The implementation of Article 17 of the Sapin 2 law quickly raises the question of tools, beyond the human effort required.
While no “push-button” tool can exist that handles all the requirements of the law at the touch of a single button, tools are nevertheless essential for the most effective implementation of certain aspects of the law, particularly taking into account the recommendations of the French Anti-Corruption Agency (AFA) and feedback from various audits conducted to date.
Many tools exist on the market, and it is not always easy to find your way around.
Nevertheless, it is common for these tools, designed before the Sapin 2 law came into force, to fail to specifically meet the requirements of the Sapin 2 law.
By way of illustration, following AFA guidelines, you do not systematically have to use screening software for third-party evaluations. On the contrary, the philosophy is to categorize your third parties according to the stakes identified in your corruption risk mapping.
Based on the classification you have determined, you will choose the categories of third parties on which specific investigations must be conducted using a screening tool.
The fundamentals of Article 17 of the Sapin 2 law are identical for all concerned organizations. However, the compliance approach and the processes implemented may differ from one environment to another.
The questions selected, for example, in the third-party evaluation process will be relatively specific to each structure, given their sector of activity and especially their corruption risk mapping, which is the starting point of the process.
Similarly, your corruption risk mapping will be inherently specific to your organization. Hence the importance of deploying a simple and intuitive tool, given the many contributors involved.
This is also why it is so important to have sapin 2 software that can adapt, without additional development, to the contexts and specificities of each organization in order to support your compliance quickly and over the long term. You have the control to evolve your tool.
The Sapin 2 law does not stem from a European directive. Adopted in December 2016, its ambition is to raise France to the highest international standards in terms of corruption prevention. Highly innovative in its approach, the Sapin 2 law now inspires other legislators around the world.
Contrary to popular belief, the Sapin 2 law does not only concern large companies. Indeed, any company with more than 500 employees and a turnover exceeding 100 million euros is required to implement an anti-corruption system. Mid-sized companies (ETIs), which form the backbone of the French territory, are therefore also affected by this legislation. It is estimated that approximately 2,500 companies in France are subject to it.
The Sapin 2 law imposes on subject companies the obligation to prevent and detect acts of corruption through the implementation of a system comprising eight measures and procedures. This is a legal obligation, and non-compliance can lead to administrative sanctions.
ISO 37001 is an international standard that defines requirements for the deployment, maintenance, and improvement of an anti-corruption management system. While obtaining this certification can demonstrate the efforts implemented by a company in the fight against corruption as well as the commitment of the governing body, it does not exempt the company from an audit of its system’s effectiveness by the AFA.
The Sapin 2 law requires the implementation of eight measures and procedures designed to prevent and detect acts of corruption and influence peddling. While it is possible to adapt existing procedures within the company to meet this objective, it is necessary to ensure that the requirements of the Sapin 2 law are fully met.
For example, a company subject to very demanding risk management regulations could not use them as a defense with the AFA during an audit. The AFA is specifically responsible for verifying the application of the law regarding corruption prevention, and no other regulation.
The requirements of the text imply not only a particular formalism but also having sufficiently precise knowledge of the corruption risks the company is likely to face.
To determine if a company is subject to the Sapin 2 law, one should refer to Article 17 of the Sapin 2 law of December 9, 2016. This concerns companies employing at least five hundred employees, or belonging to a group of companies whose parent company has its registered office in France and whose workforce includes at least five hundred employees, and whose turnover or consolidated turnover exceeds 100 million euros.
For any additional information, the AFA has published a document on its website regarding the scope of audits provided for by Article 17 of the Sapin 2 law.
Executive commitment is central, as the responsibility for implementing the anti-corruption system lies with the presidents, CEOs, and managers of companies subject to the Sapin 2 law. In the event of a failure to meet their compliance obligation, they face a financial penalty of up to 200,000 euros.
In practice, executive commitment manifests in various ways: through external and internal communication condemning corrupt practices, by affirming a zero-tolerance principle toward corruption (a principle itself referenced in the company’s code of conduct), through personal involvement in the deployment and monitoring of the anti-corruption system, and by allocating the human and financial resources necessary for its implementation.
The responsibility for implementing an anti-corruption system lies with the governing body, which may delegate operational implementation to the compliance function.
The mission of this function includes:
The organization of the compliance function depends on the characteristics of the company and the options chosen by its leaders. For a company with subsidiaries, it is recommended to position the compliance function at the central level. Depending on the size of the company, a network of compliance officers can also be established, involving business actors to facilitate the deployment of the anti-corruption system.
The Sapin 2 law applies to companies falling within the scope of Article 17 regardless of the sectors of activity in which they operate. No sector of activity can therefore be excluded from the AFA’s audit scope.
Article 17 of the Sapin 2 law does not specify the form of the company. All legal forms are therefore concerned: SAs with a board of directors / CEO or with a management board and supervisory board; SARLs, SASs, SNCs, simple limited partnerships, partnerships limited by shares, SCIs, semi-public companies, etc.
The responsibility for implementing an anti-corruption system lies with the governing body, which may delegate operational implementation to a head of the compliance function. This operational delegation must not call into question the role of the executives in monitoring the anti-corruption system. It is therefore important that the head of the compliance function maintains a direct and regular link with the company’s governing bodies and presents all guarantees of credibility in this regard to the company’s employees.
While the responsibility for implementing a system lies with the governing body, its operational implementation is delegated to the compliance officer. In addition to these recurring missions related to managing the anti-corruption system, the compliance officer must be involved in the company’s major projects to identify risks of corruption or non-compliance.