A decade of dedication.
Help us reach new heights!
РУС
ENG
Anti-Corruption Portal
A decade of dedication.
Help us reach new heights!
France has published recommendations on preventing corruption in organizations

Created by Law No. 2016-1691 of 9 December 2016 on transparency, the fight against corruption and the modernization of economic life, the French Anti-Corruption Agency (Agence Française Anticorruption - AFA) has published Recommendations aimed at helping legal entities in the public and private sectors to prevent and detect corruption, influence peddling, extortion, illegal capture of interests, misappropriation of public funds and favoritism (Recommandations destinées à aider les personnes morales de droit public et de droit privé à prévenir et à détecter les faits d

Business
Business
Photo: Swann Lecocq / CC BY-NC-ND 2.0

The Recommendations are aimed at all types of public and private organizations, irrespective of their size, legal form, sphere of activity, turnover or headcount, and can also be applied by non-profit organizations.

At the same time, private organizations include:

  • joint stock companies, simplified joint stock companies, limited liability companies, professional associations;
  • Consortiums (associations of enterprises with common economic interests);
  • associations established in accordance with the Law on Contracting for the Formation of Unions;
  • foundations;
  • subsidiaries of designated organizations, if they are established in the territory of the country.

The Recommendations apply to these categories irrespective of the place of their activity, including if it is carried out abroad, unless the legislation of these countries provides for other stricter rules.

State organizations include:

  • public bodies (public bodies provided for in the constitution; central authorities; authorities to which certain powers have been delegated; services under the exclusive jurisdiction of national courts; independent administrative bodies);
  • local authorities and their associations;
  • public institutions;
  • public interest groups.

The recommendations are divided into several parts addressing the following key elements of compliance programs:

  1. management involvement;
  2. code of conduct;
  3. internal whistleblowing mechanisms;
  4. corruption risk assessment;
  5. counterparty assessment;
  6. accounting controls and records;
  7. training;
  8. internal monitoring and evaluation.

Thecommitment of senior management to the principles of "zero tolerance" to corruption is, according to the Recommendations, a fundamental requirement for building a system of anti-corruption measures in the organization. This element includes 4 main points:

  1. Adoption of a zero tolerance policy for corrupt practices:
    • defining prevention and detection of corruption as one of the organization's priorities;
    • providing the necessary resources in proportion to the objectives set;
    • taking appropriate action against any case of corrupt behaviour. This commitment is specified in the context of developing the organization's disciplinary regime and establishing sanctions for violations;
    • Putting into practice the obligations set out in the documents;
    • The inclusion in the code of conduct of provisions on the inadmissibility of corrupt conduct in the organization's operations, its interaction with counterparties and with clients;
  2. inclusion of anti-corruption provisions in the organization's policies and procedures:
    • human resource management procedures - integrity checks when hiring for positions at all levels in the organization, including senior managers, and inclusion of participation in anti-corruption as part of personnel performance evaluation indicators;
    • Feedback mechanisms in the organization - establishing mechanisms for reporting observed cases of corruption and measures to protect complainants from possible reprisals;
    • other policies and procedures related to corruption risks;
  3. ensuring management of the corruption prevention and detection system. The person responsible for the compliance program should develop, implement, improve and update the anti-corruption program in close cooperation with the organization's management and stakeholder groups. The organization's management body should ensure that the strategy is agreed upon, monitor the implementation of the action plan, and ensure that the necessary resources are available for anti-corruption purposes;
  4. Implementation of a communication policy. It is recommended to communicate both to the organization's employees and counterparties about the organization's policy on prevention and combating corruption, as well as the main directions of the organization's compliance program.

TheCode of Conduct, according to the Recommendations, sets out the values and commitments to prevent and combat corruption to which the organization adheres, and includes a description of typical situations containing corruption risks that the organization's employees may encounter in the course of their activities, as well as recommendations for appropriate behaviour in such situations. In addition to specific situations, the code sets out general anti-corruption restrictions and prohibitions applicable to employees, including those related to the receipt of information about the organization's activities.

Theinternal whistleblowing system is part of a comprehensive corruption prevention and prevention system and is designed to create channels for employees to inform the responsible person about observed violations of prohibitions and restrictions set out in the code of conduct. The following points should be taken into account when building such a system:

  • defining the role of the reporting employee's immediate supervisor, who should provide counseling support to the complainant, unless the complaint is about the actions of that supervisor;
  • designating a person responsible for collecting and processing such information: this may be an employee of the organization or an external agent;
  • ensuring confidentiality of information about the identity of the complainant, the information disclosed, and the individuals accused of misconduct, including during the processing of the complaint and the conduct of the review;
  • determining how the complainant will provide additional information;
  • taking steps to notify the complainant of the progress and planned timing of the complaint proceedings;
  • taking measures to delete all information about the complainant and the persons mentioned in the complaint, if the complaint did not contain indications of misconduct and, consequently, grounds for investigation;
  • Where necessary, establishing procedures for receiving and handling anonymous complaints.

