Sapin II: New Compliance Regulations in France

About this Use case

This legal brief outlines all you need to know about Sapin II, the new French anti-corruption legislation. Get a snapshot of the law and what’s changing, as well as important dates for compliance.

1. For anyone responsible for:

   Regulatory compliance, EMEA

2. What you'll learn:

   • The fundamental features of Sapin II in France
   • Who these laws impact and why they’re important
   • What you need to do now to be compliant with the law

3. Page length:

   6 pages

Read the Use case

Sapin II Legal Brief: New Compliance Regulations in France

Nadège Dallais–Counsel, Baker & McKenzie Paris

This white paper outlines the central facets of the regulations and recommendations of Sapin II, who they impact, why they are important and practical recommendations for how companies can comply with these new legal requirements.

The long-awaited French anti-corruption and whistleblower-protection legislation, Sapin II, was issued on 9 December, 2016 and the more substantial new anti-corruption requirements came into force on 1 June, 2017 for companies/groups with at least 500 employees. A recent government decree of 19 April, 2017 has also set out legal requirements which will come into force on 1 January, 2018 for companies with at least 50 employees in France and a decision of the French Data Protection Authority (CNIL) dated June 22, 2017 has additionally widened companies’ whistleblowing reporting obligations.

Complying in a Globalised Economy

There is no doubt that global compliance standards are converging, and with the growing scrutiny that comes from the never-blinking eye of social media, ethics and compliance professionals often find themselves faced with a dual challenge: that of staying up to date and aligning with compliance regulations from multiple jurisdictions, whilst instilling a strong ethos that permeates through the business across all geographies.

Prudent ethics and compliance professionals would therefore be wise to pay attention to new laws and updates to existing regulations in any country in which they do business. This can seem a daunting task; however, there are a number of steps that can ease this process whilst advancing the firm’s ethics and compliance culture in a global context. Before we look at those, we present an overview of the new compliance laws in France.

What You Need to Know – a Snapshot of the Law

Below we have provided a broad summary of the fundamental features of Sapin II. However, we recommend that companies affected by this legislation obtain professional legal advice if they are in any doubt as to its implications for their business.

Further details of Sapin II can be found at:

• https://www.assemblee-nationale.fr/14/dossiers/transparence_lutte_corruption_economie.asp
• https://defenseurdesdroits.fr/sites/default/files/atoms/files/guide-lanceuralerte-num-v3.pdf

### Purpose of the law
To prevent corruption, establish increased transparency, reinforce companies’ internal monitoring and risk management obligations and enhance protection for whistleblowers, aiming to bring France into compliance with international standards in transparency and the fight against corruption.
### When does it come into effect?
For companies in France with at least 500 employees (or companies belonging to a group of companies whose parent company is headquartered in France and whose workforce includes at least 500 employees) and with consolidated revenues in excess of EUR 100 million:
For companies with at least 50 employees in France:
### What has changed / is changing?
For all companies:
For companies in France with at least 500 employees (or companies belonging to a group of companies whose parent company is headquartered in France and whose workforce includes at least 500 employees) and with consolidated revenues in excess of EUR 100 million:
For companies with at least 50 employees in France:
### Why is this important?
For all Companies:
For companies in France with at least 500 employees (or companies belonging to a group of companies whose parent company is headquartered in France and whose workforce includes at least 500 employees) and with consolidated revenues in excess of EUR 100 million:
For companies with at least 50 employees in France:

What Should I Do Now?

Companies should follow the new legal requirements which, in light of their headcount and revenue, apply to them, to ensure that they comply with French law. Companies belonging to an international group may already have similar compliance schemes in place and they should verify whether they comply with the new rules in France and adjust their existing schemes if need be.

