Food for thoughts

Full reference: Frison-Roche, M.-A., Conflict of interests & "revolving doors"​: what the European Ombudsman said in May 2020, the European Banking Authority agreed in August.Three lessons, Newsletter MAFR - Law, Compliance, Regulation, 7th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news: 

Supervision and regulation authorities' impartiality and independence are conditioned to the fact that their members do not have any conflict of interest with the sector that they supervise or regulate. Such an absence of conflict of interest is necessary to guarantee a climate of trust between the authority and operators. This supposes that regulation and supervision authority members do not cumulate functions of operator and of regulator/supervision during but also after their mandate in the regulation/supervision authority because the anticipation of a future hiring can influence present decisions. 

On 2nd of August 2019, the executive director of the European Banking Authority (EBA) informed the authority of its willingness to become PDG of the Association des marchés financiers en Europe, lobby of the financial sector. EBA approved this perspective. However, "Change Finance", a civil coalition, sized the European Mediator explaining that such a professional reorientation created an inevitable conflict of interest. The European Mediator reacted on 7th of May 2020 through a recommendation saying that although EBA took preventive measures, theses measures are not sufficient with regard to the risks. In this recommendation, the European Mediator also made some general propositions to manage future conflicts of interest:

• The interdiction for senior managers to have positions able to create a conflict of interest for two years.
• The information of senior managers and candidates to senior managers positions of the actual rules.
• The implementation of internal procedures blocking access to confidential information to the member who notified its willingness to occupy later a position able to constitute a conflict of interest with its current position. 

In a letter of 28th of August 2020, the president of EBA told to the European Mediator that he accepts these remarks and propositions. 

In this particular case, we can draw three lessons:

1. The difficult articulation between independence/impartiality (necessary for trust) and regulator/supervisor expertise. The European Mediator and the ABE are agree that the interdiction to get some positions must be limited in time.
2. The necessity that everyone can anticipate rules correctly.
3. The necessity to preserve legal security. 

► Référence complète : N. Ida, "La charge de la preuve en matière de compliance : réflexion à partir de la décision Imerys", Rev. sociétés, 2020, pp. 464-470

____

► Résumé de l'article (fait par l'auteur) : "La commission des sanctions de l'Agence française anticorruption a rendu sa deuxième décision de sanction le 7 février 2020 dans l'affaire Imerys. À cette occasion, elle a rappelé que la vraisemblance du manquement reproché à la société mise en cause suffit à renverser la charge de la preuve sur cette dernière, qui est alors tenue de démontrer qu'elle a respecté ses obligations. Cette solution est originale en ce qu'elle déroge au principe d'attribution de la charge de la preuve à l'accusation. Elle se justifie néanmoins dans le contexte particulier du droit de la compliance, en raison de la plus grande aptitude probatoire des entreprises assujetties aux obligations de prévention de la corruption, qui sont légalement tenues de se préconstituer des preuves par le biais de documents imposés.".

____

🦉Cet article est accessible en texte intégral pour les personnes inscrites aux enseignements de la Professeure Marie-Anne Frison-Roche

________

Full reference: Frison-Roche, M.-A., Compliance & Regulatory Soft Law, legal Certainty and Cooperation: example of the U.S. Financial Crimes Enforcement Network new Guidelines on AML/FT, Newsletter MAFR - Law, Compliance, Regulation, 2nd of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The Financial Crimes Enforcement Network (FinCEN) is an organ, depending on the American Treasury, in charge of fighting against financial criminality and especially against money laundering and terrorism financing. For this, it has large control and sanction powers. 

In August 2020, the FinCEN published a document untitled "Statement on Enforcement" which aimed to explicit its control and sanction methods. It reveals what firms risk in case of offense (from the simple warning letter to criminal pursuits passing through financial fines) and the different criteria on which FinCEN is based to use one sanction rather than another. Among these criteria, we find for examples the nature and the seriousness of committed violations or the firm's history but also the implementation of compliance program or the quality and the spread of the cooperation with FinCEN durning the investigation. 

One of the objectives of the publication of such an information document is to obtain the cooperation of firms by creating a confidence relationship between the regulator and the regulated firm. However, it is very difficult to ask to the firms to cooperate and to furnish information if they can fear that this same information can be used later as proof against them by the FinCEN. 