The possibility of reporting observed violations should be provided not only to permanent employees, but also to temporary and part-time employees. It is also possible to form a unified system for reporting code violations, other corruption violations (in accordance with Law No. 2016-1691 of December 9, 2016), as well as existing risks (in accordance with Law No. 2017-399 of March 27, 2017).

Assessing the organization'scorruption risks and mapping the risks is necessary to achieve two main objectives:

  • Identification and management of corruption risks in order to build anti-corruption measures in the organization taking into account its peculiarities;
  • informing the organization's management and persons responsible for compliance, providing them with a clear picture of the need to take certain measures to prevent or counteract corruption in proportion to the identified problems.

The assessment should be comprehensive (participation of employees at all levels), formalized (written documented form, including for submission to AFA) and regularly updated. According to the Recommendations, it includes 6 main steps:

  1. assigning roles and responsibilities in conducting the risk assessment;
  2. identification of risks inherent in the organization, taking into account the specifics of its activities and individual business processes;
  3. assessment of the impact of risks on the organization's activities (identification of the most serious risks), taking into account the factors and sources of risk occurrence, the probability of its realization and assessment of factors that exacerbate the impact of the risk;
  4. assessment of the adequacy and effectiveness of risk controls, actually aimed at reassessing the serious risks identified at the previous stage, taking into account the existing preventive measures to control them, and obtaining data on "actual" ("residual") risks;
  5. identification of the top-priority risks from among the "actual" risks and development of measures to minimize them;
  6. drawing up a formalized display of the risk map and updating it if necessary.

Counterparties (customers, suppliers, intermediaries, contractors and others) are assessed to ensure that they provide sufficient assurance of integrity. This is generally done through the use of due diligence, but other means may be used (e.g. specific anti-corruption clauses in specific contracts). The assessment is carried out before entering into a formal relationship with a counterparty and involves collecting and analyzing information and documents about the counterparty in order to complete the due diligence process.

In general, counterparties are assessed according to the level of risk of interaction with them (low, medium, high). When assessing counterparties, it is recommended to collect and analyze the following data:

  • identification information (name, legal form, date of establishment, number of employees, capital, area of activity, etc.);
  • data on shareholders and beneficiaries;
  • country risks (related to the country where the counterparty is registered and the countries where it operates);
  • risks inherent in the business sector in which the counterparty operates;
  • assessment of the counterparty's experience, qualifications and skills;
  • information on the reputation of the organization, its management, shareholders, beneficiaries (including litigation, accusations, investigations, other adverse information);
  • whether the counterparty has a compliance system;
  • the counterparty's cooperation in gathering all of the above information;
  • the nature and purpose of the relationship with the counterparty (some relationships, such as providing services to assist in obtaining contracts, carry heightened corruption risks);
  • Assessment of other interested organizations (e.g., subcontractors);
  • the counterparty's interaction with public officials or politically exposed persons;
  • possible financial risks associated with the counterparty;
  • whether the counterparty has provisions to regulate remuneration (e.g., for contracting assistance);
  • payment characteristics (location of the counterparty's bank account, other accounts held by the counterparty).

Accounting controls in an organization should be carried out at three main levels: 1) directly by those responsible for entering accounting data, 2) through periodic spot checks, 3) through regular internal audits. Data related to high corruption risks, such as information on transactions such as donations, sponsorships, entertainment, marketing expenses, closed or exceptional transactions (e.g. acquisition of a company), etc., should be subject to special control.

When conducting training on the organization's anti-corruption policy, it is recommended to introduce it both to employees whose activities are associated with increased corruption risks and to a wider range of employees. Depending on the category of trainees, the content of the training programme will also differ: while in the first case employees should gain an understanding of the corruption risks specific to their activities and measures to combat them, in the second case the organization's personnel should be informed about the general principles of the anti-corruption policy.

Theinternal control and assessment system is necessary to verify that the compliance program is implemented and functioning in the organization and is adapted to the existing corruption risks. Such control is carried out at three levels: level 1 - all employees of the organization who, in case they discover any dysfunctions of anti-corruption mechanisms in the course of their activities, should report them to the person responsible for compliance; level 2 - the person responsible for compliance; level 3 - internal auditors; level 2 - the person responsible for anti-corruption; level 3 - the person responsible for compliance; and level 3 - the person responsible for internal audit.

A separate section of the Recommendations is devoted to the specifics of application of the above elements of compliance programs in government agencies and public sector organizations.

It should be noted that the Recommendations are non-binding and, accordingly, do not create legal obligations. They are designed to provide organizations with a methodological basis for the formation of their anti-corruption compliance program (compliance program) within the framework of the risk management strategy. However, given that, in accordance with Law No. 2016-1691, the French Anti-Corruption Agency is empowered to conduct audits of compliance programs of organizations with the provisions of the Law, it seems that the provisions of the Recommendations are not binding.

Tags
Compliance
See more
Tags
Compliance
A decade of dedication.
Help us reach new heights!