March 22, 2020
This working paper is the basis for an article in the French Law Journal Le Clunet.
When we compare the terms "Compliance" and "Extraterritoriality", it is often with dissatisfaction, even anger and indignation. On the momentum, after having expressed a principle of disapproval of such a merger, attention is focused on how we can fight against it, to break the link between Compliance and Extraterritoriality. But do we have to go so fast? Is this negative initial assessment correct?
Indeed, thus gone, it is frequently explained that the binding mechanisms of Compliance are suffered, that they come from abroad
We are leaving this kind of complaint against X, which targets what would be this appalling "Compliance", this Law which would be both hostile and mechanical which would not have been able to stay within the limits of borders, Compliance being thus placed in contrast to sovereignty and protection, which presuppose staying within its limits
Compliance Law would thus become the very negation of Law, since it has the effect, even the purpose (barely concealed by strategic, powerful and shameless States), of counting borders for nothing, whereas Public International Law, in that it is built between the sovereign subjects of law that are the States presupposes the primary respect for borders to better exceed them while Private International Law takes the same postulate to better welcome foreign Law in situations presenting a foreign element
If you see it that way, what should you do then? The answer is obvious: react!
It is necessary to save the sovereignty, France, companies, the Law itself. If that is how the question is posed, how can we disagree? It is therefore necessary to destroy the Compliance Law and the extra-territoriality of American Law which had found this "Trojan horse", an expression so frequently used. This is the basis for the administrative reports available, for example the Berger-Lellouche
But without discussing the effectiveness of the remedies proposed downstream, it is necessary to return to this description so widely shared made upstream. Because many elements on the contrary lead to affirm that ComplianceLaw first of all and by nature can only be extraterritorial and that it must be. Whether or not the State in which it was created has malicious intentions. The description which is made to us most often describes particular cases from which we draw generalities, but we cannot reduce Compliance Law to the already cooled cases, as BNPP case, or to the always hot case of the American embargo on Iran. Furthermore, one cannot take the issue of embargoes and draw conclusions, legitimate for it, but which would apply to the whole of Compliance Law. The fact that theCompliance Law is a branch of Law at the stage still of emergence can lead to this confusion which consists in taking the part for the whole, but it is very regrettable because what is justified for the embargoes does not is in no way relevant for all Compliance Law, of which precisely the Law of embargoes is only a small part, even an abusive use. This overlapping is not often perceived, because the definition of Compliance Law and its criterion are not clearly enough defined, namely the existence of a "monumental goal"
Once we have distinguished the embargoes, as an atypical, sometimes even illegitimate part, of Compliance Law, we should continue this work of distinction by emphasizing that the United States has certainly invented Compliance Law
Indeed, this branch of the new Law which is Compliance Law is not reducible to Competition Law
Read the developments below.
What we almost always start with, Compliance Law being "strange" especially because it comes from the United States, v. Frison-Roche, M.-A., Compliance Law, 2016.
V. par ex. Monéger, cas BNPP, ...., in Frison-Roche, M.-A. (dir)., ...
V. for ex. Bismuth, R. For a nuanced understanding of the extraterritoriality of American law - some reflections around the procedures and sanctions targeting Alstom and BNP Paris, 2015.
On the definition of sovereignty as the ability to understand its limits and to remain within its limits, even to establish them yourself, sovereignty being intimate with the idea of the rule of law, v. Supiot, A., (dir.), Mondialisation ou globalisation ? Les leçons de Simone Weil, coll. "conférences", ed. Collège de France, 233 p.
To recall these basic elements and put them into perspective in relation to Compliance Law, v. Frison-Roche, M.-A. La partie et le tout : l'Amazonie relève de quoi ? Pour le Brésil et les Etats-Unis, de la "partie" ; pour la France du "Tout". Tout l'enjeu est là, 2019.
Berger Karine, Lellouche Pierre, Rapport d'information sur l'extrateritorialité de la législation américaine, hand out to the Presidency of l'Assemblée Nationale on 5th of October 2016
Gauvain, R., Rétablir la souveraineté de la France et de l'Europe et protéger nos entreprises des lois et mesures à portée extraterritoriale, Rapport à la demande du Premier Ministre Monsieur Edouard Philippe, Assemblée nationale, juin 2019, 102 p.
Criterium found in 2016 : Frison-Roche, M.-A., Le Droit de la Compliance.
Frison-Roche, M.-A., Compliance : before, now and after, 2017.
Frison-Roche, M.-A., Un Droit substantiel de la Compliance, appuyé sur la tradition européenne humaniste, 2019 ; as a basis for an article in Pour une Europe de la Compliance, 2019.
Frison-Roche, M.-A., Droit de la concurrence et Droit de la compliance, 2018
On the links between Compliance Law and blockchain technology, v. ....
