Pursuant to the provisions of the French Sapin II Law^[i], the French Anticorruption Agency (“AFA”) issued recommendations aimed at assisting public and private legal entities – whether subject or not to the obligation to implement preventive and detective measures against corruption[ii] – in their initiatives to prevent and detect integrity violations within their entities.

After issuing initial recommendations in 2017, AFA updated them on 4 December 2020. Similarly, to the national diagnosis launched by AFA to assess the effectiveness of corruption prevention and detection systems implemented within companies[iii], the recommendations’ update is part of the first steps of the multi-year national anti-corruption plan 2020-2022 carried out by AFA and approved by the government in early 2020[iv].

The AFA recommendations which were initially organized around the 8 pillars of Article 17 of the Sapin II law and are now centered around three main pillars: the top management’s commitment, the risk mapping and the risk management.

This new organization is a reminder that while all anti-corruption measures provided for by Sapin II must be implemented, the involvement of the management body is essential and risk mapping is the cornerstone of the anti-corruption system.

As a result, the scope of the risk mapping is extended to the risks of influence peddling[v]. AFA further recommends the extension of the third-party category submitted to due diligence to include third parties with whom the company would like to enter into a relationship for the purpose of an acquisition or for sponsorship.[vi] In addition, beyond the training initiatives intended for managers and the most exposed employees, AFA urges to raise all employees’ awareness regarding the fight against corruption.[vii] With regard to the internal control and audit system, AFA recommends the establishment of a specific procedure setting out “the processes and situations involving identified risks, the frequency of controls and their procedures, the persons in charge of these controls and the rules for transmitting the results to the management body” [viii].

Furthermore, AFA strengthens the authority of its recommendations. Despite not being legislative in nature, the recommendations are now “opposable” against AFA as part of itin the context of its controls[ix]. Accordingly, in the context of an AFA inspection, companies henceforth benefit from a presumption of compliance when they indicate having designed their compliance program in accordance with AFA’s recommendations. It then falls to AFA to demonstrate that this application has been “ineffective, incorrect or incomplete” [x].

These amendments are not a surprise since they are in line with the decision of the Sanction Commission issued on July 4, 2019, which states that when a company indicates having complied with the methodology recommended by the AFA, “it must be deemed to have provided sufficient information, unless the Agency proves that it failed, in reality, to follow the recommendations” [xi].