This recent FCPA Flash podcast  highlighted developments in France relevant to the anti-bribery and compliance space including, most notably, the new so-called Sapin II law and the new French anti-corruption agency (AFA).
Recently, the AFA released guidelines (see here  for the English translation) which make for an interesting read. In many respects, the AFA guidance is similar to the DOJ/SEC issued FCPA Guidance  (2012) and the U.K. Ministry of Justice Bribery Act Guidance  (2010). However, there are a few portions of the AFA guidelines that caught my eye and are discussed below.
The AFA’s guidelines were “inspired by the best international standards” and are “France’s official anti-corruption policy framework.” Experienced compliance practitioners will see many familiar concepts in the guidelines which are organized around the following subjects:
- Top management commitment to preventing and detecting corruption
- Anti-corruption code of conduct
- Internal whistleblowing system
- Risk mapping
- Third-party due diligence procedures
- Accounting control procedures to prevent and detect corruption
- Corruption risk training
- Internal monitoring and assessment system.
A portion of the risk-mapping section, specifically under the heading “characteristics of corruption risk mapping,” caught my eye. The guidelines state:
“formalised meaning that it [risk mapping] takes the form of a structured written document. It must be ready for immediate submission to officials from the AFA.” (emphasis added).
French law and practice are certainly outside my strike zone so I reached out to legal experts to provide additional insight regarding this notable provision including its possible tension with legal privilege issues.
Bryan Sillaman  (a former SEC FCPA enforcement attorney and currently a partner at Hughes Hubbard based in Paris with a wealth of experience advising French companies) shared:
“The role of the AFA is primarily to prevent corruption – it was not envisioned as an equivalent to the DOJ (that role lies more with the French Parquet national financier (PNF)), but the AFA does have authority to audit companies and assess whether they have implemented compliance programs consistent with the requirements of Sapin II. The scope of their authority is quite broad and they have already begun conducting on-site audits of companies that are subject to Sapin II. It will be quite interesting to see how issues of legal privilege play out in these audits over the coming years. In addition to asking for risk assessments, nothing in the law technically prevents the AFA from requesting materials prepared by in-house legal and compliance personnel (which, unlike those in the US, do not enjoy legal privilege), so I suspect we will see some disputes play out in the near future on the scope of AFA’s ability to request such information and what companies are rightfully able to withhold.”
Cécile Terret  (a French lawyer in the Paris office of Bryan Cave)
“The new anti-corruption Sapin II law makes it compulsory for companies impacted to implement internal procedures to fight corruption. One of the items that must be prepared is a corruption risk map as it is an essential tool for piloting the management of risk of corruption; it is actually highly advisable to start with the risk mapping when designing the compliance program as for example, the company will be able to draft an anticorruption code of conduct only when it has identified precisely the risks of corruption it faces. This document must be prepared by the company and will be subject to investigation by the new Anti Corruption Agency (AFA). Indeed, during the first investigations, AFA requested from the companies to present a list of documents which included the “risk mapping” as well as all documents related to this assessment. Failure to comply with this obligation and to have such document ready for investigation can lead to a fine up to 1 Million Euros for the company and 200.000 Euros for executives. Lastly, this particular document is not covered by attorney-client privilege, as its mere purpose is to be verified by the AFA. However, the preparatory stage (communications between the lawyers and the client and memos drafted by the lawyer to the client to prepare such document) is covered by legal privilege.”
Another portion of the AFA guidelines that caught my eye relevant to risk mapping is country risk in which the AFA seems to endorse Transparency International’s Corruption Perceptions Index. As highlighted in this prior post , the business community should take the CPI with a grain of salt and the AFA’s seeming endorsement of the CPI just perpetuates the fallacy that the CPI is a useful document in terms of managing and mitigating risk.
FCPA Institute - Zoom (Nov. 10-12)
Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.