Another objective is to reinforce legal security and transparency. However, the FinCEN's declaration does not seem to commit it, because it is not presented as a chart but as a simple declaration. Indeed, the list of the possible sanctions and the criteria used by the FinCEN are far from being exhaustive and can be completed in concreto by the FinCEN without any justification.

Full reference: Frison-Roche, M.-A., For regulating or supervising, technical competence is required: example of the French creation of the "Pôle d'expertise de la régulation numérique"​, Newsletter MAFR - Law, Regulation, Compliance, 2nd of September 2020

Lire par abonnement gratuit d'autres news de la Newsletter MAFR - Law, Regulation, Compliance

Summary of the news

Through a decree of 31st of August 2020, the government created a national service, the "Pôle d'expertise de la régulation numérique" (digital regulation expertise pole). It has to furnish to State services a technical expertise in computer science, data science and algorithm processes in order to assist them in their role of control, investigation and study. The aim is to favor information sharing between researchers and State services in charge of regulating digital space. 

As its acronym indicates, this pole of expertise aims to represents constance in a changing world. Moreover, more than being a national service, this organism must adopt a transversal dimension, its creation decree being signed by the Prime Minister, Minister of Economy, Minister of Culture and Minister of Digital Transition. The creation of such a pole shows the awareness of the government of the importance of technical competency in the regulation of digital space and of the necessity to centralize these expertises in one organ. 

However, as the decree indicates, this pole of expertise could be consulted only by "State services", that excludes regulators which are independent from the State and which could put the pole in conflict of interest, and courts even if they are supposed to play a central role in the regulation of digital space and even if they are allowed to ask the advice of the regulator about some cases. But if regulators cannot size the pole, to whom does it benefit except the legislator and a few officials? 

It would therefore have been better for this pole of expertise to be placed under the direction of regulatory and supervisory bodies, which would have enabled it to be able to be consulted both by regulators and by judges, both of whom are key players in digital regulation.

Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protection, Newsletter MAFR - Law, Compliance, Regulation, 31st of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law. 

In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.

Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests. 

We can sleep and already make some remarks:

• GDPR imposing to companies that they guarantee a minimal level of protection for personal data does not apply in the United-States. It is then possible that Apple acted through Corporate Social Responsibility (CSR), more than through legal obligation. 
• The mode of regulation used here is the "conversational regulation" theorized by Julia Black. Indeed, regulators let the forces in presence discuss. 
• This "conversational regulation" does not seem to be very efficient in this case and an intervention of administrative authorities or of judges could be justified via Competition Law, Regulation Law or Compliance Law, knowing that Competition Law will favor access right to information and Regulation or Compliance Law private life right. 

The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret. 

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?, Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Full reference: Frison-Roche, M.-A., Difficulty of Compliance in Self-Regulation system: example of the Summer 2020 meetings of OPEC about the "conformity"​ for Oil Market Stability​, Newsletter MAFR - Law, Compliance, Regulation, 26th of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The world production of oil is largely coordinated by the Organization of the Petroleum Exporting Countries (OPEC) and especially by its Joint Ministerial Monitoring Committee (JMMC). On 15th of July 2020, this Committee decides to reduce the world production of oil in order to maintain a certain price stability in a context of restricted demand because of the COVID-19 pandemic. 

However, such a stability can be maintained only if each member respects this decision and effectively reduce its production level. This meeting of 15th of July also aimed to get member's conformity. In order to get this conformity, the JMMC declared that it will use "name and shame", shaming countries which do not respect the Committee's declaration and naming those which respect it. A second meeting, on 19th of August 2020, reminded to non-compliant countries their obligation and urged them to comply before the 28th of August. 

We can observe two things: 

• The term used by the Committee is "conformity" and not "compliance", which implies less adherence to "monumental goals than the mechanical respect of formal rules.
• In an self-regulation system where there is not supposed to be a need for "conformity", the need for it is a clue that this self-regulation is malfunctioning.

