CORPORATE CRIME UPDATE

FRENCH ANTI-CORRUPTION DEVELOPMENTS: SAPIN II LAW

PROPOSES NEW ANTI-CORRUPTION RULES FOR BUSINESSES
France's finance minister Michel Sapin presented a
proposal for a new law on transparency, anti-corruption
measures and the modernisation of the economy to the
Council of Ministers on 30 March 2016.

14 APRIL 2016

The proposal includes innovations in various fields

(transparency of public decisions, effectiveness of
financial regulation, greater protection for consumers),
including new rules on corruption and ethics violations.

RELATED LINKS

London

> Herbert Smith Freehills

> FSR and Corporate Crime Notes blog
> Corporate fraud, investigations and
asset recovery insights

At the heart of these new anti-corruption rules lies an

> Herbert Smith Freehills insights
obligation for businesses of a certain size to be
proactive in terms of preventing corruption. Compliance
with this obligation would be monitored by a new
agency for the prevention and detection of corruption, the "Service Charg de la Prvention et
de l'Aide la Dtection de la Corruption" (SCPADC).
The SCPADC would report to the justice and budget ministers and would be responsible for issuing
recommendations to help businesses and government departments meet the new obligations, for monitoring
compliance and for imposing fines on both individuals and legal entities for any breaches of the compliance
procedures implemented. It would also take over the duties of the current agency, the Service Central de
Prvention de la Corruption, with more substantial resources at its disposal.
The other key points of the reform concern the enforcement component of the anti-corruption machine:

an additional penalty for non-compliance under the control of the SCPADC and the public prosecutor may
be imposed on businesses for corruption or influence peddling;

the conditions under which the French authorities can prosecute businesses for actions undertaken outside
France to corrupt foreign public officials would be relaxed;

a new offence of influence peddling with foreign public officials would be introduced.

In terms of whistleblowers, the new law would introduce special rules to protect individuals acting in good faith to
report breaches by finance sector businesses to the AMF, France's financial markets regulator (Autorit des
marchs financiers) or the ACPR, the banking and insurance regulator (Autorit de contrle prudentiel et de
rsolution). Nevertheless, contrary to the original programme for the law, there would be no general protected
status for whistleblowers from all sectors (public and private) and industries. According to the press pack released
by the French government, this status, derived from a definition of the term "whistleblower" and general principles
governing "ethical disclosures", is to be incorporated into the proposed law by amendment, based on a consultation
of the Conseil d'Etat, France's highest public law court.
Lastly, although the provisions on plea-bargaining for legal entities implicated in corruption offences were removed
from the final version of the law, they could yet be reinstated albeit with a narrower scope during the
forthcoming parliamentary debate.
At this juncture, businesses should primarily be concerned with the new obligation to prevent risks of corruption.
Under French law, there is currently no requirement for companies to implement specific anti-corruption measures.

CORPORATE CRIME UPDATE

HERBERTSMITHFREEHILLS

Although anti-bribery programmes have long been standard at bigger companies due to their international
obligations, their smaller counterparts, which are not as exposed to foreign laws, would need to make some
substantial changes.
The number of companies affected by the new French compliance rules is expected to be high, around 1,570
according to the press pack released by the finance ministry, with a combined total of 5.3 million employees in the
country.

What types of companies would be affected?

The reform would affect "companies with 500 employees or more or belonging to a group of companies with an
aggregate workforce of 500 employees or more and an individual or group turnover of 100 million".
The biggest French businesses therefore evidently fall into the net but medium-size companies are also concerned,
provided they meet the above criteria.
The two conditions are cumulative: a company with a turnover exceeding the threshold but with a workforce below
500 would avoid the new rules and vice versa, according to the current wording of the law.
Businesses that do not meet the two thresholds individually but that belong to a group of companies with more than
500 employees and a consolidated turnover of over 100 million would nevertheless be affected.
The obligations would concern the company itself and all subsidiaries and companies controlled by that company.
Compliance measures could be organised for the group as a whole by the parent company.
The new system raises certain important questions as to how the rules should be interpreted in terms of groups of
companies, especially international groups. For example:

when applying the thresholds to groups of companies, should all companies be taken into account, both in
France and abroad (or just companies incorporated in France)?

would the foreign parent company be affected if the group exceeds the thresholds but the French
subsidiary employs fewer than 500 people?

