Compliance in France in 2021

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

In summary

The year 2020 and early 2021 proved eventful for compliance and white-collar crime in France, especially for anti-bribery and compliance activity. Agencies are continuing to build on Sapin II by incrementally defining anti-corruption standards and stepping up their enforcement efforts on both the administrative and judicial fronts. A recent reversal in case law on successor liability after M&A operations is expected to spark renewed interest for anti-bribery due diligence.

Discussion points

  • Reversal in November 2020 Court of Cassation case
  • Judicial enforcement continues an aggressive white-collar crime strategy and the success of CJIPs in enforcement actions
  • Possible reform of the blocking statute
  • Duty of Vigilance Law
  • Covid-19-related disruptions

Referenced in this article

  • Sapin II law
  • 2021 revised AFA Anti-Corruption Guidelines
  • Case No. 18-86.955, 25 November 2020, Court of Cassation
  • Law No. 2020-1672 of 24 December 2020
  • 2021 revised AFA Guidelines
  • 2020 AFA guidance on ‘gifts and invitations’ policies
  • 2021 revised AFA guidance on anti-bribery verifications in M&A
  • 2020 AFA Annual Report
  • 2020 CNIL guidance on personal data in whistle-blowing procedures
  • 29 January 2020 Airbus CJIP agreement
  • Bolloré SE decision, 26 February 2021

The year 2021 is a consolidation year for France’s investigations and white-collar crime ecosystem, with limited statutory changes but a few noteworthy developments from courts and administrative agencies. After making great strides since the country heightened its anti-corruption standards with the 2016 Sapin II law, France and its authorities have since demonstrated that they are now key players in the global white-collar crime and anti-bribery landscape.

In anti-bribery compliance in particular, the French Anti-Corruption Agency (AFA) keeps building on Sapin II by providing guidance on specific topics, auditing compliance programmes of private and government entities and, for the first time in 2019 and 2020, bringing cases in front of its sanctions board. To date, no new cases have been publicly scheduled for 2021, but AFA’s sustained audit activity makes it likely that other cases will be brought soon.

The judicial part of this effort also proved newsworthy in 2020 and early 2021, with the National Financial Prosecutor’s Office reaching new heights in the amounts of fines levied as part of judicial public interest agreements with corporations investigated for bribery and the Court of Cassation, France’s highest civil court, reversing its decades-old position on successor criminal liability after mergers.

While bribery and corruption occupied the centre stage of the compliance and white-collar crime landscape, some other areas of compliance law underwent substantial changes recently – many of which were inspired by anti-bribery law – and are also expected to be key issues in upcoming years. Environmental, social and governance (ESG) issues have been a staple of French compliance law since the 2017. The Duty of Vigilance law mandated large corporations to create and publish a dedicated ‘vigilance plan’ and exposed non-compliant corporations to a potentially large liability risk that was finally tested in 2020 and is expected to become more central in 2021.

Overall – and considering the continuing disruptions throughout 2020 and 2021 resulting from the covid-19 pandemic that have slowed down the French economy as well as its legislative and judicial systems – we expect the French compliance landscape to continue evolving incrementally this year, with changes on specific issues, such as the compliance aftermath of the Court of Cassation’s November 2020 reversal on successor criminal liability after mergers.

Building on the paradigm change of Sapin II since 2016

The law of 9 December 2016 on transparency, corruption and modernisation of the economy, commonly referred to as ‘Sapin II’ after the minister in charge at the time, is France’s comprehensive anti-corruption reform and a response to laws such as the US Foreign Corrupt Practices Act and the UK Bribery Act. The law toughened corruption sanctions, imposed stringent compliance obligations on large corporations and created the AFA.

As a reminder, since June 2017, companies incorporated in France and exceeding a certain size threshold[1] are required to have an anti-corruption compliance programme that meets certain specifications. Under the law, presidents, directors and managers of qualifying companies may be held personally liable for failure to implement such a compliance programme.

Compliance programmes under Sapin II must be tailored to prevent acts of bribery and influence peddling, and must include the following measures aimed at preventing corruption:

  • a code of conduct;
  • an internal whistle-blowing mechanism;
  • regularly updated corruption risk mapping;
  • a risk assessment (risk mapping) process;
  • third-party due diligence procedures;
  • accounting controls;
  • training programmes for employees exposed to high risks of corruption and influence peddling;
  • a disciplinary procedure; and
  • an audit mechanism to assess the effectiveness of the compliance programme.

