then the only principle at work in Economic Law remains the Competition Principle, which on the one hand is based on Freedom and prohibits a broad interpretation of constraints, and which on the other hand excludes the concentration of Information and its dissemination. Thus, all Compliance Tools being mechanisms organized by operators of centralization, connection and transmission of Information, they seem to be an exception to the principle of Competition, where everyone keeps Information to himself and fights against others in instant relations.
Thus each Compliance Tool, legitimate in itself (in particular because a law would have anchored it in the legal system), should be interpreted restrictively if we continue to think of economic systems around the Principle of Competition, with only some scattered special provisions. This would be even more true that Compliance Law would be only a tool of effectiveness
But if considering, on the other hand, that Compliance Tools, including in the powers they confer on those who wield them, for example the companies managing digital platforms in charge of fighting hate speechs, a particular form of human beings protection, must be interpreted with regard to the Monumental Goals, then each provision within each Compliance Tool must be compared to the Monumental Goal: if the particular technical provision serves this goal, then it must itself be interpreted as a Principle, and therefore interpreted widely. It is only if it does not contribute to the Monumental Goal achievement that its restrictive interpretation is required.
The stake is then of a probative nature.
It is up to the company which avails itself of a principle interpretation of a Compliance Tool which gives it power over others, for example obtaining Information, to demonstrate that this serves the Monumental Goal. It will be wise to preconstitute the proof of such a positive link between the technical and legal Tool and the Monumental Goal,
The operateur should associate with the first proof a second one. It must preconstitute in advance the proof of a proportional relationship between the constraint on others and the achievement of this Monumental Goal, this demonstration being the subject of a preconstituted proof and being at the disposal of the Regulatory and Supervisory public bodies.
B. THE LEGAL CONSTRAINT DETACHED FROM THE SOURCE CRITERION, ATTACHED TO THE LINK BETWEEN THE TOOL AND THE MONUMENTAL GOAL
To measure the Compliance Tools legal force of constraint, it is not necessary to start from the sources of these tools but rather from the goals they serve. Indeed, as the Law of Regulation had done, the essential is in the "mission", that is to say the objective which is aimed and which is defined by the public authorities. This definition takes on all the more consistency in Compliance Law which treats the implementation of the various Compliance Tools in the same way whether they are provided for by various regulations or whether they are provided for by the enterprises themselves. , in particular through the mechanisms of charters, the "Compliance Charters" coming to take place alongside the "Codes of Conduct" and "Codes of Cthics", the teams in charge of Compliance contributing to the drafting of all these various documents to create a "Compliance Culture" within the company.
The legal question is whether the establishment of the various Compliace Tools constitutes a legal obligation of means or a legal obligation of result. It is precisely not the distinction between the sources of elaboration and no more between the various Compliance Tools that provide the dividing line, but the relationship between Compliance Tools and Monumental Goals for which they have been drawn up, willingly or face-to-face, by one technique or another (1). If this distinction begins to become clear in the legal systems, on the other hand, the probationary system which should result from it remains to be built (2).
1. The handling of the distinction between the legal obligation of means and the legal obligation of result in superposition of the distinction between "Compliance Tools” and "monumental goals”
As soon as entreprises will themselves have "pretensions" to take care of interests which go beyond them, through their social responsibility or a new conception of their "mission", thus claiming to have a "raison d'être" , being no longer concerned by the sole profit, they will be linked by them for the benefit of those who observe this handling of Compliance Tools.
It is often emphasized that Compliance Law gives a great place to Soft Law, which is the case for companies as well, by these numerous charters. But it is also the fact of the public institutions, in particular by guidelines. Now each one is able to produce "codes" like new little Napoleon made with the French Code civil in 1804... Why not, on condition that those who write these "codes", which can not only be educational
The existence of a constraint or not will therefore not come from the source, because one cannot maintain that only the Hard Law would be able to constrain and not the Soft Law, because the guidelines of the Authorities are at this point binding
For all Compliance Tools, whatever their source, the distinction is therefore made between legal obligations of means and legal obligations of result. The enterprise, whether coerced or spontaneously adopting the compliance tool, cannot be forced to achieve the Monumental Goal. Such a requirement would be all the more unreasonable since it is a question of "monumental goals", all being expressed by the effective and efficient consideration of the weak person. The consideration can only be a legal obligation of means. But putting in place the Compliance Tools to achieve this is a legal obligation of result.
Thus, no matter whether the source of commitment to the goal is based on legislation, an order from an authority (through a Compliance Program, for instance) or an act of Corporate Societal Responsibility, the rule of constraint must always be the same, whatever the Compliance Tool considered: implement tools to measure (principle of proportionality) of monumental goals. This implementation is an obligation of result. To reach Monumental Goals is an obligation of means.
This effective implementation being an obligation of result, it implies a Probationary Compliance Culture to be built by enterprises.
2. The Probationary Compliance Culture, based on a systematic program of pre-constitution of evidence
Indeed, Compliance Tools are not mechanically controlled and should not be mechanically designed: their impregnation by the Monuental Goal will itself be controlled by the Supervisory Authorities
Thus a systemic probation program must be set up in enterprises, translating Compliance Tool by Compliance Tool the way in which they converge effectively and efficiently towards Monumental Goals (without necessarily reaching them).
For example, collaborations on various Audits, which does not always result in detecting everything but which makes it possible to conclude that there is a "Compliance audit" within the enterprise.
