The impact of the French Sapin II law on French companies: A complete guide
What is the Sapin II Law?
The Sapin II Law, officially titled “Law on transparency, the fight against corruption and the modernization of economic life,” was adopted in November 2016 in France. It is named after Michel Sapin, the French Minister of Economy at the time, who played a key role in its adoption. This law primarily aims to combat corruption but also includes various measures addressing other issues. It represents a significant advancement in financial regulation and the promotion of transparency in business practices. The Sapin II Law aims to fight corruption and promote transparency and ethics in business. It consists of three main pillars: enhancing transparency, combating corruption, and modernizing economic life. Through this law, the French government requires companies to implement measures to prevent and detect risks related to third parties, whether they are partners, suppliers, or service providers. Companies must establish a compliance program tailored to their size, nature, and complexity. They must identify their highest-risk third parties, assess their compliance with standards, and implement due diligence procedures to monitor and oversee them.
The Pillars of the Sapin II Law
The Sapin II Law is based on eight essential pillars. Concerned companies must absolutely implement these eight measures to comply with the law’s requirements:
- Anti-corruption code of conduct: This code defines and illustrates the various types of behaviors to be avoided, which may constitute acts of corruption or influence peddling. It is integrated into the company’s internal regulations and must be consulted by employee representatives.
- Internal whistleblowing system: Designed to collect reports from employees concerning situations or behaviors contrary to the code of conduct. It allows for the rapid detection of potential reprehensible acts.
- Risk mapping: Regularly updated, it identifies, assesses, and prioritizes the risks of corruption to which the company is exposed. It takes into account the company’s specificities, including its sectors of activity and the geographical areas where it operates.
- Third-party evaluation: Procedures are put in place to assess suppliers, clients, intermediaries, etc., based on the risk mapping. This ensures that business partners adhere to the same ethical standards.
- Accounting controls: Internal or external procedures are implemented to verify that the company’s accounting does not conceal operations related to corruption or influence peddling.
- Training for at-risk personnel: A training program is aimed at personnel most exposed to the risks of corruption and influence peddling. It seeks to raise awareness and reinforce vigilance.
- Disciplinary regime: It allows for the sanctioning of employees who do not comply with the company’s anti-corruption code of conduct.
- Internal control and evaluation: A system is established to monitor and evaluate the effectiveness of the anti-corruption measures implemented. This allows for adjustments and corrections if necessary.
Companies Concerned by the Sapin II Law
The companies affected by this law are industrial and commercial companies and establishments (EPIC) that meet two criteria:
- They must have at least 500 employees.
- They must have a consolidated turnover exceeding 100 million euros.
It is important to note that the Sapin II Law also applies to subsidiaries. French or foreign subsidiaries linked to a company whose headquarters are in France (and which meet the two criteria) are subject to the measures of the Sapin II Law. They are also required to promote transparency by implementing whistleblowing systems and preventive measures.
The Sapin II Law applies not only to companies as legal entities but also to individuals. Therefore, company executives are directly concerned by the Sapin II Law. They have the responsibility to ensure that the company complies with the law. In case of non-compliance, the executive can be subjected to an administrative fine of up to 200,000 euros.
Moreover, although employees are not directly concerned by the Sapin II Law, they have a role to play in the fight against corruption. They can be responsible for or witnesses to offenses and crimes. Consequently, the company must ensure that they are made aware of the fight against corruption. An internal code of conduct, accompanied by training for employees most exposed to the risks of corruption, must be made available to all personnel. The implementation of an internal whistleblowing system must be communicated to employees and be part of the internal control process.
Creation of the French Anti-Corruption Agency (AFA)
The Sapin II Law also creates the French Anti-Corruption Agency (AFA). This is a national administrative entity under the supervision of the Minister of Justice and the Minister of Budget. It was created to replace the Central Service for the Prevention of Corruption (SCPC). The AFA’s main mission is to prevent and detect the following acts:
- Corruption
- Influence peddling
- Bribery
- Illegal taking of interest
- Embezzlement of public funds
- Favoritism
These offenses, all defined in the Penal Code, are referred to by the AFA as “attacks on probity.” The AFA aims to intervene with both private sector economic operators and public sector actors, including companies and local authorities.
Who Controls Compliance with this Anti-Corruption Measure and What Are the Penalties for Non-Compliance?
According to Article 17 of the law, it is the French Anti-Corruption Agency (AFA) that is responsible for monitoring the implementation of anti-corruption measures within companies. Controls are generally carried out in two ways:
- Documentary control: The AFA examines the documentation provided by the company, such as policies, procedures, and internal reports.
- On-site control: Authorized AFA agents visit the company premises to evaluate compliance with the measures. These agents are bound by professional secrecy, and any attempt to obstruct their actions is punishable by a fine of 30,000 euros.
After conducting the investigation, the AFA director can impose sanctions. These sanctions are of three types:
Warning: The director issues a warning to the company executives, alerting them to the identified shortcomings.
Sanction commission referral: The AFA can refer the case to its sanctions commission to compel the company and its representatives to adapt, deploy, or reinforce internal compliance procedures.
Financial penalty: For serious breaches, the AFA can impose a financial fine on the company. The amount of the fine takes into account the severity of the breaches and the financial situation of the sanctioned person. For individuals, this fine cannot exceed 200,000 euros; for legal entities, the fine is limited to one million euros. The fine is paid to the Public Treasury and recovered as “state claims unrelated to taxes or the domain.” Additionally, the sanctions commission can decide to make the sanction public.