Companies operating cross border businesses face a fragmented compliance framework comprised of many different local laws spanning a wide range of issues.
It is like navigating a tanker through a coral reef. The consequences of getting it wrong can be grave, as corruption acts are penalised and serious economic and reputational consequences are incurred. Below, AG partners, Cécile Terret, Harriet Territt and Jörg Bielefeld, set out their views on what are some of the biggest compliance pitfalls facing foreign companies engaging in international trade in France, Germany and the UK and what companies can do to avoid them.
- What are the biggest compliance risks foreign companies operating in your jurisdictions face, currently.
Foreign companies are facing legal, economic and reputational risks if they don’t comply with French anti-corruption laws.
Firstly, if a foreign-based company has a subsidiary in France with at least 500 employees and consolidated revenues of more than 100 million euros, then it is subject to the Sapin II law and must implement an anti-corruption system.
Secondly, if the company does not have a subsidiary in France but is a partner of one or more companies established in France that are themselves subject to the Sapin II law, it must submit to the assessment of third parties carried out by the company in France as part of this anti-bribery system.
The scope of application is large enough to target most multinational companies and subject them to the anti-corruption system. The CEO is personally responsible for complying with the law, and prison sentences may be imposed on CEOs if they break the law. Not complying has serious economic consequences, such as being prohibited from public procurement. Sanctions are public, so companies face reputational risk too.
From the German perspective, foreign companies should be aware of the actual mind-set of leading prosecutors in Germany: They point out that it is definitely not sufficient to just cover ABC compliance (i.e anti-bribery and corruption issues) but expect companies to implement adequate compliance procedures and systems to avoid business crime, such as: (tax/customs) fraud, embezzlement and environmental crimes. A major aspect is the field of technical compliance or product compliance: Companies should scrutinize whether their products and/or advice could be used unlawfully – or do not meet regulatory requirements. This is a clear result of the so-called “Diesel scandal”, which keeps numerous prosecutors and courts busy still. Although there still is no criminal law regarding companies in Germany and only individuals can be criminally prosecuted and sanctioned, prosecutors target companies using administrative law. Consequences are severe since they not only fine the businesses, as such, but seize the profits of – inter alia – a crime which was facilitated by a weak compliance management system. In this regard, fines are unlimited. German courts take a similar position, seeing compliance as a part of proper supervisory obligations.
One critical issue in the UK is the breadth of improper business conduct that can be prosecuted against companies on a criminal basis. Avoiding liability for bribery and corruption, environmental, health & safety, modern slavery fraud, sanctions and money laundering and tax violations requires a joined up and consistent compliance response. The other important factor is the emergence in the UK of "failure to prevent" offences, which are specifically aimed at organisations, not individuals. These types of offences are specifically designed to hold businesses accountable for failures in their compliance system and are prosecuted on a "strict liability" basis, which is unusual in the UK. Typically, the only available statutory defence to an allegation that a company has failed to prevent bribery, tax evasion (and soon fraud) is that the business had adequate procedures in place to prevent the relevant conduct.
The other trend is a continuing focus on increasing the number of successful prosecutions against organisations and individuals who breach corporate criminal laws in the UK, and the risk that this focus increases risks for companies who identify bad behaviour in their business, making it a much more complex decision whether to self-report.
- How is this affecting the way companies do business in France and Germany and the UK?
Multiplicity of stakeholders
Since the implementation of the Sapin II law in 2016, recently reinforced by the Wassermann law of 2022, special vigilance is being given to anti-corruption issues. The legislator is strengthening the obligations of companies in this regard, practices within companies are becoming more refined and shareholders are demanding accountability. Civil society (the media or associations) is very attentive to these issues and social pressure is increasing on companies considered as "non-compliant".
Impact on day to day operations
In concrete terms, companies are creating new professions specifically dedicated to the fight against corruption. They are developing compliance practices in legal departments or are being advised by law firms which, in turn, specialise in this area (in particular, drawing up risk charts). Or, they are reinforcing the obligations of training or evaluation of third parties directly with operational staff.
In Germany, neither courts nor prosecutors would be very much impressed by matrix structures, talking about multinational companies: authorities would always investigate personal responsibility of managers under the regime of German governance principles, regardless whether managers were appointed as business directors of a German GmbH only because of a matrix organisation. Thus, it is advisable to know one’s personal risk prior to taking responsibility as a director or member of the board.
In the UK, compliance can no longer be the responsibility of a totally separate department, but has to be brought within the business units at some level, likely reporting up to a specialised compliance team.
Increasing regulatory oversight
The French Anti-Corruption Agency and the French National Prosecutor's Office publish guidelines for companies and their advisors to help them understand the legal requirements to be adhered to. If uncertainty is going to decline, as legal texts become more and more precise and prescriptive, concrete actions are going to be even more complex as obligations tend to be reinforced over time.
Evolution of compliance systems
Businesses need to rapidly increase the scale and competences of their compliance systems, and many are considering compliance technology for the first time, to help them spot areas of risk or patterns that indicate improper behaviour.
- What can companies put into place now to avoid future risk or liability?
Today, in France, the offence of corruption is strictly controlled and sanctioned. As soon as you operate in France, you may be subject to anti-bribery law (Sapin II), either by exceeding specific thresholds, or, by doing business with companies subject to the law. In any case, it is best to be cautious and it is highly recommended for any company doing business in France to abide by the anti-bribery law, even though it is under the legal threshold.
It is in the company’s best interest to implement all possible actions to prevent the risk of corruption: mapping all the risks, reviewing contracts and KYC procedures, raising awareness of your employees and your managers and investigating as soon as there is a risk, a doubt, or an alert.
As legal obligations become more and more precise and complex it is best practice to get help from lawyers who have developed an expertise on the topic and who have dedicated teams to implement anti-bribery programs.
In Germany, companies are well advised to pay increased attention to their compliance management systems. They should not just rely on the existing (foreign) programmes but rather ensure that they are proportionate to German requirements: Besides the legal aspects, it is imperative to heed that a proper compliance culture is fostered. A first step could be that guidance is not only written in the books but rather anchored in the employees brains.
Plus, it is extremely helpful if the compliance department or function actively listens to the employees: what are the risks and situations they are facing? What risks emanate out of the products or advice they are selling? Since the new Whistleblower Protection Act will be adopted soon, companies are advised to take action by not only implementing it, but to consider it as a chance to improve compliance communication.
In the UK, we are seeing a significant new focus on "compliance assurance" – detailed testing of existing compliance systems by specialised lawyers and advisors, with board level reporting on gaps and risks identified. In the same way as France and Germany, a key focus is the lived "compliance experience" of employees and how businesses communicate on their expectations and standards.
Cross-border compliance is a challenge facing every person in business responsible for international trade. This year's Deutsche Compliance Konferenz 2023 (Frankfurt, 9th and 10th May) tackled some of the challenges including getting it right at an international level. AG partner, Jörg Bielefeld, chaired the 2023 programme for the event and his partners, Harriet Territt & Cécile Terret participated on the panel session "The European Compliance Perspective" (see agenda, here). If you need support or assistance with any of the issues raised or are interested in attending the conference next year, please do get in touch with our team.
Partner, White-Collar Crimes and Compliance
Partner, Commercial Disputes, Compliance and Internal Investigations
Partner, Global Investigations