Full reference: Frison-Roche, M.-A., The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection, Newsletter MAFR - Law, Compliance, Regulation, 25th of August 2020 

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The "right to be forgotten" is an invention of the Court of Justice of the European Union during the case Google Spain in 2014. It implies that digital firms block the access to personal data of someone who asks it. This "right to be forgotten", which permits to impose secret to third parties has largely been generalized by GDPR in 2016. This new fundamental subjective right is a very political and European right. United-States which, on the contrary of Europe, did not experience nazism, links the "right to be forgotten" to the protection of consumer, conception which especially leads California Consumer Privacy Act adopted in 2018 to link this right to a situation of absence of necessity of this data for the firm which obtained it. 

In Europe, this willingness to protect directly the person increases the scope of such a subjective right. Thus, in France and in Luxembourg, since 2020, a cancer survivor can thus ask that such an information is not accessible among his or her health data, especially for insurance companies which use them in their risk calculus to set premium amount. Netherlands will do the same in 2021 to fight against discrimination between banks' and insurances' clients. 

The "monumental goal" is therefore not so much here the protection of individual freedoms as the protection of the vulnerable person, which is bye the way the keystone of a Compliance Law, concealing sometimes prohibition to circulate information (as here) and sometimes obligation to circulate information (in other cases, where the alert must be given) depending on whether vulnerable people are protected either by one or by the other.

Full reference: Frison-Roche, M.-A., The control by regulator of the essential infrastructure manager's investment plan: example of electric network and the notion of "doctrine", Newsletter MAFR - Law, Compliance, Regulation, 24th of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

On 31st of July 2020, the Commission de Régulation de l'Energie (CRE and French energy regulator) has examined the investment plan of the French electric network manager (RTE) as it does every year. This investment plan is an economic document but it also contains societal purposes, especially the adaptation of the electric network in order to integrate renewable energies. 

The control by the CRE is not a financial control. The crucial operator (RTE) is free to decide the way it wants to manage its budget. The CRE just advices on the financial side by recommending for exemple to be more flexible in its financial strategies. The true CRE's control is about the investment plan's general orientations, the methodology of needs analysis and crucial operator's investment choices which must be aligned with those of the regulator.

Such a control leads to the emergence of an "investment doctrine" from the side of the crucial operator, mixing its own choices and the regulator's guidelines. Beyond this, the elaboration of the investment plan is the result of a true co-writing between the regulator and the firm which discuss together, exchanges points of view and methods. Such a method, expressing a kind of coregulation, could be used in other sectors. 

Full reference: Frison-Roche, M.-A., Being obliged by Law to unlock telephone is not equivalent to self-incrimination: Cour de cassation, Criminal Chamber, Dec. 19, 2019, Newsletter MAFR - Law, Compliance, Regulation, 21st of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The Cour de Cassation (French Supreme Judicial Court) made a decision on 19th of December 2019 about a case concerning a refusal to communicate his mobile phone's unlock code to the police while the police found him with a significant quantity of narcotic and a lot of cash and that there was a certain probability that this mobile phone get proofs of culpability of its owner. The individual was indicted not for narcotic trafficking but for not having communicate its unlock code which constitute an offense to article 434-15-2 of code pénal, from the loi du 3 juin 2018 renforçant la lutte contre la criminalité organisée, et le terrorisme et leur financement (law reinforcing organized crime, terrorisme and their financing).

The accused invokes before the court its right to not incriminate oneself. Indeed, the configuration face to policemen was such that if he refused to communicate its unlock code, he will be punished because of this obligation to communicate his code and that if he accepted, he will also be sanctioned because of the proofs contained into the mobile phone. Such a configuration therefore offered him no alternative to confessing, which is contrary to the European Convention on Human Rights and to European and national jurisprudence.

Face to such a case, the Cour de Cassation chose to segment the information and proposed the following solution: if the researched information cannot be obtained regardless of the suspect willingness, it is not possible to constraint this person to communicate this information without violating its procedural rights, but if the information can be obtained regardless of the suspect willingness then the individual is obliged to communicate his code. In the current case, as it was possible for policemen to obtain information contained in the phone by technical means, longer but existent, then the refuse of communication of the unlock code by the suspect constitute an obstruction that should be sanctioned. 