Based on the AFA audits and sanctions procedures of private entities conducted to date, the agency pays extremely close attention to the risk mapping process (which is supposed to inform all other measures), the code of conduct and the top management’s involvement in anti-bribery. Corporations subject to the above-mentioned requirements should be aware that merely having the required measures in place is not sufficient as the agency controls their quality and practical implementation.

The law also introduced major procedural changes for white-collar cases, with the creation of the equivalent of the deferred prosecution agreement (DPA): the ‘judicial public interest agreement’ (CJIP).[2] The CJIP gives prosecutors transactional tools to negotiate with corporate plaintiffs for a limited number of offences, including:

  • active public agent bribery and influence peddling offences (eg, active foreign public agent bribery);
  • active and passive private bribery offences (private ‘commercial’ bribery or sports bribery);
  • tax fraud (since 2018); and
  • tax fraud laundering.

The CJIP is a very successful tool that was once frowned upon by the French legal world, which is traditionally reticent to transactions in criminal law. It is now widely accepted and has proved essential to the resolution of many high-profile cases, particularly those involving international cooperation. Including the Airbus settlement and subsequent deals, CJIPs have allowed France to levy more than €3.18 billion in fines since 2017.

These instruments are now a key part of the French anti-bribery enforcement effort and their success has led to their use beyond typical white-collar criminal conduct. The December 2020 Law on the European Public Prosecutor’s Office and Specialised Justice[3] created a specific CJIP procedure to deal with cases of substantial harm to the environment, chargeable under the criminal provisions of the Environmental Code, with a specific monitoring procedure by specialised environmental agencies after a deal has been reached and judicially approved.

Anti-bribery compliance requirements

Throughout 2020 and early 2021, the AFA continued its audits at corporations that are mandated by article 17 of Sapin II to have anti-corruption compliance programmes. Carried out at the initiative of the AFA’s director or upon request of authorities (or approved NGOs), the audits verify that the company has proper compliance programmes in place.

Although AFA investigators do not have the police powers required for coercive searches (unlike competition, tax or judicial police dawn raids), they can request any information or professional document that is useful for the audit and can conduct interviews with managers and employees. Audited corporations cannot claim professional secrecy to decline to answer questions or requests for documents, and individuals or entities may be fined in case of obstruction. [4]

In addition, pursuant to article 40 of the Criminal Procedure Code, the AFA must report any wrongdoing it discovers as part of its mission. This means – the agency’s audit questionnaires being extremely broad – that it frequently refers wrongdoing it discovers to prosecutors (either the National Financial Prosecutor’s Office (PNF) or local prosecutors).

According to the latest data available, the agency referred three cases in 2020 (and, in total, 14 cases since its creation in 2017).[5] The AFA regularly receives reports from third parties, which may inform the its decision to audit an entity (for 17 per cent of audited entities, a credible report was received), and several reports received by the agency in 2020 were directly forwarded to a prosecutor’s office.

In 2020, the AFA initiated 19 new audits of private entities, ranging from €1.4 billion to €200 billion in turnover, and from 2700 to 179,000 employees.[6] To date, it has carried out 125 audits of public and private entities since its creation in 2017.

In 2021, the AFA is expected to continue carrying on its mission across industries,[7] with a major challenge this year for audited entities: after mid-June 2021, the AFA will use the 2021 revised version of its recommendations, published in January 2021.

In 2019 and 2020, the first two cases were brought by the AFA’s director to its independent sanctions board for allegedly defective anti-bribery compliance programmes.

  • The agency’s first case, brought on charges of defective risk mapping, code of conduct and third-party evaluation procedure, was dismissed by the sanctions board, noting for some charges that the corporation had taken swift and appropriate remedial actions after the AFA inspection pointed out some flaws in its programme. The decision also confirmed the non-binding status of the AFA’s recommendations.
  • The second case concerned multiple counts of non-compliance with the Sapin II law and led the sanctions board, for the first time, to enjoin the company to adapt its code of conduct (which did not contain the elements mandated by law and merely redirected to another policy) and accounting controls under penalty of a fine.

