Compliance expertise | Video interview with Etienne Dizarny

Written interview summarized | Compliance

What is compliance?

Compliance for a company means compliance with laws, external and internal regulations in France and abroad to which it is subject. But in fact, when reading the regulatory texts, it goes further, as it can be defined asall the processes that ensure that the behavior of the company, its managers and employees,complies with the legal and ethical standards applicable to them. In addition to simply complying with laws and regulations, these texts prescribe the establishment of specific governance, the systematic identification of all these risks using risk mapping, the implementation of alert processes and internal reporting to the authorities, and the training of employees to establish a culture of compliance at all levels of the company.

Compliance has become a major preoccupation of corporate management as the fines imposed on major offenders have increased. The importance attached to compliance is measured by the sometimes astronomical cost of non-compliance and the record fines that have been imposed: 8.9 billion for BNP, and 772 million for Alstom in 2014 in the United States, but also Mercedes in 2020 with 1.5 billion in the USA, and 870 million euros for Dieselgate. This cost can go as far as the pure and simple disappearance of the company for reputational reasons like Arthur Andersen after the ENRON case.

Faced with such financial risks and increasingly strict regulatory obligations, companies have had to create, organize and staff compliance departments for what was previously the responsibility of the legal department and operational departments.

As a result, compliance was initially viewed very negatively, more as a “necessary evil”, preventing “business”. In fact, it should be considered as an integral part of the company’s policies and turned into an asset.

What are the areas of compliance?

The areas of compliance are becoming increasingly broad as national and international legislation evolves, forcing companies to ensure compliance in more and more different areas.

More broadly for all companies:

  • The fight against corruption (SAPIN law)
  • Discrimination
  • Data protection (RGPD)
  • Professional ethics (prevention of conflicts of interest, gift policy)
  • The fight against human rights abuses, environmental and physical integrity, and equality before the law throughout their supply chain, as is already the case for some large companies in the future (CSDD).

For companies in the financial sector (banks, insurance companies, management companies), there are two other main areas:

  • Financial security: fight against money laundering and terrorist financing (LCB FT directive)
  • Market integrity (MAR, EMI, AIFm)

What is the compliance business cycle?

For each of these areas and by virtue of the regulations applicable to them, the compliance manager will have to implement the compliance cycle with his teams: prevent, detect, control, correct, report and lead:

1. Prevention: Is identifying risks and mapping them, training personnel, drafting appropriate policies and procedures, being consulted and rendering a compliance notice for new products or activities

2. Detect: for the fight against money laundering. This involves setting up automatic detection tools: daily screening of customer databases and financial transactions that generate alerts, processing these alerts and, if necessary, reporting suspicions to the authorities, organizing the processing and reporting of alerts concerning corruption (RGPD) or personal data violations (Sapin law), and, more generally, reporting to the General Management of all malfunctions observed.

3. control: within the framework of control plans. The aim is to ensure that the operational departments act in accordance with the law.

Correcting: this means checking that corrective measures are taken when a malfunction is observed to avoid its recurrence, as well as the implementation of related controls: remediation plans.

5. Reporting concerns all reporting activities, with priority given to the DG and, where appropriate, to the supervisory authorities, on malfunctions and the progress of remedial measures.

6. Facilitating: includes all team training activities and dialogue with the DG to advance the compliance culture within the company.

What is the role of the compliance manager?

A compliance manager is :

Advise the general management and give it a good vision of the company’s compliance situation.

-To guarantee the operation of the company, in compliance with the regulations To do this, you must be known to everyone in the company and be the point of entry for all compliance issues, but also be the point of contact with external regulatory authorities (the CNIL for the DPO, the ACPR or the AMF or the Tracfin correspondent for the fight against money laundering), and finally, to carry out second-level controls to verify the proper implementation of procedures and compliance with regulations, and to report the results to the DG.

Act as project manager for compliance projects. Each regulatory change, each dysfunction diagnosed, gives rise to a remediation program, which is not necessarily carried out by compliance, but which must be initiated under its aegis, and for which the compliance manager must obtain the necessary resources (funds, staff) and the active collaboration of the operational departments.

The new vision of compliance: how the "necessary evil" has become an added value for the company?

Compliance plays a major role in a company’s reputation. Today, when a young graduate chooses the company where he will work, he looks closely at its values, ethics and commitment to sustainable development. Beyond young people, traditional employees also do not want to work for employers with illicit behaviors and practices. The image of the company and the pride of belonging to a respectable company is a factor of retention of the personnel.

On the other hand, a reputational scandal is fatal for a company, no matter how big it is: Arthus Andersen has disappeared. Other companies have changed their name after facing scandal or paying record fines.

Active, independent and valued compliance in a company is a sign of solid governance and a guarantee of the company’s survival. Indeed, competitors are on the lookout, ready to denounce the flaws of delinquent companies. Likewise, NGOs ensure that they take action against companies that do not fulfill their duty of care. Finally, extra-financial rating agencies(Vigeo, Ethifinance) are rating more and more companies on CSR and ESG (environment, social and governance) and contributing to the attractiveness of companies, which is above all rich in its human capital.

It is therefore necessary to promote the development of compliance, no longer as a defensive measure, but as a vector for the future of the company, and a source of added value.

Discover also :

Share this article on your networks

Let's check together if your problem requires a transitional mission
Back to Top