Such a decision is an exemple of the conciliation by the judge of two fundamental but contradictory "monumental goals" of Compliance Law: transparency of information towards public authorities and very sensible personal data protection. 

​To go further, read Marie-Anne Frison-Roche's working paper: Rethinking the world from the notion of data

Full reference: Frison-Roche, M.-A., When Compliance Law is violated, does the "right to be (re)compensated"​ exist, and must it be encouraged or not? - The Marriott case, Newsletter MAFR - Law, Compliance, Regulation, 20th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

In August 2020, Marriott International, online hotel room booking platform, has be sued before an English court by a consulting firm through a "class action" technic. The firm ask to Marriott International compensates the clients whose personal data jas been hacked while Marriott International which was in charge of this data, did not implement all it could to protect these data. According to the plaintiff firm, making the online platform responsible in Ex Ante of the clients' data security and constraint it to compensate injured clients in case of failure is a more important incentive for the firm to do its best to protect this data than a simple fine.    

Many similar actions are ongoing, especially during English Courts where the practice of "class action" is more developed. The question is therefore to know whether it is interesting to encourage the development of this kind of process in France. Concretly, a substantial subjective right (here the right to have its data protected) exists only if it is accompanied by a procedural right to size the judge in order to he or she activates it. The right to ask for a compensation in case of violation of these Compliance obligations but also is therefore not only a strong incentive for firms but also a condition of effectivity of these same obligations, knowing that the effectivity is the major care of Compliance Law.  

► Référence complète : Dreyfuss, S., Remplacer la culture de la corruption par une culture de la compliance : l’Europe prend ses responsabilités pour son propre avenir, Le Grand Continent, août 2020. 

____

📝 Lire l'article. 

Full reference: Frison-Roche, M.-A., Regulators'​ Impartiality and contents control: "Les infidèles"​ case, Newsletter MAFR - Law, Compliance, Regulation, 19th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

To go further, read the chapter of the book Compliance Tools: "The geographical pregnancy ​of Compliance tools" opened by an introductive chapter written by Jean-Baptiste Racine

Summary of the news

Impartiality of the regulator is one of the most important principles of Regulation and Compliance Law. However, this impartiality can be difficult to implement when the regulation object has a strong moral dimension. 

In August 2020, various religious associations sized the Conseil National de Régulation de l'Audiovisuel sénégalais (Senegalese audiovisual regulatory authority) to ask the interdiction of broadcasting on television of the film "Les infidèles" telling the story of a married woman with multiple lovers. 

First, the regulator distinguishes the sequences likely to be detrimental to cultural and religious identities and shocking sequences or likely to attack the dignity of the person. Then, it asks the deletion of indecent and obscene scenes and of scenes likely to be detrimental to cultural and religious identities, bans the broadcasting of the film in the television before 10.30 pm, asks an update of the trailer and requires the introduction of a pictogram "forbidden to children under 16" during the broadcasting. The CNRA judges itself able to regulate the content of telefilms in order to protect cultural identities with regards to the law of 4th of January setting its mission. 

In 2012, a similar controversy surrounded, in France, the broadcasting of a different film with the same name. However, the purpose and the context were very different because the film was broadcasted at cinema, because it presented adultery men, because it was comic, because the competent regulator was not an administrative body but a professional body and because the broadcasting country was not the same. Here, only the poster was modified. 

Thus, an impartial regulation must however taking into consideration "local cultural identities".  

Full reference: Frison-Roche, M.-A., Can Coordination between local Regulators replace a unique centralized Regulator? Example of the European organisation of the Open Internet Principle, Newsletter MAFR - Law, Compliance, Regulation, 18th of August 2020

Read, by freely subscribing, the other news of the Newsletter MAFR - Law, Compliance, Regulation

To go further, read Marie-Anne Frison-Roche's article: The hypothesis of interregulation 

Summary of the news

The principle of "open internet" enshrined in the European regulation of 30th of April 2016 guaranteeing a non discriminatory access to Internet contents and services. However, there is no European regulator to implement such a principle. Is it possible to guarantee the effectivity of this principle without a central regulator in charge of this principle? 