Nov. 27, 2019
This Working Paper served as the basis for an intervention in the conference organized in the conference cycle organized by the Journal of Regulation & Compliance (JoRC) on the theme: Compliance Tools, in collaboration with many university partners: this first conference is organized in collaboration with the Sciences po Economics Department and is held on November 28, 2019 at Sciences po and deals with the more specific theme of Risk mapping.
Introduction and Summary.
Most often we only describe the risk mapping mechanism, without qualifying it legally. The legislator does not do more. Thus, in the French legal system, in the law adopted in 2016 for fighting againt corruption, the so-called "Sapin 2 law", the article 17 describes cartography as "la forme d'une documentation régulièrement actualisée et destinée à identifier, analyser et hiérarchiser les risques d'exposition de la société à des sollicitations externes aux fins de corruption, en fonction notamment des secteurs d'activité et des zones géographies dans lesquelles la société exerce son activité" " ("the form of documentation regularly updated and intended to identify, analyze and prioritize the risks of exposure of the company to external solicitations at the end of corruption, depending in particular on the sectors of activity and the geographic areas in which the company operates.").
In the law adopted in 2017 for obliging big companies to be "vigilant", the article 1 of this so-called "Vigilance law" of March 27, 2017 aims to do a "cartographie des risques destinée à leur identification, leur analyse et leur hiérarchisation ("map the risks intended for their identification, analysis and prioritization").
This is a description, not a definition, with the text only targeting the "form" that this piece of information takes, without saying more. The letter of the descriptive text inserted in the second part of article 17 referring to the first part thereof, which expressly covers it as a "modality" of "the obligation" to take "measures intended to prevent and prevent detect the commission, in France or abroad, of acts of corruption or trading in influence ". In the same way when consulting the documents by which the regulatory authorities, for example the Financial Market Authority, presents the way to properly identify the risks, including the risks of "non-compliance"
Because it is understood that cartography is only a "tool", the law designated it as a "modality". It is therefore a given that we must look for what the tool is made for. Either it is done so that the law is not ignored, mapping identifying for example the increased risk that it is not: it is usually referred to by the strange name of "risk of compliance". The mapping then allows the company to execute its "compliance obligation", that is to say to ensure in Ex Ante that the law is respected by eliminating in advance the risk that it will not be . Thus, in 2008, the OECD defined risk mapping by its objectives, namely to put in place efficient means to reduce the risk of fraud and corruption and to set up efficient investigations by focusing efforts on effective procedures "
Then there are the risks which do not concern the Law, and which the company manages as so many considerations for its action, such as economic, natural or political risks, as well as "market risks", about which the Authorities markets, as the Financial Market Authority regularly draws up a "risk map"
However, we observe to what extent "risk mapping" has so far been little thought in law. Indeed, when it is exposed, and so often, that it includes both "economic risks", "political risks", and "compliance risks", when however as a whole it is not instrument of a Compliance Law, which organizes all of compliance, the lawyer who constantly orders no longer manages to follow: as "compliance" could be only part of a mechanism that itself is only part of "compliance"? There are very many writings which detail the cartography, which by a kind of mirror effect, draw up cartographies of the requirements country by country, texts by texts, sectors by sectors, law by law, cartography requirements. .. We are faced with a house of cards, always more meticulously described, without ever meeting any legal qualification. For example, does drawing up such a card constitute a legal fact or a legal act? I don't see the question even asked. Yet the consequences of diet are immense. Assuming that this is only a legal fact, can it be justified? The lawyers thought about it and instead found the door closed ... But why should it not be a legal act? The legal category of unilateral legal acts is there to welcome it. In this case, the risk mapping commits the company and we feel that regulators and judges are seeing it more and more. But if the company is engaged, with whom is it? More precisely still, if it becomes debtor of the obligation to map, even if no specific law prescribes it in a precise way, then there is necessarily a creditor beneficiary of this obligation. Who is he ? And why is it?
The essence of this contribution is to ask these questions. They are elementary. They open up avenues, those that the exercise of legal qualification, legal categorization and legal definition, opens up.
If for the moment it has been little practiced, risk mapping being strangely left to algorithms, capable of heaping up data and incapable of defining and qualifying legally, this may be due to the fact more general than Law and risk are rarely directly associated. The mechanism of good management that constitutes risk mapping, especially in organizations that are not companies but are in charge of administering and adopting this good method without constraint
Consequently, since there is under the classic information of the political pretension, of the will to "prevent" the evil, which is quickly transformed into the will to "promote" the good, the new appears. The novelty is first of all institutional (II). In this, the so-called "Sapin 2" law, through the establishment of the French Anticorruption Agency, institutionalized this mechanism by which companies "exposed" to financial markets and / and to international investors, and / and to international trade , present in a clear and orderly manner - that is to say by a map - the risks they have identified in their present and future actions, must more concretely account for their structural organization. Public authorities will supervise the companies exposed to these risks. Certainly banks are legally accustomed to it, but banks are in a sector which is regulated and supervised. What is remarkable is that the Compliance Law applies via the risk mapping requirement the legal technique of supervision to companies which operate in sectors which are not supervised, which are sometimes not even regulated. Thus, they become structurally transparent. The liberal principle according to which a company only reports on its behavior and not on its internal organization is undermined. Thus, by the only technique imposed by law, the transparency method, specific to supervised companies becomes general, as soon as a risk exists. This is a radical innovation, since the risk in question is not a sector risk and a general crisis is no longer to be feared. The rupture is thus effected with the Law of supervision which until now was unbreakable from the Law of Regulation, the obligation of risk mapping applying to any "crucial operator" exposed to the risk of corruption, in that this must be fought in a global manner.
