Introduction

Scope of application

Compliance program

Protection of whistleblowers

Audit and sanctions

Rules arising from the Sapin II Law

EU law

French law

Rules derived from competition law

Sapin II Law/Competition

Scope ratione personae

Scope ratione materiae

Scope

Development of plan

Measures included in plan

Inclusion in management report

Vigilance plan

Injunctions

Civil liability

Sanctions

Duty of vigilance (devoir de vigilance)

CSR programs

Reporting

Communication

Reporting and communication

Judicial sanctions

Risk to reputation, strategy and stability

Corporate Social Responsability (CSR)

Middlenext Code

IFA Corpus

AFEP - MEDEF Code

Types

Principles of governance

Principles incorporating CSR values

Principles

Comply or explain

Binding force

Private codes of conduct

Compliance

Knowledge of the probity risks to which an entity is exposed, through risk mapping, is not only the second pillar of any compliance program, but also its cornerstone. Indeed, it is on the basis of risk mapping that the other prevention and detection measures included in the program are defined.
Under Article 17, II, 3° of the Sapin II Law  , the mapping of risks to integrity consists of regularly  …

Concept

Knowledge of the probity risks to which an entity is exposed, through risk mapping, is not only the second pillar of any compliance program, but also its cornerstone. Indeed, it is on the basis of risk mapping that the other prevention and detection measures included in the program are defined.

Under Article 17, II, 3° of the Sapin II Law  , the mapping of risks to integrity consists of regularly updated documentation designed to identify, analyze and prioritize the risks of the company's exposure to external corruption-related solicitations. Because it is the result of an objective, structured and documented analysis of all the undertaking's processes that lead it to interact with third parties, this exercise enables the governing body to identify the risks to which its organization is exposed, and gives it the visibility it needs to implement effective prevention and detection measures that are proportionate to the issues it has identified and adapted to its activities, in order to protect itself against the reputational, legal, human, economic and financial consequences that their occurrence could generate . Each undertaking concerned must draw up its own risk map, which is specific to it, and cannot therefore be applied as it stands to any other undertaking .

According to the French Anti-corruption Agency (Agence française anticorruption - AFA), all effective risk mapping should have three characteristics. Firstly, it must be comprehensive, covering all managerial, operational and support processes used by undertakings in their dealings with third parties , and encompassing the entire scope of the undertaking's operations . Secondly, it must be formalized, i.e. it must take the form of written, structured documentation, describing in detail the methods used to draw it up, the measures taken to control risks, and the roles and responsibilities of the various stakeholders. Depending on the undertaking's activities and organization, risk mapping can be organized by business line, process, entity or geographical area. Last but not least, risk mapping must be open-ended, given the need to reassess risks periodically, and in particular whenever a significant change occurs within the undertaking. As it is updated, risk mapping is part of a continuous improvement process that enables undertakings to reinforce their risk control.

Law No 2016-1691 of 9 December 2016 relating to transparency, the fight against corruption and the modernization of economic life, known as Sapin II, JORF of 10 December 2016.

AFA recommendations designed to help public and private legal entities prevent and detect corruption, influence peddling, misappropriation of public funds and favoritism of 4 December 2020, JORF of 12 January 2021, pt 118.

See AFA, 4 July 2019, LawLex202200001320JBJ, , dismissing the initial criticism that the mapping examined was too generic,

It must therefore take into account the specific characteristics of each undertaking, such as its business sectors, geographical areas, competitive and regulatory environment, types of third parties, revenue model, value chain, professions and processes, internal organization and decision-making circuits.

When an undertaking exercises de jure or de facto control over other entities, it must draw up its risk map taking into account the risks inherent in the activities of the controlled undertakings. To this end, the controlled undertakings communicate their corruption risk maps and associated action plans to the parent company, which periodically monitors their implementation. These risk maps can then be aggregated within the parent company, giving it an overall view of the risks incurred by its various entities, and the associated action plans.

Compliance

30. Concept

Demandez un accès gratuit
au contenu exclusif Livv – juristes d’entreprise

Les décisions de justice citées dans ce paragraphe :

Sous parties

Les notions juridiques connexes

30. Concept

Demandez un accès gratuit au contenu exclusif Livv – juristes d’entreprise

Les décisions de justice citées dans ce paragraphe :

Sous parties

Les notions juridiques connexes

Demandez un accès gratuit
au contenu exclusif Livv – juristes d’entreprise