On 11st of June 2020, the BEREC (Body of European Regulators for Electronic Communications) adopted guidelines concerning the application of the open internet principle. The BEREC is not a European regulator but a network of national regulators aiming to coordinate their actions. This body is only a consultative body but its recommendations are taken into account by national authorities which have deep legal power, as Osborne-Clarke said about the technical implementation of the European principle of open internet at the national level.  

It is thus non necessary to have a central regulator to ensure the effectivity of a principle since the moment when there is a local regulators network able to coordinate their actions through soft law.   

Full reference: Frison-Roche, M.-A., Risk Mapping: is it legally different when it is made by Regulatory Bodies or by Regulated Enterprises?, in  Newsletter MAFR - Law, Compliance, Regulation, 17th of August 2020

Read, by freely subscribing, other news of the Newsletter, MAFR - Law, Compliance, Regulation

Summary of the news

Each year, the Autorité des marchés financiers (French financial markets regulator), the European Central Bank and the Agence française anti-corruption (French anti-corruption agency) publish risk maps. At first glance, risk maps established by the regulator aim to both help regulator and the regulated company to face risks by anticipating them. These documents would only be an assistance brought to firms in their Compliance mission and not an injunction from the regulator to take into account the risks that it emphasizes.  

However, Law forces firms to do their own risk maps under penalty of sanctions. Since the regulator has previously published its own risk map, can companies, obliged to write theirs, deviate from it? If the firm follows the map published by the regulator, can it protect itself against this if it is accused of not having fulfilled its compliance obligations? On the contrary, if the operator does not follow regulator's risk map, can this be blamed on it? Formally, regulator's risk maps do not come with an injunction to take it into account but, as everyone knows, any recommendation from a regulator or supervisor must be taken into account.

The legal solution could here be the implementation of a system of "comply or explain" which would mean that if the firm decides to no follow the risk map established by the regulator, it must be able to justify its choice. 

To go further, read:

• Frison-Roche, M.-A., Legal Theory of Risk Mapping, center of Compliance Law, working paper, 2020

Full reference: Frison-Roche, M.-A., Is Regulating Hate and Infox a legal obligation imposed to the Digital Enterprises or the expression of their free will to contribute to Democracy?, Newsletter MAFR - Law, Compliance, Regulation, 14th of August 2020

Read, by freely subscribing, other news in the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Internet permits to access to expanded knowledge but also make easier the broadcasting of fake news and hate speeches. Unfortunately, public powers cannot know who broadcast these fake news and hate speeches and are so not able to fight efficiently against this. A solution would be to expect from digital firms that they find a way to contain these fake news and hate speeches that they structurally contribute to diffuse. 

Digital firms already do that and especially Facebook which plans to sensibilize its American users to 2020 presidential elections. However, digital firms explain that if they fight against fake news and hate speeches, it is only because of its Corporate Social Responsibility (CSR). But, even if it is a calculus to get a better reputation and avoid boycott actions, this remains a willingness of the firm which is therefore neither forced to succeed, nor even to act. 

The solution proposed by Compliance Law is to make of this effort a legal obligation by internalizing in crucial operators (digital firms) the "monumental goal" to fight against fake news and hate speeches so that digital companies are required to act and that they are supervised by public authorities in this task. The forthcoming law about digital services will impose to digital firms Ex Ante obligations while the law of 22 of December 2018 related to the fight against information manipulation already forces platforms operators a legal obligation to "cooperate" in the fight against fake news. 

To go further, read : 

• Frison-Roche, M.-A., When Facebook "Invite" Each Internet User to Act Against COVID-19 by Redirecting Him or Her Towards Public Information Center, Is It by Legal Obligation (Compliance) or by Corporate Social Responsibility (CSR)? With Which Consequences?, working paper, 2020
• Frison-Roche, M.-A., Having a Good Behavior in the Digital Space, working paper, 2020

Full reference: Frison-Roche, M.-A., Against money laundering, what time matters? Does it work, between ExAnte and ExPost? (BIL case), Newsletter MAFR - Law, Compliance, Regulation, 11th of August 2020

Read, by freely subscribing, the other news in the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The activity of money laundering is detrimental not only in itself but also because it permits the development and the sustainability of other criminal activities such as drug trafficking, weapon trafficking or human beings selling. Fighting against money laundering could permit to indirectly fight against these underlying activities, by the way very difficult to fight. Thus, the fight against money laundering has become a "monumental goal", which justifies the adoption of tools sometimes much more powerful than those used by classical criminal Law. For the sake of efficiency, the legal obligation to prevent money laundering is given to every body able to do it, as banks, real estate agents or gaming society, under the penalty of sanction. 

