Over recent months, the European Union has taken a major step forward in the supervision of anti-money laundering and counter-terrorist financing through the growing role of AMLA. In parallel, a first directive harmonizing criminal offences and sanctions in the field of corruption has been adopted. In France, the AFA has structured anti-corruption policy through the 2025–2029 national plan, based on prevention, detection and enforcement, at the level of the State, local authorities, businesses and internationally. In addition, in her second biannual report, the Défenseure des droits highlights the increasing role of whistleblowers, despite organizational limitations and persistent risks of retaliation. Finally, the bill tabled before the French National Assembly, aimed at providing a legal framework for internal investigations and strengthening their legal security, marks a further step towards the establishment of a structured legislative framework.
AMLA : Expansion of European AML/CFT supervision
Since 1 January 2026, the European responsibilities previously exercised by the European Banking Authority (EBA) in the field of anti-money laundering have been transferred to the new European Anti-Money Laundering Authority (AMLA), established in 2024 and headquartered in Frankfurt. The authority is now fully operational and is gradually positioning itself as the central coordinator of AML/CFT supervision across the European Union.[1]
In 2025 and 2026, AMLA has increased structured exchanges with national competent authorities and financial intelligence units (FIUs). Throughout 2026, the authority has also intensified its work on the future European Single Rulebook stemming from the AML package. These efforts aim to reduce interpretative divergences between Member States and to establish common standards in terms of governance, risk assessment, customer due diligence, and transaction monitoring.[2]
The rise of crypto-assets, financial technologies, and artificial intelligence is also among the priorities of the new European supervisor. In its preparatory work, the European framework highlights risks related to digital business models, technology-enabled fraud, and complex cross-border transactions. Companies are therefore encouraged to strengthen their customer due diligence frameworks, transaction monitoring capabilities, and data governance in order to address an ever-evolving risk environment.[3]
Beyond the institutions that will ultimately be directly supervised by AMLA, the impact of this reform is expected to be far-reaching. The new European expectations are likely to progressively extend to all sectors subject to AML/CFT regulations, including those that currently fall under exclusively national supervision.
The French Anti-Corruption Agency (AFA) publishes the 2025–2029 national anti-corruption plan
In the foreword to the 2025–2029 National Anti-Corruption Plan, it is stated that “France has a robust and comprehensive framework to prevent, detect, and punish breaches of integrity. Nevertheless, it is now more necessary than ever to enhance and strengthen it”.[4]
Following an initial plan covering the 2020–2022 period,[5] the second plan confirms that anti-corruption efforts are now conceived as a fully-fledged public policy, involving public administrations, local authorities, companies, courts, investigative authorities, and international stakeholders.[6]
The plan is structured around four main pillars: strengthening the fight against corruption within central government (1), supporting local authorities (2), protecting economic actors (3), and developing France’s international action (4).
The first pillar seeks to reinforce the fight against corruption and breaches of integrity within central government. The first 23 measures directly target the State and its administrations and notably provide for the implementation of comprehensive prevention, detection, and remediation frameworks based on detailed risk assessments.[7] Particular attention is given to sovereign administrations—customs, police, gendarmerie, judiciary, and prison services—which are more exposed to certain risks, especially in the context of growing organized crime.[8] The plan also emphasizes securing public procurement, protecting sensitive data, strengthening internal control and internal audit systems, and enhancing the training of public officials[9].
Local authorities constitute another key pillar of the plan. While breaches of integrity at the local level remain relatively limited compared to the number of elected officials and public servants concerned, their impact on public trust is significant.[10] The plan therefore aims both to clarify certain rules—particularly with regard to illegal conflicts of interest,[11] and to provide increased support to local elected officials and public agents in implementing appropriate compliance frameworks.[12]
The third pillar is dedicated to the protection of economic actors. The plan confirms the central role of the Sapin II Law and the continued supervision by the AFA of companies subject to Article 17 obligations. However, greater emphasis is placed on supporting SMEs and mid-sized companies, particularly “when they expand internationally or are required to implement compliance measures at the request of their contracting partners”.[13] The plan also stresses the importance of training and awareness-raising among the most exposed stakeholders in order to strengthen their role in preventing and detecting integrity breaches.[14]
Finally, the plan incorporates a stronger international dimension. Corruption is presented as a transnational phenomenon that distorts competition and undermines the rule of law.[15] France therefore intends to promote soft law standards and commitments at the European and international levels, support existing evaluation mechanisms, and strengthen technical cooperation with partner States.[16]
The plan also places significant emphasis on strengthening criminal enforcement. In particular, it provides for increased resources for investigative authorities, improved consistency of criminal policy in relation to integrity breaches,[17] and expanded use of deferred prosecution agreements (“CJIP”), notably through their extension to new offences and through adjustments to the duration of compliance programmes monitored by the AFA.[18]
The French Defender of Rights Publishes Its Second Biennial Report on Whistleblower Protection in France
On 28 May 2026, four years after the entry into force of the Waserman Law, the Defender of Rights, Claire Hédon, presented her second biennial report on whistleblower protection in France. The findings are mixed: while the framework is now fully identified and widely used by relevant stakeholders, its success also highlights several structural weaknesses.
