Login
The French Anti-Corruption Agency published in May 2023 a study comparing various regulatory anti-corruption frameworks from France, the UK and the US (AFA - Presentation of various regulatory frameworks for promoting business integrity across the world - May 2023). As we often struggle ensuring we comply with all these frameworks and their extraterritorial reaches, this presentation provides a nice and easy comparative guidance to manage business integrity risks in our organizations. In today’s mood post, we provide a quick-read, high-level checklist to make sure we have everything covered according to these frameworks.
Business integrity is a fundamental aspect of corporate governance: it is not only a matter of compliance with regulations but also a means to enhance trust and confidence in the business environment. By setting clear standards and guidelines, regulatory frameworks help prevent corruption, ensure fair competition, and safeguard the interests of stakeholders, in turn creating a better world for all of us. We like them!
Of course, it's not always straightforward for businesses to know and understand which standards they need to follow, comply with, and inspire their programs from. And the truth is, with so many regulations that apply extraterritorially, it is very likely that you need to follow several standards at the same time!
What I really like with the French Anti-Corruption Agency publishing this guide (AFA - Presentation of various regulatory frameworks for promoting business integrity across the world - May 2023), is that you will find in one place all the relevant information about the frameworks applicable in France, the US, the UK and supplemented with the framework released by the World Bank.
 “The notion of "framework" is used in the broad sense of the term to mean the set of binding standards and their accompanying measures, such as recommendations, guidelines and practical guides”(AFA - Presentation of various regulatory frameworks for promoting business integrity across the world - May 2023).
Amazing: from page 10 onwards you will find the links to all related resources for a deeper dive in each of them. For example, the Loi Sapin II in France does not make much sense if read without the AFA Guidelines etc. Right at your fingertips, you will find your comprehensive source guide for the future.
And by reading all these frameworks side by side, we are indeed able to take a stance at developing a framework for our organizations that complies with most requirements. I find this specificity of E&C very interesting: the emergence of an inter-national framework composed of a mix of regulations, best practices, enforcement and guidelines. I am a private international law nerd, and I can tell you that this idea is getting me quite excited.Â
Let’s use this guide to get going!
In its guidance, the French Anti-Corruption Agency has summarized the key points necessary across all frameworks and how we can reconcile working with all of them (AFA - Presentation of various regulatory frameworks for promoting business integrity across the world - May 2023). All frameworks do touch upon the following key points:
The involvement of top management in the anti-corruption program is absolutely critical to its effectiveness. And we are not only talking about a clear zero tolerance policy, but true effective commitment. In the French framework, the management body (= the CEO) is actually liable for the non-implementation of the required anti-corruption measures required by the Loi Sapin 2.
So, what we expect from our committed top leadership is:
In order to be able to support the management commitment and coordinate the Ethics & Compliance initiative in the organization, our E&C function needs to be strong and enabled:Â
To craft good prevention measures, we need to assess, map and understand the corruption risks in all our Business Units. This is the cornerstone of our risk-based approach as, most probably, we do not face the same risk in our Danish entity as in our latest joint venture in Cambodia with a powerful tycoon to distribute our heavily regulated products! It’s also one of the best ways for the E&C function to get to really know our business in depth if we run it well. Below a few key points to remember:
Once we have established a committed leadership, a functional E&C team and a solid risk mapping, we need to work on developing a strong corruption prevention framework.
The Code of Conduct is the key pillar: it needs to be clear and concise, lay out clearly the behaviors that are desired or prohibited. The Code needs to be reviewed regularly and remain accessible to employees and third parties in relevant languages. This Code of Conduct is typically complemented with frameworks that address specific corruption risks and areas (with respect to gifts & hospitalities, conflicts of interest, facilitation payments, sponsorship & donations and so on). Needless to say, our Code of Conduct needs to be effectively implemented: a simple code that is known, understood and followed is much better than a super complex framework of 25 documents that is not really implemented in practice.