While we can attempt to extrapolate tentative answers to these questions from the law as it currently stands, the
final rules will evidently depend on the forthcoming changes and clarifications brought to the text.

What would be the new obligations?

For businesses, the new obligation to prevent corruption would entail implementing "measures to prevent and
detect instances of corruption or influence peddling in France or abroad". Companies would therefore need to
introduce anti-bribery measures for both their French and foreign operations.
More specifically, the new law would require them to:

adopt a code of conduct defining and providing examples of the types of actions that must be avoided
(many companies have already done this but their codes would nevertheless need to be reviewed);

introduce an internal whistleblowing procedure to allow employees to report breaches of the code of
conduct;

conduct a risk assessment to identify and classify risks of corruption depending on the business sectors
and geographical areas in which the company operates (here again, the recommended methodology for
this exercise, which is already performed by many companies, remains to be seen);

introduce due diligence procedures for clients/customers, direct suppliers and intermediaries (these
procedures would need to be on-going and not just applied once, on first contact with a new party);

implement accounting procedures to ensure that the company's registers and accounts have not been
manipulated to conceal instances of corruption;

establish an anti-corruption training programme for executive level employees and those at the highest
level of risk (here again, many companies already run this type of training programme; they would need to
ensure that the training is clear in terms of the specific risks the company is seeking to avoid rather than
adopting a "one size fits all" system of limited worth);

impose disciplinary measures, for breaches of the code of conduct.

CORPORATE CRIME UPDATE

HERBERTSMITHFREEHILLS

To help businesses create these tools which are broadly inspired by the compliance tools used for some time in
the US and the UK, for example the idea is for SCPADC to publish recommendations that will depend on the size
of the company in question and the types of risks identified.
For bigger companies, measures already in place would need to be adapted to meet the new requirements.
However, they would also need to deal with conflicts between the French compliance rules and those of other laws
or foreign authorities to which they are also subject.
Companies are liable to be audited and would therefore need to maintain the appropriate procedures at all times,
requiring them to re-direct resources to manage compliance.

What penalties are companies facing?

The SCPADC would be responsible for imposing penalties for violations of the new obligations.
As well as the company itself, the legal representatives (president and managing director [directeur gnral],
members of the management board [directoire] of a socit anonyme, general manager [grant], etc., depending
on the type of company) could also face liability in their personal capacity.
The new law makes no mention of delegations of authority being established for compliance purposes. By analogy
with past decisions concerning criminal liability, the manager would need to delegate his/her powers "to a person
with the necessary competence, authority and resources", thus transferring the liability for any future breaches.
Although legally possible, implementing this kind of transfer would evidently be a sensitive issue given the level of
responsibility involved, for compliance officers in particular.
The procedure provided by the proposed law is as follows: the SCPADC is to be empowered to carry out "on its
own initiative, or at the request of the justice or budget minister" an audit of the compliance of the procedures
established and subsequently, should it detect a breach, it would then have three years to issue a warning or refer
the matter to the Enforcement Committee [Commission des sanctions].
There would be various options available to the Enforcement Committee in terms of the penalties it can potentially
impose, namely:

ordering the company and its representatives to adapt their internal procedures to meet certain
recommendations within a period of time to be set by the Committee;

imposing a fine, of which the amount (i) must be commensurate with the seriousness of the breach or
breaches and the financial situation of the individual or legal entity in question and (ii) may not exceed
200,000 for individuals and 1 million for legal entities;

ordering the publication of its decision.

In addition:

the proceedings must be carried out in the presence of all parties: "no penalty or injunction may be ordered
without a hearing of the person concerned or a representative thereof or, failing this, the issue of a formal
invitation to that person to appear";

the Enforcement Committee must substantiate its decision;

the appeal that may be brought against the Enforcement Committee decision would be a full appeal (i.e.,
with the power to revise the decision and not just set it aside).

This heralds the creation of a new form of disputes procedure for anti-bribery matters.
The procedure described in the proposed law is broadly inspired from that applied before the AMF Enforcement
Committee.
Certain doubts remain however, especially at the procedural level (including the rights of the company being
audited, which must "refrain from obstructing [the SCPADC officers] in any way" or face a fine of 30,000).
There is also the question of the compatibility of the Sapin II measures with those that may need to be
implemented under the proposed law on the duty of vigilance of parent and subcontracting companies, which is
also designed to force France's large and multinational businesses to establish a "vigilance plan" for preventing
risks, including "instances of corruption", and incorporates substantial civil penalties for non-compliance (see Article
4 below for further detail).

