Compliance Compliance Gouvernance

Compliance 20 years on

More and more managers are realizing that compliance is not just another constraint, but rather a formidable lever for organizational efficiency and business performance, an asset in a globalized world where the trust factor is key and transparency fundamental.

Hot topics such as business integrity, manager effectiveness, data management, investigations, pandemic impacts, corporate ethics culture and many others need to be addressed. They can have a significant impact on the sense of belonging to the company’s community among employees and other stakeholders, on the attractiveness of talent, on access to suppliers, customers, markets and, more generally, on the company’s extra-financial rating and development.

Compliance is no longer an option

In 2001, when I was secretary of the board of directors and corporate legal director of a French company listed in Paris and on the Nasdaq, we had to implement the American Sarbanes-Oxley (or SOX) law. And we were already surprised that an American law could be imposed on a foreign company.

In 2021, the situation has changed around the world. In France, laws such as the Sapin 2 law of December 9, 2016 on transparency, the fight against corruption and the modernization of economic life have accelerated corporate awareness and put compliance and good governance at the heart of the corporate ecosystem, from the board of directors to stakeholder management.

Compliance is not an abstract concept, but a set of concrete measures

First of all, it should be remembered that compliance covers all the operational and transversal processes that ensure that the rules, standards and processes themselves are respected and that an ethical spirit is instilled in the organization. Corporate compliance is the result.

The RGPD in 2017 and other French and international legislation have expanded the scope of these compliance programs. Companies must assess third parties whether they are suppliers, customers or other stakeholders. They are also required to comply with enhanced reporting obligations on their extra-financial commitments and in particular on traceability, controls, the environment, climate commitment, parity and fair treatment, etc.

These extra-financial risks very often have a financial bottom line, whether it be conflicts of interest, embargoes and international sanctions, cyber attacks, fines related to active and passive corruption or antitrust issues, human rights, etc.

Another trend is the investigations opened by NGOs with the judicial authorities for suspected acts of corruption, granting of undue advantages, influence peddling, complicity and concealment of corruption.

Compliance is a matter of governance

According to article 225-35 of the French Commercial Code, “the Board determines the strategic direction of the company’s activities and oversees its implementation. It deals with issues concerning the proper functioning of the company”. It is therefore the Board that sets the tone by stating “zero tolerance for non-compliance” and by giving senior management the means to implement a robust compliance program. This must be accompanied by effective monitoring to ensure the efficiency of the processes put in place and the respect of ethics in the conduct of business and business development.

We have observed among our clients that more and more boards of directors are assessing and monitoring – with the help and independent advice of the compliance and risk functions – the strength of the risk management culture as well as the coverage of all the company’s issues by the compliance programs. It is critical that the board looks for these attributes in the company’s culture, identifies weaknesses and ensures that management takes responsibility for correcting them.

What can be done to preserve the brand, the image and the reputation of the company?

It is a matter of identifying the risks, evaluating them and setting up action plans to reduce or even avoid them. But we have seen that this is not enough. Some groups have been sanctioned by the authorities for cheating or for not having established a real counterweight.

The risk of a pandemic was listed in a number of risk maps. However, few groups had put in place an action plan. Some groups with a strong ESG culture have been able to orient their factories very quickly towards serving society (production of hydroalcoholic gel, financing of millions of masks) and putting their staff into teleworking.

Compliance is based on 3 P’s: “Preserve, Protect, Perform”.

The next step is for this risk management culture to be integrated not only into risk monitoring and compliance systems, but also upstream into companies’ thinking, decision-making and incentive systems. Compliance functions alone cannot impose a strong risk management culture on a reluctant organization. But they can play a critical role in helping the board of directors monitor and evaluate management’s performance in developing sound risk management practices across the enterprise.

The chief compliance officer is rising through the ranks

Twenty years ago, Anglo-Saxon groups were pioneers. First, regulated sectors such as banking, insurance and the pharmaceutical industry appointed a chief ethics & compliance officer.

Today, we can see the evolution in France in our exchanges with general management when recruiting Chief Compliance Officers and their teams or when conducting evaluations of boards of directors or management committees.

Governance bodies have become aware of the criticality of these subjects: some have even decided that this function should report directly to the Chief Executive Officer or the Chairman, with a dotted line to the Chairman of the Audit Committee to ensure the independence of the reporting of very sensitive information, which is the very essence of a robust compliance program.

The Chief Compliance Officer, agent of the transformation of the internal culture

In today’s business environment, the Chief Compliance Officer must have the ability to help preserve the integrity of the company, protect the brand and reputation, and drive organizational performance. Leadership requires a clear definition of the values and goals to be achieved and a sustained and unwavering commitment to support it in its role of transforming the way the company does business. Implementation also requires a good command of the company’s activities, a good understanding of the issues at stake, a proper understanding of the risks, the avoidance of gold plating and the anticipation of very rapid regulatory changes.

Compliance, a strategic tool for the company of tomorrow

In these volatile times, establishing a solid risk management culture is a top priority for the board of directors. It should soon become an indispensable parameter in the definition and deployment of the company’s strategy, in the analysis and evaluation of risks with a global vision, an international and holistic approach of the organization. And compliance will have infused the culture to such an extent that it will no longer be mentioned.

There is still a lot of awareness and education work to be done in order to make the company’s culture evolve in the service of ethics, inclusion and other social imperatives and thus ensure the competitiveness, performance and sustainability of the company. This is encouraging!


President of BCP Partners, a human strategy firm specializing in recruiting for the Finance, Legal, Risk & Compliance and Board of Directors functions, and in advising executives on governance / Board of Directors and Executive Committee / Management Board evaluations.

Company director, Doctor of Law. Co-founder of the Cercle De la Compliance, former Legal Director and Secretary of the Board of Directors of listed companies.