On 10th of August 2020, the Luxembourgish financial market supervisor convicts the International Bank of Luxembourg to pay a fine of 4,5 millions of euros because of weaknesses detected in its process of fight against money laundering. However, when the sanction has been pronounced, the bank had already remedied the weaknesses identified. It is important to observe that what is important for Compliance Law, it is not that a non compliant behavior is punished but rather that the crucial firm modifies its behavior in order to being more efficient in the realization of the "monumental goal", only concern of the public authority. Thus, an Ex Post sanction against the crucial operator is not an end in itself and can be justified only if it permits to incite the crucial operator to act or rather to desincite to do anything. Compliance Law is an Ex Ante legal system. 

To go further, read: 

• Frison-Roche, M.-A., Le couple Ex Ante - Ex Post, justificatif d'un droit spécifique et propre de la Régulation, 2006 (in French)

Full Reference: Commission de Surveillance du Secteur Financier (CSSF) , Administrative Decision of 16 March 2020, Banque Internationale du Luxembourg (BIL). 

Read the Decision presentation (in French and in English)

Full reference : Frison-Roche, M.-A., The practical utility to have a firm definition of "Compliance", Newsletter MAFR - Law, Compliance, Regulation, 10th of August 2020.

Read by subscribing the other news in the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Some says that defining Compliance is a theoretical and non useful exercice that should be left aside to tackle the study of concrete technical cases. However, to be able to use Compliance tools, it is first necessary to have a clear, firm and simple idea of what is Compliance. Moreover, the future of this new branch of law intensely depends on the definition we choose to use. 

Compliance Law gives to some crucial private firms new responsibilities such as the one to fight against global dangers or the one of saving the planet. In this, Compliance Law can be perceived as a kind of new deal between the private sector and public authorities, with the only difference that this time the consent of the private sector is not required.

Some would say that the concretization of such projects is the duty of the State and that private firms, if they must respect the rules, do not have to find a way to concretize a "monumental goal". However, the world face new and systemic dangers in the face of which the State alone is powerless, technically or geographically, and against which crucial companies can act.

It is not about, as some advocate to put human being aside of Compliance Law by letting machines decide. It is about placing the human being and its protection at the heart of Compliance Law. In this, Compliance Law can become a new humanism. 

To go further, read Marie-Anne Frison-Roche's working paper, The Dreamed Compliance Law 

This working document served as the basis for an article, contribution in the collective book Compliance Tools, 2020

___

Summary of this working paper:

Training is a specific Compliance tool and a dimension that each Compliance tool expresses. 

Firstly, as a training it is a specific Compliance Tool, it is supervised by Regulators. It even becomes compulsory when it is contained in Compliance programs. Since the effectivity and the efficiency are legal requirements, what is therefore the margin of companies to design it and how can we measure its result?

Secondly, as each Compliance Tool contains, more and more, an educational dimension, we can take back each of them to detect this perspective. Thus, even sanctions and prescriptions, are lessons: lessons given, lessons to follow. The question is then to know who, in this so pedagogic Compliance Law, are the "instructors"?

___________________________________________________________________ 

Introduction:

Training is akin to these things - and very precious - that we do, or even dream of doing, but so poorly expressed from the moment we take them as an object of technical writing. Just do it.

It would be however unfortunate to publish a book on Compliance Tools without giving a particular place to training, the piece would miss in the puzzle.

So much money spent by companies, by fair or foul means, especially when Compliance programs imposed as sanctions contain heavy training obligations leading people to retain word for word everything that is forbidden to them, in order to always abstain from now on. Training is thus the sharp point of such Hard Law appearing under the steel of Criminal Law's sword in amphitheaters and e-learnings. 