CORPORATE CRIME UPDATE

HERBERTSMITHFREEHILLS

What is already clear is that companies will have a lot to learn from the French National Assembly debate on the
Sapin II law, scheduled to take place in the coming weeks.
New rules for the protection of whistleblowers
One of the most anticipated innovations of the proposed law was the creation of a protected status for
whistleblowers from all sectors (public and private) and industries. The implementation of this new status, to be
based on a definition of the term "whistleblower" and general principles governing "ethical disclosures", was
heralded as the conclusion of a legislative process that has gradually broadened the scope of the protective
measures in place for whistleblowers, which were first defined in a law adopted on 13 November 2007 on reporting
instances of corruption and have grown over time to include:

the reporting of "events relating to the safety for health" of medicines and health products (law of 29
December 2011);

the public disclosure of information of which the concealment could "cause a serious risk to public health or
the environment" (law of 16 April 2013);

the reporting of conflicts of interest concerning certain elected and public officials (law of 11 October 2013);

the reporting, by any employee, "of events constituting an mid-level or serious offence of which he or she
has become aware in the course of his or her duties" (law of 6 December 2013).

In the end, this protected status was not included in the proposal submitted to the Council of Ministers on 30 March
2016. At most, it provides for the agency responsible for the seizure and confiscation of assets in criminal matters,
the "Agence de gestion et de recouvrement des avoirs saisis et confisqus" (AGRASC), to finance the legal costs
of persons who have "reported or testified to events that could constitute offences of corruption, influence peddling,
extortion by a public official [concussion], conflict of interest on the part of a public official [prise illgale d'intrt],
misappropriation of public funds or preferential treatment".
However, the government's press pack does state that the general status of whistleblower is to be incorporated into
the law by amendment, based on a consultation of the Conseil d'tat. The legislative process for this should be
worth following.
Although no general rules are provided on whistleblowers, the proposed law would introduce new special rules
protecting individuals who act "in good faith" to report "potential breaches" of the obligations contained in certain
EU regulations on the financial sector to the AMF or ACPR. These regulations include the Market Abuse
Regulation of 16 April 2014, which effectively means that persons reporting insider dealing, disclosures of inside
information and manipulation would have protected status.
Unlike the system introduced under the law of 6 December 2013, the special rules defined in the proposed law
would not only apply to reports of "events constituting" an offence of which the whistleblower has "become aware in
the course of his or her duties". Instead, they cover any reporting of "potential" breaches and are not limited to
events discovered by the whistleblower in the course of his or her duties. This broader scope corresponds to the
requirements set by the EU lawmakers on corruption (especially in the Market Abuse Regulation).
In terms of the specific protections afforded, as was the case of the law of 6 December 2013, Sapin II provides that
(i) any "unfavourable steps" taken against a whistleblower for making a disclosure will automatically be void and
that (ii) the burden of proof will benefit the whistleblower should any action be taken against him or her with respect
to the disclosure made. Again, as in the law of 6 December 2013, there are no criminal penalties provided for
persons taking unfavourable steps against a whistleblower as "payback" for the disclosure. This issue received
fierce criticism from NGOs at the time of the 6 December 2013 law and could be amended during the upcoming
parliamentary debate.
As a safeguard against the risk of unfounded reports, the proposed new law also states that no unfavourable action
may be taken against individuals implicated in a disclosure "on the sole basis of that disclosure".
Lastly, again in a bid to meet EU financial regulation requirements, the new law would require certain financial
sector businesses (including investment service providers and financial investment consultants) to establish
internal processes to allow their employees to report breaches. The AMF and ACPR would also need to introduce
the corresponding procedures for receiving these reports, of which further details would be specified in the AMF
General Regulations and by order of the finance minister for the ACPR. These procedures would need to
incorporate the measures imposed by the EU Directive of 17 December 2015 as regards reporting infringements of
the Market Abuse Regulation.

CORPORATE CRIME UPDATE

HERBERTSMITHFREEHILLS

If you would like to receive more copies of this briefing, or would like to receive Herbert Smith Freehills briefings from other
practice areas, or would like to be taken off the distribution lists for such briefings, please email subscribe@hsf.com.
Herbert Smith Freehills LLP 2015
The contents of this publication, current at the date of publication set out above, are for reference purposes only. They do not
constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should
always be sought separately before taking any action based on the information provided herein.