Oct. 22, 2020

Thesaurus : Soft Law

Full reference: Coeurquetin, R., Comparaison mécanique des versions 2017 et 2020 des recommendations de l'Agence Française Anti-corruption sur la cartographie des risques de corruption, October 2020, 9 p. 

Read the mechanical comparison (in French)

To go further on the question of risk mapping, read Marie-Anne Frison-Roche's working papers: Drawing up Risk Maps a an Obligation and the Paradoxe of "Compliance Risks" and Anchor Points of the Risk Mapping in the Legal System

Aug. 17, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Risk Mapping: is it legally different when it is made by Regulatory Bodies or by Regulated Enterprises?, in  Newsletter MAFR - Law, Compliance, Regulation, 17th of August 2020

Read, by freely subscribing, other news of the Newsletter, MAFR - Law, Compliance, Regulation


Summary of the news

Each year, the Autorité des marchés financiers (French financial markets regulator), the European Central Bank and the Agence française anti-corruption (French anti-corruption agency) publish risk maps. At first glance, risk maps established by the regulator aim to both help regulator and the regulated company to face risks by anticipating them. These documents would only be an assistance brought to firms in their Compliance mission and not an injunction from the regulator to take into account the risks that it emphasizes.  

However, Law forces firms to do their own risk maps under penalty of sanctions. Since the regulator has previously published its own risk map, can companies, obliged to write theirs, deviate from it? If the firm follows the map published by the regulator, can it protect itself against this if it is accused of not having fulfilled its compliance obligations? On the contrary, if the operator does not follow regulator's risk map, can this be blamed on it? Formally, regulator's risk maps do not come with an injunction to take it into account but, as everyone knows, any recommendation from a regulator or supervisor must be taken into account.

The legal solution could here be the implementation of a system of "comply or explain" which would mean that if the firm decides to no follow the risk map established by the regulator, it must be able to justify its choice. 


To go further, read:

June 24, 2020

Thesaurus : Textes


Référence complète : Feugère, W., La compliance en pratique ; cartographier ses risques, Editions Législatives, 2020, 74 pages. 

May 7, 2020

Thesaurus : Soft Law

Full Reference: Autorité des marchés financiers (AMF), Cartographie 2020 des marchés et des risques, Risques et tendances, July 2020

Read the 2020 Risk and Markets Map

Nov. 28, 2019


Reference : Frison-Roche, M.-A., General presentation of the cycle of conferences on Les outils de la Compliance  (Compliance Tools) and  "Théorie générale de la cartographie des risques" (Legal Theory of Risk Mapping), conference made in French, in Département d'Economie de Sciences Po & Journal of Regulation & Compliance (JoRC),  La cartographie des risques, outil de la Compliance (Risk Mapping, as Compliance Tool), November 28th, 2019, Sciences Po, Paris. 





Summary of the conference

Risk mapping is both central to the obligations or practices of companies and little apprehended by the legal systems. It is not expressly referred to by the French legal system, except for the special national laws known as "Sapin 2" and "Vigilance". But if we are out of this field, because there is only a description and not a legal definition, even less a legal notion, we do not know what legal regime to apply to the action of mapping risks. It is therefore useful, indeed compelling, to define the legal concept of risk mapping. Starting from what is still the safest ground, namely these two special laws, to go towards less secure legal grounds, such as the doctrine of the authorities or the commitments of the companies, even the ISO certifications obtained in this matter. Through a few judicial decisions and legal reasoning, a legal notion of the action of mapping risks emerges.

It is advisable to proceed in 5 steps (the working document follows another approach).
The first, based directly on the two available laws, apprehends the action of mapping when it comes into execution of a special legal obligation. The decision rendered in 2019 by the French Commission des sanctions of the Agence Française Anticorruption (French Corruption Agency's Sanctions Commission) draws probate games as to the demonstration of the execution of the obligation and the probationary system can be extended. In the same way the decision of the French Conseil constitutionnel (Constitutional Council) in 2017 on the "Vigilance Act" shows that a mechanism referred to as a "modality" is legitimate with regard to the goal, which is, concerning this tool, the establishment of a responsibility for others. It is therefore the concern for the situation of others that can be targeted by the Law thanks to Compliance Tool, especially Risk Mapping.

The second theme aims to map risks as a fact of good management for a company, while the enterprise is not constrained by a legal obligation. This fact is a paradox because the Regulatory Authority and the Judge may, where the conduct that was to be prevented occurs, for example a market abuse or an anti-competitive behavior, either qualify as an aggravating circumstance or as an attenuating circumstance. Consideration of the theory of incentives should lead to the adoption of the American solution, that is to say the qualification of an effective cartography as a mitigating fact. European case law is not yet fixed, especially in terms of Competition Law's compliance.

