Governance, Risk & Compliance: GRC
Sapin II: The Role of Technology in Preventing Corruption
In December 2016, the French government published a bill titled “Transparency, Fighting Corruption and Modernizing Economic Life”. Otherwise known as the Sapin II law, the objective of this bill was to generate an anti-corruption mechanism in France by building on the progress brought about by the 1993 Sapin Act. Sapin II aligns French anti-corruption law with aspects of U.S. and UK corruption enforcement, introducing a range of binding obligations to prevent corruption, overseen by a dedicated national agency “Agence Français de lutte Anticorruption” (AFA).
While the original provisions came into force on 11 June, 2017, a recent (2021) review of Sapin II implementation has reinvigorated the drive for transparency and ethics in business operations. If incorporated, the proposed amendments would significantly strengthen the enforcement of anti-corruption laws while extending the scope of current Sapin II requirements to capture a broader range of firms.
It is therefore critical that in-scope firms, and those who may be caught within the broader criteria, revisit the obligations of Sapin II. This is to understand how best to ensure ongoing compliance. The following blog outlines the current requirements and explores how firms can leverage technology to improve the efficiency and effectiveness of their anti-corruption programs.
Changes to “bound entities”
Currently Sapin II applies to those firms that meet the two following criteria:
- Any company based in France employing at least 500 persons
- Any company belonging to a group of companies that employs at least 500 worldwide, but whose parent company is headquartered in France
- A company with consolidated or non-consolidated sales of more than €100 million
- For a French group with consolidated sales of more than €100 million, the obligation applies to the group as a whole, including subsidiaries, whether these subsidiaries are located in France or abroad
The original criteria for Sapin II included approximately 1,570 companies. However, the recent proposal removes the requirement for parent companies to be headquartered in France. This would require local subsidiaries of large foreign companies to maintain compliance standards at the same level as their largest French counterparts.
Sapin II obligations
The Sapin II law introduced the following eight binding obligations designed to prevent corruption and trading in influence: 
- Bound entities are required to develop a specific French Code of Conduct detailing their anti-corruption policy which is to be included in the company’s “Règlement intérieur” or internal rules of procedure. This includes defining and illustrating the behaviors which constitute acts of corruption
- Implement an internal whistleblowing procedure to collect employee reports of Code of Conduct breaches as well as any other domestic or international regulations in force
- Firms must produce and maintain a detailed risk mapping document which identifies, analyses and prioritizes the risk of corruption depending on its business sectors and geographical footprint
- In-scope organizations must have a robust due diligence process in place for major third parties based on the aforementioned risk map
- Established internal or external accounting control procedures to ensure accounts are not concealing violations such as bribery, gifts and alike
- Firms must design and implement a corruption training program for CEOs, managers and employees most exposed to associated risks
- Establish a disciplinary system to penalize Code of Conduct violations
- Finally, firms must evaluate and monitor the effectiveness of the full compliance program through an internal control and audit process
Ongoing compliance is critical
The French authorities and the AFA have an arsenal of financial and legal penalties at their disposal to ensure that companies implement genuine anti-corruption measures. If internal procedures are deemed to be inadequate, company directors can be fined up to €200,000 and the company itself can incur a fine of up to €1,000,000. Alongside this, enforcement decisions can be disclosed publicly, leading to a wrath of potential impacts which stem from associated reputational damage.
More broadly, anti-corruption plays a pivotal role in Environmental, Social and Governance (ESG) matters. These interlinked principles are growing in importance amongst investors, policymakers and other stakeholders as an indication of long-term sustainability and profitability. The United Nations has stressed the importance of tackling corruption to achieve its Sustainable Development Goals (SDGs), with SDG 16 explicitly highlighting anti-corruption as a key target:
- By 2030, the UN aims to significantly reduce illicit financial and arms flows, strengthen the recovery and return of stolen assets, and combat all forms of organized crime
- Substantially reduce corruption and bribery in all forms
- Ensure public access to information and protect fundamental freedoms, in accordance with national legislation and international agreements
Ethical governance gives stakeholders confidence that leaders are acting in the best interests of the business. This can substantially improve performance through fostering a more stable and productive operational environment, thereby reducing risks and improving reputation.
Leveraging technology in your compliance journey
Sapin II presents a major challenge for firms due to the scope and scale of the requirements they entail. Leaders must implement anti-corruption policies, whistleblower protection, and compliance training while demonstrating program effectiveness to regulators via disclosures. Irrespective of whether your firm is currently in scope or if it is to be captured if the criteria are broadened, it is critical that organizations understand how technology can support the process.
By leveraging technology offered by SAI360, you can ensure:
- Corruption risks are assessed qualitatively and quantitatively against various risk dimensions by using configurable impact and likelihood scales. Subsequent actions can be automated based on events emanating from assessments, key risk indicators, incidents and control assessments.
- Third party records are centralized to proactively identify potential risks, verify compliance, and monitor changes.
- Documentation is maintained within a single repository, enabling you to quickly summarize the risk profile of your business, allowing you to respond more efficiently to regulator requests.
- All of the primary obligations of Sapin II are covered within a single software that can connect to a multitude of external information systems, as well as innovative code of conduct training solutions.
- Potential cases of corruption are detected directly from accounting entries through to Continuous Control Monitoring.
Learn more about SAI360 offerings on Regulatory Change.
 “Trading in influence” is the practice of using one’s influence in government or connections with authorities to obtain favors or preferential treatment