For example Internal Investigations which do not produce a denunciation of any disregard of the rules but which demonstrate the effectiveness of the "Vigilance" of the enterprise, Vigilance by which the enterprise expresses the distance it organizes towards of itself and the care it takes in the sector in which it fits upstream and downstream.
For example Training Programs, which do not always result in fully disseminating a "Culture of Compliance", but which are effectively designed for this, the success of training to be measured beyond actual presence.
For example, Risk Mapping which does not detect all the crises that will occur, but follows commonly accepted methodologies to do so.
For example, Whistleblowing Systems which do not lead all the holders of information to transmit pertinent Information (and only this), but which encourage them to do so thank to the effective protection that is organized.
For example, Exemplary Behavior form top managers, behavior which is not always sufficient to convince everyone that Compliance Law is an opportunity for enterprises and for Europe and not a scourge, but which tends to do so, in particular by the non-contradiction between their words and their acts.
This structurally organized set of Ex Ante Compliance Tools then appears in its unity which respond to each other, reinforce each other and thus satisfy the obligation of result which now weighs on enterprises, new "crucial operators" of a world that seeks its anchors, obliged to show that they take charge of non-immediate global concerns.
Frison-Roche, M.-A., Le Droit de la Régulation, 2001.
Sur les différents rapports que les techniques juridiques de Régulation entretiennent avec le principe de concurrence, v. un rappel pédagogique va une leçon sur le Droit de la Régulation conçu tout d'abord dans un rapport avec le Principe de concurrence, soit en ce que le Droit de la Régulation (alors "transitoire") est ce qui permet de construire un marché concurrentiel, le Droit de la Régulation étant l'accompagnement de la libéralisation de secteurs naguère monopolistiques, soit en ce que le Droit de la Régulation est ce qui répond à une "défaillance de marché", appareillage requis pour une organisation dont l'idéal demeure le principe de concurrence. A cela se distingue une troisième conception du Droit de la Régulation, proposée en 2001, et qui tend à se généraliser, plus politique, d'un Droit de la Régulation qui ne prend pas le principe de Concurrence, ni comme réalité à construire ni comme idéal au regard duquel il faut gérer les "défaillances" de marché, mais comme une branche du Droit qui crée et maintient un équilibre entre le principe de concurrence et d'autres soucis définivement poursuivis, même dans des situations où techniquement la loi de l'offre et de la demande pourraient suffire. Cette conception est aujourd'hui plus partagée qu'il y a 20 ans.
Frison-Roche, M.-A., Le Droit de la Régulation, 2001.
Frison-Roche, M.-A. (dir.), Régulation, Supervision, Compliance, 2017.
On this historical dimension, see Frison-Roche, M.-A., Compliance : before, now, after, 2017.
See Frison-Roche, M.-A., L'apport du Droit de la Compliance à la Gouvernance d'Internet, 2019.
Frison-Roche, M.-A., Se tenir bien dans l'espace numérique, 2019.
Pour l'exposition du mécanisme de vigilance et sa justification, v. Supiot, A., Prendre la responsabilité au sérieux; 2015.
Sur la description de tout cela, v. les travaux essentiels d'Alain Supiot sur la "reféodalisation" du monde :
Frison-Roche, M.-A., Le Droit de la Compliance au delà du Droit de la Régulation, 2018.
Frison-Roche, M.-A., Globalization from the Point of view of Law, 2017.
Frison-Roche, M.-A., Compliance : before, now and after, 2017.
Frison-Roche, M.-A. (dir.), Pour une Europe de la Compliance, 2019.
Frison-Roche, M.A., Le Droit européen de la Compiance, conception humaniste, 2019.
Frison-Roche, M.-A., Rethinking the world from the notion of "data", 2016.
About the simultaneous application of this two principles, see for example, in the litigation related to the exploration of Facebook's data, the ordinance of the European Union Court Président on 29th of October 2020.
Frison-Roche, M.-A., Les droits subjectifs, outils premiers du Droit de la Compliance, 2020.
Le Droit américain, par la loi dite Dodd-Frank , organisant la prévention des crises en protégeant chaque investisseur par des droits nouveaux, droit à l'information portable, droit au recours juridictionnel.
Voir par exemple le "Code de conduite" de Norvartis, transformé en "Code d'éthique", lequel a pour fonction d'exprimer ce qui est juste.
Sur l'exposé de cette conception et sa réfutation, v. Frison-Roche, M.-A., Droit de la concurrence et Droit de la Compliance, 2018.
On the pedagogic dimension of every Compliance tool, see Frison-Roche, M.-A., Training, container and content of Compliance, 2020
Conseil d'Etat, 16 mars 2016, Numericable , et FinverestI.
A propos des lignes directrices de la CNIL, dont la disposition fut annulée par le Conseil d'Etat de ce fait, C.E., ... juillet 2020.
Cela est acquis pour les multiples chartes, à travers les engagements déontologiques. Mais cela peut être également soutenu pour des documents de nature plus "interne", comme la cartographie des risques, dès l'instant qu'on peut rattacher cet outil de compliance à des droits subjectifs, notamment le droit des tiers "à être inquiétés", forme particulière du droit à l'information. V. dans ce sens, Frison-Roche, M.-A., ... ; v. d'une façon plus générale le grand avenir des droits subjectifs comme outils premiers de la compliance, Frison-Roche, M.-A., .....
V. dans ce sens Galland, M., ....