Therefore, risk mapping is a tool which, beyond the simple description, takes its definition in a teleological way. Its aim is to prevent risks which compromise ambitions which are not always of an economic nature but which are of a political nature (III). The fight against corruption is only one example, the so-called "vigilance" law also requiring a "risk mapping" in the area of human rights, while this technique is taken up by more or less binding texts in environmental matter. Certainly companies in a position to carry such political ambitions, by force - because of their position - or willingly - by their reason for being or by their policy of social responsibility - must support it, transforming them into major political actors . They cannot, however, take the place of the Public Authorities, which on the one hand fix the "monumental goals" which it is a question of achieving on the one hand and which on the other hand supervise in Ex Ante and in Ex Post the implementation and operation of these tools within crucial companies.
See for instance the supports dedicated to Compliance Officers in their training day organized by AMF, 2015.
OCDE, Bueb, J.-P., Risk mapping methodology. Developping practical tools for procurement, 2008, : "OBJECTIVES OF RISKS MAPPING • Put in place efficient means to reduce risks of frauds and corruption; • Have more efficient investigations by concentrating the efforts on “sensitive” processes, methods or persons. "
Financial Markets Authority, Risk Mapping, 2017
Dyens, S., La nécessité de dresser une cartographie des risques juridiques, 2012. In this article which presents the Law as a risk for the action of the State and the good end of public policies, it is a question of organizing well in Ex Ante the administrations.
V. for ex. Dyens, S., La nécessité de dreser une cartographie des risques juridiques, 2012 ; Elaborer une cartographie des risques juridiques, 2017.
Oct. 1, 2019
Teachings : Compliance Law
Résumé de la leçon.
Le Droit de la Compliance semble être synonyme d"extraterritorialité, en ce qu'il se fit connaître d'une façon spectaculaire en 2014 par la décision américaine sanctionnant la banque française BNPP. L'on a dès lors souvent assimilé "Compliance" et extraterritorialité du Droit américain, englobant les deux dans la même opprobre.Celle-ci est par exemple d'une grande violence dans le rapport dit "Gauvain" de 2019. Mais sauf à croire que le Droit n'est que l'instrument pur du Politique, en raison des "buts monumentaux" poursuivis par le Droit de la Compliance, celui-ci ne peut avoir en tant qu'instrument qu'une portée extraterritoriale, sauf à être utilisé par une Autorité locale pour ne servir qu'un but local. Dans cette hypothèse, précise et restreinte, l'extraterritorialité du Droit de la Compliance doit être combattue, ce qui est fait par la Cour de la Haye dans sa jurisprudence de 2018. Mais pour résoudre cette question particulière, l'on risque de détruire l'idée même de Droit de la Compliance, lequel suppose l'extraterritorialité. Et au moment même où le continent asiatique est en train d'utiliser le Droit de la Compliance dans une définition mécanique pour mieux s'isoler.
Si l'on prend les autres sujets sur lesquels porte le Droit de la Compliance, lequel excède la question des embargos, l'on peut même soutenir qu'il a été fait pour ne pas être brider par les territoires, lesquels sont à la fois l'ancrage des Etats et leur intrinsèque faiblesse. L'internalisation dans les entreprises permet cela. Elle le permet tout d'abord par le mécanisme de "l'autorégulation". En effet, si l'on fait un lien, voire une identification entre la Compliance, l'éthique et l'autorégulation, alors la question des frontières ne se pose plus. Ainsi, l'entreprise s'auto-instituant non seulement comme un "néo-constituant" mais comme un ordre juridique complet, y compris dans le règlement des différents et dans les voies d'exécution (enforcement par le bannissement). La question de l'efficacité est donc réglée mais ouvre alors celle de la légitimité. C'est pourquoi l'Europe a vocation à porter une conception extraterritoriale d'une définition pourtant européenne de ce qu'est le Droit de la Compliance. C'est ce à quoi les arrêts de la Cour de justice de l'Union européenne du 24 septembre 2019 viennent de mettre un coup d'arrêt.
Se reporter à la Présentation générale du Cours de Droit de la Compliance.
Consulter la bibliographie ci-dessous, spécifique à cette Leçon relative aux enjeux pratiques du Droit de la Compliance