Awareness & training enable effective operationalization: we need to follow a risk-based approach here again, raise the general awareness for all employees and create a dedicated program and training for at-risk employees, as well as control functions and gatekeepers so that they help us identify risks. Training should be appropriate, understandable, and content should be tailored to the audience. Also consider sensitizing your business partners on your Code of Conduct while you run due diligence on them.
Proper due diligence on third parties: of course, third parties may put us at risk and we want to have solid risk-based due diligence procedures that enable us to assess our third parties and document all of that. This enables us to avoid dealing with business partners known or reasonably suspected to have engaged in misconduct. Of course, this should take place before entering into business with a third party and regularly during the relationship.Â
Mergers & Acquisition of businesses also brings a huge risk with successor liabilities. We need to beware of what we inherit when we purchase or absorb! We need to have an approriate and thorough E&C due diligence ahead of the transaction and be included in the acquisition process and data-room early on. I recommend having a framework in place already that governs how you set-up your M&A teams, manages the need for enhanced confidentiality for the project and so on. And of course, we need to work after the acquisition to integrate the target's compliance programs & controls into our existing framework.
Whistleblowing system: they are key to prevent risks from materializing. We need to enable trust in the system for people to report, which in turn creates incentives for everyone to behave well. Our systems need to be accessible and enable reporting or raising concerns (beware depending on the jurisdiction as to the type of personal data that can be collected in these systems), including anonymously, in a confidential manner. People who report should be protected from retaliation. We need a good pre-existing and transparent process in place on how we manage reports and what happens then. And we want and will need to learn from cases that have been reported: how can we improve our processes to make sure this does not happen again? On this topic, don't forget to check out my latest article on whistleblowers' rewards: 279 millions or the price to blow the whistle.
Internal investigations: this means the review of the potential violation of regulations and frameworks. We want to investigate and control high risk situations in order to make learnings and improve our programs. Our Investigations should be properly scoped, conducted by qualified personnel, timely, and of course the findings should be remediated.
Accounting Controls: these are key, and the goal is to ensure that books and records are not used to conceal corruption. Dedicated anti-corruption controls will reinforce existing accounting controls in place. Work with your accounting department to effectively implement these control points. Check out the neat guide published by the Agence Francaise Anti-Corruption on Accounting Controls to know where to start (AFA - Corporate anti-corruption accounting controls - April 2022).
Monitoring & Evaluation: having an internal program in place aimed at checking the effectiveness of your anti-corruption measures is not an option. We should periodically review the procedures, an appropriate execution level, control plans, audit plans, all of this duly formalized. The goal of monitoring is to check all levels of our program, from design to implementation, in order to improve it.Â
The last key step of our program is of course to remediate properly when misconducts happen.
Corrective measures: whenever we audit, investigate or identify a shortcoming, get alerted on a gap, or face a new situation that may create risks, we need to adjust and correct, systematically. Our improvement plans should be followed from the lower levels of the organization all the way up to top management.
Discipline: we also need to have a very clear disciplinary system in place, applicable to all staff, and applied consistently across the group. We should not forget about the supervisory impact of a misconduct: what actions are we taking towards the supervisor? Check out here my blog-post on how to navigate discipline, incentives and rewards in today’s world (Sticks & Carrots for Ethics & Compliance: navigating incentives and rewards for today's humans).
In conclusion
This study from the French Anti-Corruption Agency should help all of us focus on the key points we need to ensure to be aligned with the requirements coming from the important frameworks developed by the US, UK and France (AFA - Presentation of various regulatory frameworks for promoting business integrity across the world - May 2023), as summarized by the French Anti-Corruption Agency:
“It is therefore possible to consider that the French anti-corruption framework offers companies that apply it significant guarantees of protection against the criminal risk of corruption, but also of compliance with the anti-corruption rules and recommendations of foreign countries where they are likely to develop their activities“ (AFA - Presentation of various regulatory frameworks for promoting business integrity across the world - May 2023).
I hope these few points are helpful to quick-check and enhance your anti-corruption program. Follow Upright Solutions on Linkedin for more inspiration for your Ethics & Compliance Program!
 Love from Copenhagen 💜