The 2016 Sapin II law on transparency, the fight against bribery and the modernisation of the economy – requires larger companies (exceeding certain employee, corporate structure and revenue thresholds) and their executive to adopt an anti-bribery compliance programme.
Under the regulation, top management is responsible for undertaking actions to fight corruption risks. However, the operational implementation of the anti-bribery programme may be delegated to a compliance officer.
This raises the question of the compliance officer’s liability under French law.
Appointing a compliance officer
The company has no obligation to appoint a compliance officer. However, the French Anti-Corruption Agency (AFA) recommends creating this function in order to "manage the deployment, implementation and evaluation of the anti-bribery compliance programme, in close cooperation with the organisation's stakeholders". This means, in practice, that the top management delegates the operational aspects of the anti-corruption compliance programme to the Compliance officer.
This function does not have to be fully dedicated for this purpose, as long as the compliance officer reports to top management and has an appropriate position in the hierarchy to be able to achieve their objectives. The compliance officer must be in an independent position vis-à-vis other departments and have the skills and means necessary to perform the compliance function.
What are the objectives of the compliance officer?
The compliance officer will be in charge of the daily implementation of the compliance programme. The scope of the officer's duties will be specified by top management according to the organisational and strategic choices and the characteristics of the business. In the course of their duties, they may be involved in organisational, legal, accounting and human resources issues.
- Organisational issues: the compliance officer supervises the deployment, implementation, assessment and updating of the company’s anti-bribery compliance programme; they coordinate the preparation of the bribery risk mapping; and they reports on risks and ethic to the top management, through a report to the Executive Committee, the Board of Directors or even the Audit Committees.
- Legal and accounting issues: the compliance officer monitors best practices and regulatory changes; they participate in the due diligence of third parties with which the company has business relationships; they set up accounting control procedures for expense reports, gifts, sponsorship and other things.
- Human resources issues: the compliance officer participates in the development of an anti-bribery code of conduct in collaboration with legal and human resources services; they participate in the implementation of trainings to sensitize managers and staff exposed to corruption risks; they manage the internal whistleblowing procedure and follow disclosures received; and they may also be involved in investigations and disciplinary cases.
Compliance encompasses different areas aside from prevention and detection of corruption. The compliance officer can therefore intervene in a range of matters such as harassment and discrimination, social and environmental responsibility, ethics, the fight against money laundering and terrorist financing, export control and compliance with international sanctions, personal data protection, competition law, influence peddling, and conflicts of interest.
What liabilities might the Compliance officer face?
Under the Sapin II law, the directors (presidents, general managers, managers) and the legal entity are the only persons liable for the implementation of anti-corruption compliance programme. The director may be held liable, as well as the legal entity, before the Sanctions Commission of the French Anti-Corruption Agency (AFA). A delegation of powers to the compliance officer will not be likely to exempt the top management from its administrative or criminal liabilities. The compliance officer cannot be held liable and thus be sentenced by the sanctions provided by Article 17 of the Sapin II law.
Like any employee, the compliance officer enjoys quite extensive protection in the course of their duties. They cannot be held liable in the event of simple error or negligence. In practice, only an intention to harm, an abuse or a criminal offence can trigger liability.
Similarly, if the company is sentenced because its compliance programme was insufficient, the compliance officer cannot be punished on the disciplinary ground if, in good faith, they wereunable to fulfil their objective.
However, if the deficiencies of the compliance officer are established – namely, the failure to achieve the mission with realistic objectives – the employer may terminate the officer's mission.
Considering the particular functions, they assume within the company, the compliance officer may expose themself to the risk of criminal liability.
In principle, the compliance officer cannot be held personally liable for criminal offences committed by the company, directors or employees. Nevertheless, the compliance officer may be criminally convicted if they personally commit an offence in the course of performing their employment contract and cannot be exonerated on the ground that the offence was committed by order or in the interest of the employer.
The mere failure by the compliance officer to comply with their professional obligations cannot constitute an act of participation as perpetrator or accomplice. Incomplete risk mapping and insufficient third-party assessment do not constitute acts of corruption or complicity in this offence.
The situation which is more likely to happen is the discovery by the compliance officer of a criminal offence. In this case, depending on the circumstances, the compliance officer may be considered an accomplice if they did not prevent the commission of the offence while they had the power to do so. A criminal court may consider that it is part of the compliance officer’s duty to take appropriate corrective measures to put an end to criminal offences for matters relating to employees.
The compliance officer must also be particularly cautious with regard to the risk of obstructing internal alerts, which is an offence in France punished by one-year's imprisonment and a fine of 15,000 euros (Sapin II Law, Article 13).
Osborne Clarke comment
Since the anti-bribery compliance function is sensitive and strategic, particular attention should be paid to defining the compliance officer’s power, means and responsibilities, including: resources, missions, independence, internal positioning, and objectives.
 AFA, Recommendations to assist public and private legal entities in preventing and detecting bribery, influence peddling, misappropriation of public funds and favouritism, version 12-17 and Charter of the Rights and Duties of controlling Stakeholders.