The Enforcement Committee of the French Anti-Corruption Agency (“AFA”) [1] issued its first decisions on July 4, 2019 [2] and on February 7, 2020 [3]. In both cases, the decision followed a control carried out by the AFA regarding the existence of breaches of the compliance mechanisms provided for in Article 17 of the law Sapin II [4] . Although no financial sanctions were pronounced, both decisions clarify the AFA Enforcement Committee’s expectations of companies’ compliance program.

I. Decisions reflecting the rigorous stance of the French regulator

With respect to Sonepar – a company specialized in electrical equipment distribution –, the AFA’s Director considered that the company risk mapping was too standardized, the code of conduct was irrelevant regarding the risks that should have been identified, third-party evaluation procedures did not comply with legal requirements and were missing internal control and evaluation processes and an efficient accounting control procedure ensuring that accounts were not used for corruption or influence-peddling purposes. With respect to Imerys – a company specialized in the extraction and processing of minerals – the AFA’s Director considered that its risk assessment methodology did not guarantee satisfactory risk identification, that its risk mapping was incomplete and were missing the absence of an appropriate code of conduct and accounting control procedures.

In both decisions, taking up point by point the grievances formulated by the AFA’s Director, the Enforcement Committee assessed the compliance obligations in the light of the legislative provisions.

By the hearing, Sonepar had demonstrated that its risk mapping was being improved, that it had adapted its code of conduct, incorporated new control procedures into its internal control charter and had developed managing tools for relations with third parties and intermediaries. Since the violations were no longer established at the day of the hearing, the Enforcement Committee rejected all grievances raised by the AFA’s Director, and chose not to sanction Sonepar in the absence of serious breaches of the legislative provisions [5]. As for Imerys, the Enforcement Committee requested it to adjust its code of conduct and accounting procedures within a specific time-frame. Neither of the companies was sanctioned financially.

II. Specifications regarding the non-binding nature of AFA recommendations and the burden of proof in proceedings opposing the AFA and companies

Both decisions raised interesting points, notably regarding the nature of AFA recommendations, that could be used as potential guidance for companies and AFA controls in the future.

In the Sonepar decision, the Enforcement Committee stated that Sonepar, which was not required to follow the methodology recommended in the AFA recommendations, must be considered as justifying the relevance, quality and effectiveness at the level of the risk mapping that it is responsible for setting up.

In the Imerys decision, the Enforcement Committee did not approve the AFA’s reasoning regarding risk mapping, which requires companies to include a roadmap in their risk mapping, as well as detain a specific and standardized methodology. The Enforcement Committee rejected this argument, on account of the fact that the AFA’s recommendations are only a frame of reference and are thus not binding for companies.

This demonstrates that only breaches provided for by law might be sanctioned and that companies are free to choose their own risk mapping methodology as long as it meets the legislative requirements [6].

Furthermore, the Enforcement Committee distinguished two situations regarding the burden of proof. If a company states to have strictly complied with the AFA’s recommendations, it is presumed to satisfy anticorruption law requirements and the burden of proof lies with the AFA’s Director, who will have “to demonstrate that the company did not, in fact, followed such recommendations”. If a company alleges to have partially satisfied the AFA’s recommendations, it must “demonstrate the relevance, the quality and the effectiveness” of its anticorruption system [7].

These decisions thereby establish that the standard of assessment is that which is set by law and not by AFA recommendations. This being said, AFA recommendations remain an advantageous framework for companies who choose to comply with them.