External authorities responsible for receiving and processing reports recorded more than 10,000 alerts in 2025, compared with only 2,000 in 2023. This increase reflects growing trust in reporting mechanisms and confirms that whistleblowers now play a central role in detecting breaches of the public interest, whether in the areas of public health, the environment, probity, or the social and healthcare sectors.[19]
However, the report underlines that the vast majority of referrals are concentrated among a limited number of competent authorities. In light of this influx, the Defender of Rights calls on public authorities to reconsider the organization of the system, in particular by adapting the list of competent external authorities and improving mechanisms for directing reports.[20]
Furthermore, while public and private organizations have largely implemented the internal procedures required by regulation, these mechanisms remain insufficiently known and are still underused. Employees and public officials often continue to favor external channels, raising questions about the level of trust placed in internal reporting systems.[21]
Finally, the report stresses that, in practice, reporting wrongdoing remains a risky undertaking. The Defender of Rights notes the persistence of retaliatory measures against whistleblowers, particularly in the employment context, despite the strengthened protections provided by law.[22]
Adoption of the First European Directive Dedicated to Combating Corruption
The year 2026 marks a significant milestone in the development of the European anti-corruption framework. Definitively approved by the Council of the European Union on 21 April 2026, following its adoption by the European Parliament, Directive (EU) 2026/1021 aims to harmonize the rules applicable across Member States and to strengthen cooperation between national authorities.[23]
The directive pursues an ambitious objective: to establish a common set of corruption-related offences and to align sanctions regimes across the Union. In particular, it requires Member States to criminalize, in a harmonized manner, active and passive corruption in both the public and private sectors, trading in influence, misappropriation of funds, obstruction of justice, illicit enrichment linked to corruption offences, as well as certain forms of unlawful exercise of public functions.[24]
One of the key takeaways from the recitals is that combating corruption cannot be limited to criminalization and sanctions alone. The directive promotes a comprehensive approach combining prevention, detection, and enforcement. Member States are therefore encouraged to strengthen transparency frameworks, conflict of interest management, the regulation of lobbying activities, and movements between the public and private sectors (“revolving doors”). Corporate compliance programmes are also identified as essential preventive tools, notably through the implementation of risk assessments, codes of conduct, internal audits, and monitoring mechanisms.[25]
While France already has an established anti-corruption framework—particularly under the Sapin II Law—the directive nonetheless confirms the European Union’s intention to converge compliance and enforcement standards across the internal market. It also reflects a shift towards a more integrated approach to anti-corruption, based on prevention, organizational accountability, and the effectiveness of cross-border enforcement.
The directive will enter into force twenty days after its publication in the Official Journal of the European Union.[26] Member States will then have a period of two years from its entry into force to transpose its main provisions.[27]
For more information: Directive (EU) 2026/1021
Internal Investigations in France: Towards a Legislative Framework
On 9 December 2025, a bill was introduced before the French National Assembly to establish a legislative framework for internal investigations. While such investigations now play a central role in corporate ethics and compliance programmes—particularly under the impetus of the Sapin II and Waserman laws—they currently remain without a dedicated statutory framework.[28]
The bill pursues a dual objective. On the one hand, it seeks to provide legal certainty for a practice that has become essential in handling whistleblowing reports, as well as suspicions of fraud, corruption, or breaches of internal rules.[29] On the other hand, it forms part of a broader reflection on French legal and economic sovereignty, in a context marked by the growing influence of extraterritorial legislation and the increasing role of internal investigations in negotiations with prosecuting authorities.[30]
The bill thus introduces, for the first time, a definition of internal investigations into the French Labour Code. These would be defined as a formal process aimed at verifying the accuracy of alleged facts or suspected violations of laws or internal rules, taking into account both incriminating and exculpatory evidence and relying on proportionate means. Internal investigations are presented as a tool serving integrity, compliance, and improved organizational governance.[31] The bill also provides for a framework governing internal investigations conducted in parallel with criminal proceedings.[32]
Finally, the bill places particular emphasis on the role of the investigating lawyer, affirming that internal investigations conducted by a lawyer fall within the scope of legal professional privilege. The acts, analyses, and documents produced in this context could only be disclosed to judicial authorities with the express consent of the legal entity that commissioned the investigation. This provision reflects a clear intention to strengthen the confidentiality of internal investigations and to further secure the use of such mechanisms by companies.[33]