Updated: Oct. 17, 2020 (Initial publication: Oct. 15, 2019)


This working paper has been the basis for the introduction in the presentation made in the conference organized by the Journal of Regulation & Compliance (JoRC) on the topic : Compliance Tools, in collaboration with many Universities partners

This first conference has been organized with the Sciences po Economic Department on November 28, 2019 on Risks Mapping


This working paper is articulated with a second working paper, being the basis of the first development of this conference, on the caractère nouveau ou non en Droit de l'obligation de cartographie des risques.


These two working papers are the basis for two articles published in the collective book, Compliance Tools, in the Series Regulations & Compliance

Aug. 17, 2020

Publications : Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Risk Mapping: is it legally different when it is made by Regulatory Bodies or by Regulated Enterprises?, in  Newsletter MAFR - Law, Compliance, Regulation, 17th of August 2020

Read, by freely subscribing, other news of the Newsletter, MAFR - Law, Compliance, Regulation

To go further, read Marie-Anne Frison-Roche's working paper: Legal Theory of Risk Mapping, center of Compliance Law 


Summary of the news

Risk mapping, until recently exclusively set up spontaneously by companies, is a tool more and more used by regulators, like the AMF (French Financial Markets Regulator) which publishes every year a risks and markets mapping. 

Regulators map risks in order to perceive better what are the regulation needs of the sector but also in order to communicate, specially with regulated firms. Regulators make mapping made by themselves available in order to furnish to regulated companies a precise methodology that they could follow when they would have to make their own risk mapping, imposed by Law.  

Regulators having authority over regulated firms, this help could quickly be transformed in injunction to follow the conception adopted by the regulator for the firm which have to realize its own risk mapping. We can imagine that the firm must justify if it does not take back the spirit of the risk mapping published by the regulator (comply or explain). 

June 24, 2020

Thesaurus : Textes


Référence complète : Feugère, W., La compliance en pratique ; cartographier ses risques, Editions Législatives, 2020, 74 pages. 

May 7, 2020

Thesaurus : Soft Law

Full Reference: Autorité des marchés financiers (AMF), Cartographie 2020 des marchés et des risques, Risques et tendances, July 2020

Read the 2020 Risk and Markets Map

Nov. 28, 2019


Reference : Frison-Roche, M.-A., General presentation of the cycle of conferences on Les outils de la Compliance  (Compliance Tools) and  "Théorie générale de la cartographie des risques" (Legal Theory of Risk Mapping), conference made in French, in Département d'Economie de Sciences Po & Journal of Regulation & Compliance (JoRC),  La cartographie des risques, outil de la Compliance (Risk Mapping, as Compliance Tool), November 28th, 2019, Sciences Po, Paris. 





Summary of the conference

Risk mapping is both central to the obligations or practices of companies and little apprehended by the legal systems. It is not expressly referred to by the French legal system, except for the special national laws known as "Sapin 2" and "Vigilance". But if we are out of this field, because there is only a description and not a legal definition, even less a legal notion, we do not know what legal regime to apply to the action of mapping risks. It is therefore useful, indeed compelling, to define the legal concept of risk mapping. Starting from what is still the safest ground, namely these two special laws, to go towards less secure legal grounds, such as the doctrine of the authorities or the commitments of the companies, even the ISO certifications obtained in this matter. Through a few judicial decisions and legal reasoning, a legal notion of the action of mapping risks emerges.

It is advisable to proceed in 5 steps (the working document follows another approach).
The first, based directly on the two available laws, apprehends the action of mapping when it comes into execution of a special legal obligation. The decision rendered in 2019 by the French Commission des sanctions of the Agence Française Anticorruption (French Corruption Agency's Sanctions Commission) draws probate games as to the demonstration of the execution of the obligation and the probationary system can be extended. In the same way the decision of the French Conseil constitutionnel (Constitutional Council) in 2017 on the "Vigilance Act" shows that a mechanism referred to as a "modality" is legitimate with regard to the goal, which is, concerning this tool, the establishment of a responsibility for others. It is therefore the concern for the situation of others that can be targeted by the Law thanks to Compliance Tool, especially Risk Mapping.

