An unfair constraint on French companies or a shield to protect against the risks of operating in a global economy?
Caroline Fagard, Director at Forensic Risk Alliance
Jesica Lindgren, General Counsel at Blue Star Strategies, LLC
On 24 April 2013, the Rana Plaza factory building in Dhaka (Bangladesh) collapsed, killing more than 1,000 workers and wounding more than 1,500. Thirty-two U.S., Canadian and European labels and retailers were outsourcing garments to Rana Plaza factories, including a number of French ones. Following the tragedy, French members of parliament are proposing to implement a “Duty of Vigilance” or “Duty of Care” on large French companies operating abroad.
In early 2015, the law was adopted by the French Parliament and is currently being reviewed by the Senate. If approved, it would be the first French law to impose an Anti-Bribery and Corruption (ABC) program on French companies. This would be a major change as US authorities have heavily (and repeatedly) fined French companies during the five last years, both on corruption or embargoes/sanctions grounds. In parallel, the OECD has also severely criticized the country for not enforcing anti-corruption statutes.
The proposed law targets companies headquartered in France, with more than 5,000 French employees – and also covers parent and subsidiaries or companies with more than 10,000 global employees. French companies in this category will have to implement a publicly available “Vigilance Plan” covering risks in terms of human rights and freedoms; personal injury or damage to the environment; health; active and passive corruption. These risks could result from their own business operations, as well as those of the companies they control directly or indirectly, and the subcontractors and suppliers with which the company deals. Breach of this obligation could lead to potential fines up to €10 million.
Best Practice Guidelines
Although at this stage the draft law does not give concrete directions as to what the “Vigilance Plan” may encompass in terms of anticorruption measures, it is highly probable that the focus areas will be similar to those recommended by anti-corruption legislations in other countries. In November 2012, the US DOJ published a Resource Guide to the US Foreign Corrupt Practices Acts (FCPA) which lists the main elements of an efficient compliance program. The UK Ministry of Justice has also published recommendations in its Bribery Act Guidance’s Six Principles:
As a suggestion, we recommend companies that will have to comply set up a robust ABC program based on four steps: Inform, Train, Equip and Control.
Inform: A strong tone at the top is essential. Management should be diligent in communicating a clear message regarding corporate values and behavioral expectations to employees and contract personnel. The Company’s Code of Conduct, brochures and public documents should enforce this messaging.
Train: Periodic training ensures that this message is effectively communicated throughout the company. The employees should be trained to be vigilant to the corruption risk and to make the right decision when exposed to such situations. Training sessions should be adapted to the position and the exposure of each employee to corruption risks: a sales key account manager does not deal with the same kind of situations as the financial analyst for example.
Equip: Performing a risk mapping of the company’s operations is the first step allowing the design and implementation of a tailored risk-based compliance program to which foreign enforcement authorities are very attentive. This risk mapping will guide the generic tools supporting the broad principles of ABC compliance (Code of Ethics, Employee Guide…) as well as specific tools detailing the “do’s and don’ts” of a daily job: procedures regarding third-party contracting (e.g. due diligence), gift and entertainment or sponsoring, for example. It is also important to allow employees to report any suspected wrongdoing through an anonymous whistleblowing hotline adapted to the needs of the company.
Control: Finally, a good compliance program is only efficient if regularly controlled and assessed by financial reviews and transactional testing. Internal teams or external auditors should regularly carry out compliance audits. A strong emphasis is usually put on third-party transaction review as enforcement actions before US and UK jurisdictions showed that agents, consultants, distributors or JV partners are often used to channel illicit payments. Other traditional high-risk areas include transactions with official regulatory authorities – such as customs and tax – as well as government tenders, gifts, entertainments, sponsorships or donations to name the obvious ones. To be credible, the compliance program should also provide for enforcement rules where breaches of its provisions are sanctioned by disciplinary measures.
These rather universal compliance recommendations will probably be part of the concrete directions given by the French legislator. They also can act as affirmative defenses to evidence the strong compliance culture of a company and demonstrate that any issue is anomalous and not systemic.
While the final provisions of the bill will not be known until (and if) passed by the French Senate (and with additional guidance then to be given in an accompanying decree), the striking benefit of this new law would be that, for the first time, large French companies and their subsidiaries will be liable for fines for non-compliance with the new law. Under this bill, France would be taking anti-corruption compliance a step further by mandating a compliance program by law and holding companies liable for failing to have such a program in place.
France accounts for 11 of the 50 largest companies in the EU. By enacting this legislation, France would therefore be asserting moral leadership in Europe and even further as a global model in its efforts to combat corruption, as well abuses of human rights, health and the environment. And this would be seen positively in light of corporate reputational risk, too.