Although French companies have made progress in anticorruption compliance over the past two years, the French Anticorruption Agency (“FAA”) has found that they still have difficulty implementing certain measures, particularly anticorruption accounting controls.
The FAA, a national regulatory authority created by Law 2016-1691 of December 9, 2016 (“Sapin II Law”), recently published the results of its 2022 survey of companies in all sectors and of all sizes on the level of maturity of their anticorruption systems.
As part of the survey, companies were asked to identify aspects of anticorruption programs they found most difficult to implement. In response, companies primarily identified three areas:
- The assessment of the integrity of third parties: Companies indicated that this procedure requires the mobilization of significant resources and risks, altering their relations with the third parties concerned;
- The mapping of corruption and influence peddling risks: Companies cited methodological difficulties in attempting to prepare an exhaustive inventory of their internal processes, to correctly identify risk scenarios and to establish a link between risk mapping and other anticorruption measures; and
- Anticorruption accounting procedures: Companies reported having difficulty defining them and linking them to existing accounting controls.
Large companies are generally equipped with advanced, computerized accounting systems. In particular, the FAA points out that “general IT controls relating specifically to financial and accounting information systems are identified and listed as part of the accounting controls that contribute to limiting the risks of corruption.” The FAA also acknowledges that anticorruption accounting controls are those that “ensure compliance with the same principles as general accounting controls and are based on the same methods” (FAA, “Les contrôles comptables anticorruption en entreprise,” April 2022, §2.1 p 20 and §3.2 p 30).
But the FAA will not be satisfied with the sole existence of an efficient accounting system in a company. It will try to ascertain the existence of anticorruption accounting controls, specifically, i.e., “implemented in order to control the risk situations identified in the risk mapping.”
In order to comply with the obligations of Article 17-II-5° of the Sapin II Law and to avoid a finding of noncompliance, companies must therefore ensure that they accomplish the following (preferably in this order):
- Establish their corruption and influence-peddling risk mapping by identifying which of these risks “result in accounting movements”; to do this, the scenarios must be precise and not reduced to generic risks. When certain mapped corruption risks are not subject to a specific accounting control, the company must be able to justify this in the event of an FAA audit;
- Identify, among the accounting controls existing within the company, those that are likely to effectively reduce the mapped risks; in particular, the relevance of their relationship to one or more of the mapped risks must be explained and supported by adequate documentation; and
- Include, when appropriate, in their anticorruption action plan the implementation of new anticorruption accounting controls or the improvement of existing ones.
Companies must be advised on the expectations of the FAA in the context of a compliance audit and be assisted, upstream, in the elaboration of their risk mapping and in the identification of the related anticorruption accounting control procedures.
To this end, the mobilization of multidisciplinary competencies is a major asset:
- In criminal matters, through in-depth knowledge of the constituent elements of the offenses of corruption and influence peddling in order to identify the risks to which corporates are exposed;
- From an organizational point of view, by understanding relevant internal processes and scenarios that may give rise to corruption risk; and
- In accounting, to identify the relevant accounting controls that already exist or to be implemented in order to better control the mapped risks.