But also so much speeches about the necessity of a "Compliance culture" which should be instilled to firms, Compliance spousing with joy in an harmony with their "raison d'être" and the historical identity of this group of people which is the company itself through trainings which tell Compliance as a link, an outstretched hand toward those with whom managers want to renew a moral contract in an ethic for which they give the good example. It is not Prohibition anymore but Communication and Community that set the tone of a human dialogue with employees, stakeholders, administration and judges. 

It is possible to assume that the former does not exclude the latter, that Training should target all of this, the learning of mandatory prescriptions to follow without discussion but also the adhesion to guidelines, and this because everyone has understood that they are funded.

Everything and its contrary, then. "Learning by heart" takes here its full sense: get everyone to remember mechanically in order for no one to misstep (with always more machines which massively teach us the regulatory corpus on our mobile screens) but also succeed in bringing our "heart" in Compliance, thanks to specific training methods (with always smaller groups, with always less public discussions in pleasant places). Everything and its contrary, then.

It would be imperative but also sufficient to cumulate. Doing everything. Those who propose training softwares as those who organize conferences, meetings and travels and are favorable to this addition of face-to-face and distancing methods, of mechanic and of human relations. Concretely, at the end companies observe that since the first does not replace the second, costs add up. But, in Compliance, costs constitute a grave default of it, training taking a large part of this default. Managers end up finding the addition too heavy, especially if they thought that training of people is one of the public school's mission and not one of private companies' purpose!footnote-1837.

Moreover, training to Compliance is not outside Compliance Law, which makes it specific!footnote-1838. Indeed, Compliance Law, corpus of Ex Ante mechanisms, targets to concretize "monumental goals"!footnote-1836. Set by public authorities, these monumental goals are internalized in companies in order for them to implement expected means in order for them to be reached in the future. These monumental goals can be negative (that corruption, money laundering, human rights violations, financial system crisis, etc. shall not occur), or positive (that ecological equilibrium shall be restored, that education shall be supplied, that healthcare shall be provided, etc.).

Compliance Law takes as criteria of effectivity for implemented mechanisms, their reality, but also their efficiency, that is their ability to make sure their goal is achieved.Training must achieve its goal. Thus, in Compliance, the purpose is not only the one of every training, that is transmitting a knowledge in order to making the student more learned!footnote-1839, but it is to contribute to the "monumental goal" of Compliance Law itself, which is a practical goal and not a scholar goal. For example, training about the applicable rules concerning corruption should have an effect to reduce corruption. And because corruption is itself a part of Compliance Law, in the same way the Regulation Authority can force to educate oneself or train others, the Supervision Authority should control not only the reality but also the effectivity and the efficiency of trainings. 

However, the effectivity and the efficiency of Compliance training, because they are full part of Compliance Law, should be controlled by the Authority not only in their reality but also in their concrete ability to participate in the pursued goal. Thus, to keep the example of fight against corruption, training plays in it an essential role because the firm faces an alternative: either a mechanic solution consisting in setting literal interdictions, for example the interdiction to give up a value greater than a certain amount (according to the "anti-gift" rule) with the risk of getting around that every literal prescription offers, or a a solution by training consisting in explaining to everybody that it is wrong to corrupt but that it is acceptable to give samples. Training rather bets on spirit while the machine integrates the letter. 

But this refers to the Regulation and Supervision Authority which will appreciate the company due diligences to reach the goals. One observes that, more and more, Authorities economize one step: rather than explain to the companies how educate people that work for them or with them, regulators educate directly.  Is on this point remarkable the "guide" published in 2012, whose second edition of 2019 has been updated in 2020, jointly by the Department of Justice (DoJ) and the financial regulator (Securities &Exchanges Commission - SEC) to know everything about the Foreign Corruption Practices Act (FCPA). Through the explanations offered to everyone!footnote-1840 of the principles, the reminded definitions, the told cases, they are behaviors prescriptions which are formulated especially for foreign companies by the prosecutor authority and the American sanction authority, allied in this handbook which has such weight that we can consider that it is as valuable as a guideline, soft law creator of Law and rights. 

