Sapin II in Practice: Our First Look

August 6th, 2019

Compliance professionals have now received their first glimpse into how French regulators will use that country’s Sapin II anti-corruption law: an enforcement hearing against a large French electronics company that ended with a decision to take no action against the firm.

The company in question, Sonepar, eagerly announced that result to the world on July 10. France’s anti-corruption agency, the Agence Française Anticorruption(AFA), had held a public hearing two weeks prior to review five allegations of non-compliance that AFA officials had brought against Sonepar.

At that hearing, Sonepar defended its compliance program as suitable for the company’s risks, even though the program wasn’t in exact alignment with severalbest practices for corporate compliance programs that the AFA had previously published. The AFA’s sanctions committee then ultimately agreed that Sonepar’s approach to compliance hadn’t violated Sapin II, and no penalties against the company were warranted. (The AFA has published its findings in the matter in French; an official English translation is not yet available.)

Compliance professionals watching French enforcement of Sapin II, and trying to contrast the Sonepar action with anti-corruption enforcement in the United States or Britain, have several points to consider.

First,the company defended itself vigorously, and prevailed. Hearings of the AFA sanctions committee are supposed to be closed. Sonepar asked for a public hearing, and its top executives then walked through all the steps they were taking to identify weaknesses in the company’s compliance program and strengthen those areas.

The administrative structure France uses for these disputes is quite different from that used in the United States or Britain — but conceptually, what happened here isn’t so different from the conversations global businesses might have with regulators such as the U.S. Justice Department. Corporations need to present clear documentation, a rationale for the company’s current compliance posture, and a plan to address any weaknesses the compliance program has.

Absent any other evidence of corrupt acts, a company presenting those three things will likely get favorable treatment from U.S. prosecutors. That’s essentially what happened in France with this case.

Second,this result does not mean France is taking a light approach to anti-corruption compliance. First, the AFA’s complaint against Sonepar dealt with how the company was managing its compliance program, notany specific wrongful acts that employees or third parties might have committed. We don’t yet know how the AFA or its sanctions committee might handle cases where wrongful acts, stemming from a weak compliance program, are part of the picture

Moreover, regardless of the sanctions committee’s decision in favor of Sonepar, the company still had to deal with an AFA inspection and investigation for months on end. The AFA pursued its case vigorously. Dealing with such inquiries is not cheap and not pleasant. The best strategy for a large corporation (which is also going to be subject to other countries’ anti-corruption enforcement as well) remains the same: build and maintain an effective compliance program,so you are in position to respond to whatever inquiry comes along.

Third, this case is a single example, rather than a harbinger of things to come. The basic rule of anti-corruption compliance is to use a risk-based approach, and Sonepar’s risks were unique to Sonepar.

Yes, the firm operates worldwide and is large (€22 billion in revenue, 46,000 employees, business in 44 countries), but most of its sales are in low-risk countries, and almost none are to government agencies. So other businesses of similar size and reach could have much larger corruption risk. And as mentioned previously, a company facing accusations of specific bribery acts could face much more difficult conversations than we see here.

Ultimately, compliance professionals are better served by contemplating what Sonepar did to defend its compliance program, rather than speculating what this result might mean for anti-corruption enforcement in France. The company didhave a compliance program, with all the primary elements: risk assessment, due diligence procedures, other related policies and procedures. It didn’t have to follow AFA preferred methodology, but it did have to have those elements. So will any other company.