The second theme aims to map risks as a fact of good management for a company, while the enterprise is not constrained by a legal obligation. This fact is a paradox because the Regulatory Authority and the Judge may, where the conduct that was to be prevented occurs, for example a market abuse or an anti-competitive behavior, either qualify as an aggravating circumstance or as an attenuating circumstance. Consideration of the theory of incentives should lead to the adoption of the American solution, that is to say the qualification of an effective cartography as a mitigating fact. European case law is not yet fixed, especially in terms of Competition Law's compliance.

The third theme is the mapping action carried out by an entity which, in doing so, exercises power over a third party. Because cartography is as much an obligation as a power, possibly on a third party. The Conseil d'Etat (French Council of State) in 2017 qualified risk mapping as an act of grievance, but doing so legitimately, since it was to prevent forest fires efficiently. This solution based on the teleology attached to Compliance Law can be transposed to other areas.

Going further, one may consider transforming this action from de facto status to legal status on the part of the company, if it thus identifies risks for third parties. It would thus give third-party creditors the right to be in a position to measure the risks that weigh on them. Risk mapping would thus be part of a broader unilateral commitment by powerful companies, recognizing the existence of risks for third parties to enable them to know their nature and extent. If this responsibility Ex Ante (characteristic of Compliance Law) is fulfilled, then the Ex Post liability of the company could no longer be retained. This is the ongoing issue of the Johnson & Johnson trial (2019 American judgment), in terms of medical compliance. Because if one can argue that there exists through this kind of risk mapping that the posology a "subjective right to be worried about the risks related to the taking of the drug", the patient remains free in the use of it. The question of whether third-party education is included in the mapping, since the alert is already included in it, is an open question. For now, the answer is negative.

Indeed and in a fifth time, appears the liberal definition of Compliance Law through the apprehension that the Law must make of the cartography of the risks. Beyond the rational act that any person has to control their risks for their own interest, by preventing the damaging effects of that from the crystallization of risk has in fact proved, it is a question of preserving an external interest for the preservation of which the Law must intervene because the subject of law, in particular the company will be less likely to be concerned.

By the imprint of the law, risk mapping expresses the concern for an external interest, either of a system or of a third party. But this support in Ex Ante implies force (Sapin 2, Vigilance, financial market information obligation) or will (social responsibility, ethical commitment, adoption of non-financial standards) relates only to information, its constitution, its intelligibility and its hierarchy. Then it is the actors exposed to the risks, able to understand in Ex Ante the extent as far as they are concerned, either the entity itself, or the thirds, to choose to run them to no.



  • Consult the two sets of slides as basis of the conference: 




Nov. 27, 2019



This Working Paper served as the basis for an intervention in the conference organized in the conference cycle organized by the Journal of Regulation & Compliance (JoRC) on the theme: Compliance Tools, in collaboration with many university partners: this first conference is organized in collaboration with the Sciences po Economics Department and is held on November 28, 2019 at Sciences po and deals with the more specific theme of Risk mapping.

It also serves as the basis for the book edited by Marie-Anne Frison-Roche, Compliance Tools, which will be released in the Regulations & Compliance collection.




 Is the consideration by Law of the Risk Mapping mechanism so new?

At first glance yes, and one might even be surprised at this novelty, since this rational anticipation of risks should have been recognized for a long time. But this is perhaps due to the more general fact that Risk itself has only recently become an autonomous legal object in Economic Law, in particular because Risk does not have at all the same position in Competition Law and in Regulation Law (I) .. Its position is even opposed in the both, Risk becoming central in Regulation Law. Compliance Law being the extension of Regulatory Law, it is also built on the "concern" of Risk and the internalization of this consideration in enterprises therefore takes the form of mapping.