1. Supercharge Your Ethics & Compliance Programme Effectiveness

Compliance professionals need to commit to core programme elements that improve their organisational culture. This can be done by clearly defining programme effectiveness and committing to using industry-leading best practices to improve organisational culture. To do so, ethics and compliance professionals must know:

• How to leverage the effectiveness of an E&C programme through its entire lifecycle
• Best practice approaches for implementing, maintaining and improving core E&C programme elements
• Specific ways organisational culture can make or break a programme and keys to supporting a healthy culture

2. Inspire Ethical Behaviour with a Fresh, Innovative Approach to Your Code of Conduct

A code of ethics is the foundational document of every company’s ethics and compliance programme—and one of the first pieces of information an employee reads. Because the code is a vital policy, true leaders make a commitment to regularly use fresh, innovative approaches to inspire employees to meet its standards. Getting the most out of your code requires:

• Learning the key steps to assess and build (or re-build) a code to ensure it is working hard for your organisation
• Understanding how to ensure that your code is fully enforceable under local laws (in particular by complying with the French specific implementation process) • Reviewing examples of cutting-edge codes and incorporating best practice elements
• Understanding the opportunities presented by interactive digital codes and how they can connect with and support other elements of your E&C programme

3. Engage Your Board with a Compelling Board Reporting Strategy

A well-executed board reporting strategy helps ethics and compliance programmes gain credibility and visibility while increasing board support and engagement. As part of your engagement strategy, make sure to use:

• Criteria to benchmark your current board reporting protocol against best practices
• Memorable and effective board reports
• Sample content and metrics from leading reports

4. Build a Strong, Defensible Third Party Risk Management Programme

As regulatory scrutiny and high-profile cases increase, compliance professionals need to be asking more questions than ever about effective management of third party risks. In order for you to stay ahead of these trends, you need to understand:

• The difference between a third party risk management approach that withstands regulatory scrutiny and one that does not
• Best-practice guidelines for auditing third parties
• Industry-leading frameworks to use to assess your third-party corruption risk

5. Stay Ahead of Emerging Workplace Behaviour Risks with Training and a Strong Whistleblowing Programme

Cultural and socioeconomic trends impact workplace behaviour—and behavioural risk. Skyrocketing social media use, changing recreational drug laws, use of personal mobile devices and a multitude of other security and privacy threats are forcing organisations to stay on top of their evolving risk profile. To stay ahead of the curve, and your employees, make sure you know:

• How to write and manage policies that mitigate organisational risk within a rapidly changing legal landscape
• How to successfully navigate differences in national and international regulations
• Fresh approaches for training employees on appropriate workplace behaviour, and strengthening a culture of compliance, both through physical awareness building (such as posters and banners) and also through your company’s intranet
• The role language plays in changing internal culture. For example, move away from negative expressions such as ‘whistleblowing hotline’, and instead use terms such as ‘Ethics Hotline’ or ‘Speak-Up Hotline’

6. Know how to Navigate the EU Regulatory and Cultural Landscape

As the new French law and Italian proposals show, ethics and compliance professionals across the EU, and globally, are faced with the challenges of navigating the complex maze of different laws and regulations, as well as the vast and inherent cultural differences across countries. To ensure your E&C programmes flourish in EU countries, you need to be aware of how to:

• Maintain programme momentum
• Deepen and mature your programme
• Ensure your programme stays ahead of the curve (steps 1 to 5)

Best Practices to Comply

The new French Sapin II legislation demonstrates the importance of paying attention to global compliance standards. In today’s globalised economy, operational boundaries can become quickly blurred, and companies must be wise to legislation that affects them in any country in which they do business.

Whilst meeting international compliance requirements is essential for any company, prioritising an organisational culture – from the top down – which promotes integrity, ethics and respect, and supports employees in good decision-making, brings benefits far beyond basic compliance.

Foreign groups should be careful to tailor their whistleblowing mechanisms in order to take into account local requirements. In particular, in France, although Sapin II has now created heightened compliance standards in relation to acts of corruption or influence peddling in particular, the scope of standard employee whistleblowing in France is currently limited by the French Data Protection Authority (CNIL) to certain limited compliance topics.

Clear compliance policies, thorough employee information and regular training is key to promote an effective compliance programme.

How NAVEX Can Help

NAVEX provides speak-up or ethics (‘whistleblowing’) hotline services to thousands of companies around the world, helping employees, customers, suppliers and other stakeholders quickly and easily report potential ethics and compliance issues. Our hotline services also provide compliance professionals with the ethics & compliance data they need to inform their programme, making it easier to spot trends and take corrective action before minor issues become major.

For further information, visit our Whistleblower Hotline Intake page.

About NAVEX

NAVEX’s GRC software and compliance management solutions support the integrated risk, ESG and compliance management programs at more than 13,000 organizations worldwide.