The third theme is the mapping action carried out by an entity which, in doing so, exercises power over a third party. Because cartography is as much an obligation as a power, possibly on a third party. The Conseil d'Etat (French Council of State) in 2017 qualified risk mapping as an act of grievance, but doing so legitimately, since it was to prevent forest fires efficiently. This solution based on the teleology attached to Compliance Law can be transposed to other areas.

Going further, one may consider transforming this action from de facto status to legal status on the part of the company, if it thus identifies risks for third parties. It would thus give third-party creditors the right to be in a position to measure the risks that weigh on them. Risk mapping would thus be part of a broader unilateral commitment by powerful companies, recognizing the existence of risks for third parties to enable them to know their nature and extent. If this responsibility Ex Ante (characteristic of Compliance Law) is fulfilled, then the Ex Post liability of the company could no longer be retained. This is the ongoing issue of the Johnson & Johnson trial (2019 American judgment), in terms of medical compliance. Because if one can argue that there exists through this kind of risk mapping that the posology a "subjective right to be worried about the risks related to the taking of the drug", the patient remains free in the use of it. The question of whether third-party education is included in the mapping, since the alert is already included in it, is an open question. For now, the answer is negative.

Indeed and in a fifth time, appears the liberal definition of Compliance Law through the apprehension that the Law must make of the cartography of the risks. Beyond the rational act that any person has to control their risks for their own interest, by preventing the damaging effects of that from the crystallization of risk has in fact proved, it is a question of preserving an external interest for the preservation of which the Law must intervene because the subject of law, in particular the company will be less likely to be concerned.

By the imprint of the law, risk mapping expresses the concern for an external interest, either of a system or of a third party. But this support in Ex Ante implies force (Sapin 2, Vigilance, financial market information obligation) or will (social responsibility, ethical commitment, adoption of non-financial standards) relates only to information, its constitution, its intelligibility and its hierarchy. Then it is the actors exposed to the risks, able to understand in Ex Ante the extent as far as they are concerned, either the entity itself, or the thirds, to choose to run them to no.



  • Consult the two sets of slides as basis of the conference: 




Nov. 27, 2019



This Working Paper served as the basis for an intervention in the conference organized in the conference cycle organized by the Journal of Regulation & Compliance (JoRC) on the theme: Compliance Tools, in collaboration with many university partners: this first conference is organized in collaboration with the Sciences po Economics Department and is held on November 28, 2019 at Sciences po and deals with the more specific theme of Risk mapping.

It also serves as the basis for the book edited by Marie-Anne Frison-Roche, Compliance Tools, which will be released in the Regulations & Compliance collection.




 Is the consideration by Law of the Risk Mapping mechanism so new?

At first glance yes, and one might even be surprised at this novelty, since this rational anticipation of risks should have been recognized for a long time. But this is perhaps due to the more general fact that Risk itself has only recently become an autonomous legal object in Economic Law, in particular because Risk does not have at all the same position in Competition Law and in Regulation Law (I) .. Its position is even opposed in the both, Risk becoming central in Regulation Law. Compliance Law being the extension of Regulatory Law, it is also built on the "concern" of Risk and the internalization of this consideration in enterprises therefore takes the form of mapping.

A closer look maybe not,even  before the specific  French laws, called "Sapin 2" and "Vigilance" and beyond them, case law decisions giving a general scope to maps drawn up by operators, or increasing the obligation that 'they have to do it (II). In this, general and precise technical Law offers points of support for Compliance Law, strengthening it in its tools.


Oct. 15, 2019


This working paper has been the basis for the introduction in the presentation made in the conference organized by the Journal of Regulation & Compliance (JoRC) on the topic : Compliance Tools, in collaboration with many Universities partners

This first conference has been organized with the Sciences po Economic Department on November 28, 2019 on Risks Mapping


This working paper is articulated with a second working paper, being the basis of the first development of this conference, on the caractère nouveau ou non en Droit de l'obligation de cartographie des risques.


These two working papers are the basis for two articles published in the collective book, Compliance Tools, in the Series Regulations & Compliance

Sept. 13, 2019

Thesaurus : Doctrine

Référence complète : Hautereau-Boutonnet, M., Le risques de procès climatique contre Total : la mise à l'épreuve contractuelle du plan de vigilance, in Revue des contrats, n°3, Lextenso, 2019, p.95


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

July 4, 2019

Thesaurus : Autorité de Contrôle Prudentiel et de résolution (A.C.P.R.)