A closer look maybe not,even  before the specific  French laws, called "Sapin 2" and "Vigilance" and beyond them, case law decisions giving a general scope to maps drawn up by operators, or increasing the obligation that 'they have to do it (II). In this, general and precise technical Law offers points of support for Compliance Law, strengthening it in its tools.


Sept. 13, 2019

Thesaurus : Doctrine

Référence complète : Hautereau-Boutonnet, M., Le risques de procès climatique contre Total : la mise à l'épreuve contractuelle du plan de vigilance, in Revue des contrats, n°3, Lextenso, 2019, p.95


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

July 4, 2019

Thesaurus : Autorité de Contrôle Prudentiel et de résolution (A.C.P.R.)

July 1, 2019

Thesaurus : Soft Law

Référence complète : Cartographie AMF des marchés et des risques, in Bulletin Joly Bourse, Lextenso, n°04, 2019, p.7


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"



June 5, 2019

Thesaurus : Doctrine

Référence complète : Thierache, C., RGPD vs Cloud Act : le nouveau cadre légal américain est-il anti-RGPD ?, in La Revue juridique Dalloz IP/IT,  n°6, 2019, p.367


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Oct. 3, 2018

Thesaurus : Doctrine

Référence complète : Dyens, S., La cartographie des risques, outils central de la compliance publique, in AJCT, 2018, p.491


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Jan. 12, 2018

Thesaurus : Doctrine

Référence complète : Schlegel, F., La cartographie des risques, pierre angulaire de la réglementation Sapin 2, in La LJA, 2018.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Dec. 22, 2017

Thesaurus : Soft Law

July 3, 2017

Thesaurus : Soft Law

Référence complète : AMF, cartographie des risques 2017, in Droit financier, Lextenso, 2017, 108 p.


L’AMF a publié sa cartographie 2017 qui constitue un panorama de l’évolution sur un an des risques liés à l’actualité économique, financière et réglementaire. Elle analyse le financement de l’économie, les marchés ainsi que l’épargne des ménages et la gestion collective.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Feb. 2, 2017

Thesaurus : Doctrine

Référence complète : Brosses (de), S., Gestion, cartographie des risques. Un pilotage vigilant, in Juris associations, Dalloz, n°570, 2017, p.43


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Jan. 2, 2017

Thesaurus : Doctrine

Référence complète : Boursier, M.-E., L'impact de l'ordonnance du 1er décembre 2016 sur la cartographie des risques des entreprises, in Bulletin Joly Bourse, Lextenso, n°116, 2017, p. 6.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"


Dec. 9, 2016

Thesaurus : 02. Lois

Oct. 3, 2016

Thesaurus : Doctrine

Référence complète : Samuelian, M., Les actions juridiques et réglementaires à l'épreuve des risques cartographiés par l'AMF, in Bulletin Joly Bourse, n°10, Lextenso, 2016, p. 440


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

Dec. 11, 2013

Thesaurus : Doctrine

Référence complète : Collard, Christophe, et Christophe Roquilly. « Les risques juridiques et leur cartographie :proposition de méthodologie », La Revue des Sciences de Gestion, vol. 263-264, no. 5, 2013, pp. 45-55.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"



Oct. 1, 2012

Thesaurus : Doctrine

Référence complète : Oster, T., Droit de la concurrence et assurance : cartographie des risques au lendemain de l'enquête sectorielle de la commission européenne et de l'adoption du nouveau règlement d'exemption catégorielle, in RGDA, n°4, Lextenso, 2012, p. 959.


Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"

March 7, 2012

Thesaurus : Doctrine

Référence complète : Dyens, S., La nécessité de dresser une cartographie des risques juridiques, in AJ Collectivités Territoriales, 2012, p.131

July 8, 2008

Thesaurus : Doctrine

Référence générale: Bueb, J.-P., Risk mapping methodology. Developing practical tools for procurement. Workshop on Investment and Anti-Corruption Policies in the framework of the International Compact for Iraq, in OECD, Paris, 8-10 juillet 2008, 20 p.


Lire le rapport.