In the concentration of all powers which is often reproached to the Regulator, there is also the magisterium of the teacher, the one who educates stakeholders. After having assumed, on the American model, that the regulator should be the "advocate" of the rules for companies, proving to them the interest  that they have to respect them, it is logical that, in what some have called "Regulation, Act 2" this Regulator's pleading about the good news of Regulation for the firm justifying thus that this one integrates it in Ex Ante was prolonged in magistral lesson: the "regulator-institutor" explains to everybody how using rules for an always still in progress Law ("Better Regulation"). 

While training was before only peripheral, it is now at the heart. If it is so important, as every other "Compliance tool", it should take what we expect from it. The publications about training most often exhibit what it should be and a sorrowful spirit measures what sometimes appears as a huge gap between descriptions and realities sometimes reported. 

Educating being without any doubt one of the most difficult actions, we should probably neither describe a paradise of maieutics nor write a hot paper against what already has  the merit to exist, but list what we can expect from Training mechanisms when they apply to Compliance, because here, rather more than for the other tools, it is a mean obligation. Which content should have a training ? (I). Because Compliance Law targets training as one of the mean to reach "monumental goals" which constitutes the substantial heart of this branch of Law, the training dimension is not limited to stamped training, finding back this pedagogical dimension in almost all the other tools (II). In that, Training appears as the alpha and the omega of Compliance.

Full reference: Thouret, T., Le pharmacien, un "opérateur crucial" pour prévenir une crise des opiacés en France, Actu-juridiques, Lextenso, 2020

Lire l'article (in French)

Référence complète : ARCEP, précisions sur les lgnes directrices révisées destinées à guider les régulateurs européens dans la mise en œuvre du règlement « internet ouvert » , Juillet 2020. 

Lire le document publié par l'ARCEP.

Ces "lignes directrices" ne sont elles-même qu'un document, sans doute de nature pédagogique et d' "aide", puisqu'il s'agit de "guider les régulateurs" européens dans la mise en oeuvre des textes dont la nature juridique ne fait pas de doute : les règlements européens de 2018 dits "Internet ouvert". 

Ces "lignes directrices" (catégorie qualifiée souvent de "droit souple") ont été adoptées par les Régulateurs eux-mêmes, réunies dans le BEREC, qui est l'organe informel qui réunit les Autorités nationales des Etats-membres en matière de télécommunication. 

Ce cours constitue la première partie d'un triptyque permettant de mieux comprendre les rapports que l'Etat entretient via le Droit avec les marchés.  

Ce cours pose donc les base d'un Droit commun de la Régulation, enseignement qui a vocation à être enrichi au semestre suivant par la perspective des Droits sectoriels de la Régulation, voire au semestre ultérieur par une approche du nouveau Droit de la Compliance. Ce dernier cours est commun avec l'Ecole du Management et de l'Innovation car la Régulation est alors internalisée dans les entreprises elles-mêmes. 

Le livret de cours du Droit commun de la Régulation  décrit le contenu et les objectifs du cours. Il détaille en outre la façon dont les étudiants, qui suivent cet enseignement situé dans l'École d'affaires publiques de Science po, sont évalués afin de valider cet enseignement. Il précise la charge du travail qui est demandé.

Comme ce sont des matières assez difficiles d'accès et nouvelles, l'enseignement à distance accroissant sans doute cette difficulté, deux instruments ont été construits :

• Dictionnaire bilingue du Droit de la Régulation et de la Compliance
• Newsletter MAFR - Law, Compliance, Regulation

La consultation de l'un et de l'autre facilite l'apprentissage. 

Les thèmes des leçons qui composent successivement le cours sont énumérés.

Les lectures conseillés sont précisées.

Les étudiants inscrits au Cours ont été connectés au dossier documentaire "MAFR - Régulation & Compliance", présent sur le drive de Science po, où sont disponibles documents cités dans le Cours. 

A partir de ce livret, chaque document support de chaque leçon est accessible.

Voir ci-dessous plus de détails sur chacun de ces points, ainsi que la liste des leçons.

Reference complète : Conseil Supérieur de l'Audiovisuel (CSA), Bilan Infox, 2019.

Lire le rapport. 

Ce rapport sera bientôt aussi disponible en anglais. 

Référence complète : Agence Française Anticorruption (AFA), Rapport Annuel 2020 pour 2019. 

Lire le rapport.