July 1, 2019

Thesaurus : Soft Law

Référence complète : Cartographie AMF des marchés et des risques, in Bulletin Joly Bourse, Lextenso, n°04, 2019, p.7


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"



June 5, 2019

Thesaurus : Doctrine

Référence complète : Thierache, C., RGPD vs Cloud Act : le nouveau cadre légal américain est-il anti-RGPD ?, in La Revue juridique Dalloz IP/IT,  n°6, 2019, p.367


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Oct. 3, 2018

Thesaurus : Doctrine

Référence complète : Dyens, S., La cartographie des risques, outils central de la compliance publique, in AJCT, 2018, p.491


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Jan. 12, 2018

Thesaurus : Doctrine

Référence complète : Schlegel, F., La cartographie des risques, pierre angulaire de la réglementation Sapin 2, in La LJA, 2018.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Dec. 22, 2017

Thesaurus : Soft Law

July 3, 2017

Thesaurus : Soft Law

Référence complète : AMF, cartographie des risques 2017, in Droit financier, Lextenso, 2017, 108 p.


L’AMF a publié sa cartographie 2017 qui constitue un panorama de l’évolution sur un an des risques liés à l’actualité économique, financière et réglementaire. Elle analyse le financement de l’économie, les marchés ainsi que l’épargne des ménages et la gestion collective.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Feb. 2, 2017

Thesaurus : Doctrine

Référence complète : Brosses (de), S., Gestion, cartographie des risques. Un pilotage vigilant, in Juris associations, Dalloz, n°570, 2017, p.43


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Jan. 2, 2017

Thesaurus : Doctrine

Référence complète : Boursier, M.-E., L'impact de l'ordonnance du 1er décembre 2016 sur la cartographie des risques des entreprises, in Bulletin Joly Bourse, Lextenso, n°116, 2017, p. 6.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"


Dec. 9, 2016

Thesaurus : 02. Lois

Oct. 3, 2016

Thesaurus : Doctrine

Référence complète : Samuelian, M., Les actions juridiques et réglementaires à l'épreuve des risques cartographiés par l'AMF, in Bulletin Joly Bourse, n°10, Lextenso, 2016, p. 440


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Dec. 12, 2013

Thesaurus : Doctrine

Full reference: Collard, C., and Roquilly, C., Les risques juridiques et leur cartographie : proposition de méthodologie (Legal Risks and Their Mapping: proposition of Methodology)La Revue des Sciences de Gestion, vol. 263-264, no. 5, 2013, pp. 45-55.

Sciences Po's students can read this article via Sciences Po's Drive in the folder MAFR - Regulation & Compliance

Dec. 11, 2013

Thesaurus : Doctrine

Référence complète : Collard, Christophe, et Christophe Roquilly. « Les risques juridiques et leur cartographie :proposition de méthodologie », La Revue des Sciences de Gestion, vol. 263-264, no. 5, 2013, pp. 45-55.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"



Oct. 1, 2012

Thesaurus : Doctrine

Référence complète : Oster, T., Droit de la concurrence et assurance : cartographie des risques au lendemain de l'enquête sectorielle de la commission européenne et de l'adoption du nouveau règlement d'exemption catégorielle, in RGDA, n°4, Lextenso, 2012, p. 959.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

March 7, 2012

Thesaurus : Doctrine

Référence complète : Dyens, S., La nécessité de dresser une cartographie des risques juridiques, in AJ Collectivités Territoriales, 2012, p.131

Nov. 17, 2011

Thesaurus : Doctrine

Full reference: Bon-Michel, B., La cartographie des risques : de la rationalisation du futur à l'apprentissage du risque. Cas de l'identification du risque opérationnel au sein d'un établissement de crédit (Risks Mapping: from Rationalization of the Future to Risk Learning. Case of the Identification of the Operational Risk in a Credit Establishment)Management & Avenir, vol. 48, no. 8, 2011, pp. 326-341.

Sciences Po's students can read this article in the Sciences Po Drive in the folder MAFR - Regulation & Compliance 

July 8, 2008

Thesaurus : Doctrine

Référence générale: Bueb, J.-P., Risk mapping methodology. Developing practical tools for procurement. Workshop on Investment and Anti-Corruption Policies in the framework of the International Compact for Iraq, in OECD, Paris, 8-10 juillet 2008, 20 p.


Lire le rapport.