While no sanction per se has been imposed so far as at the time of writing, the cases helped establish the AFA as a key enforcement player in the French compliance space and as a credible threat to entities that are being investigated and audited.

The AFA has also integrated some elements of the cases in its new recommendations, notably restating that they have no legal force, but that an entity stating that it has followed those guidelines benefits from a prima facie presumption of compliance with the law. In turn, similar to the ‘comply or explain’ principle used in corporate governance, an entity subject to article 17 of Sapin II that decides not to follow some or all of the of the recommendations must demonstrate that its choices enable it to meet the requirements of Sapin II.

A major reversal on successor criminal liability in France’s highest court

In last year’s version of this article, we highlighted the AFA’s push for anti-corruption verifications in the M&A process through soft law (ie, non legally binding) guidelines as an example of the increasing ‘maturity’ of the French anti-bribery environment because statutes and case law on the issue had remained relatively stable in recent years .

The much publicised November 2020 Court of Cassation decision[8] on successor criminal liability after a merger changes the situation in what many described as a jurisprudential ‘U-turn’. Under previous case law, and in line with the classical French approach assimilating the end of a corporation’s legal existence to the death of a physical person, the surviving corporation could not be prosecuted for the offences of the acquired entity (that ceased to legally exist as a result of the merger).

Although it was consistent with fundamental principles of French criminal law, that approach clashed with the European Court of Justice’s view on the matter, [9] which the French courts resisted. The new approach, which only applies to mergers conducted after the date of the decision, considers that corporations may now be prosecuted for pre-merger criminal conduct of companies they acquire (ie, criminal liability is passed on to the successor company).

This landmark decision has already profoundly altered the M&A negotiation process, with acquiring companies now closely scrutinising criminal litigation risks in the due diligence process, as well as representations and warranties to cover enforcement-related risks. In certain cases, following this new decision, criminal risks can now alter the deal structure altogether, with investors preferring asset deals to share deals to avoid liability.

Following the decision, the AFA issued revised guidance on mergers and acquisitions,[10] which confirms the now-established (but not legally mandated) practice of assessing a target corporation’s situation vis-à-vis bribery issues, for both compliance aspects and possible identified acts of corruption.

The guide offers some advice on the verifications to conduct at every stage:

  • before signing (during the due diligence process if possible);
  • between signing and closing (continuing the due diligence, with a focus on the riskier third-party relationships, accounting controls and the effectiveness of the internal whistle-blowing programme); and
  • post-closing (to fully integrate the target’s compliance programme and investigate issues identified at earlier stages).

This will incite investors to implement those verifications as a default item in their M&A due diligence process (eg, in the form of questions, document requests and eventually dedicated representations and warranties in the contractual documentation) to ensure that all risks are fully disclosed. Given the new case law and the AFA’s efforts to quickly update its guidance on such due diligence, we expect that the agency will consider those verifications as a quasi-requirement in the long term.

Through this process, the AFA also expects that investors who identify issues or wrongdoing early on will have their target conduct an internal investigation, and eventually come forward for a DPA to avoid liability.

A more precise framework for gifts and invitations policies

Another illustration of the AFA’s proactive approach is its effort to provide guidance on gifts and invitations. Until recently, there was no official guidance for the private sector in France, and corporations often modelled their policies on standards applicable in other countries or used a single global policy without any local adaptation.

This ‘copy and paste’ approach sometimes failed to account for local specificities, such as the explicit prohibition by the Criminal Code of ‘private-to-private bribery’.

In September 2020, the AFA published a definitive version of its ‘Guide on gifts and invitations policies for corporations, associations and foundations’[11] to help entities draft their anti-corruption policies on that matter. The guide, while not legally binding, synthetically restates applicable law and will serve as a useful reference tool to draft a policy that takes into account the specificities of French law, regardless of whether the entity can be audited by the AFA.

In its guide, the AFA offers step-by-step guidance on the items to consider when drafting a policy (whether to set fixed maximum amounts, transparency and accounting considerations, etc), alongside examples of problematic conduct that a good policy should prevent.

AFA releases a revised version of its main anti-corruption guidelines

On 12 January 2021, the AFA officially published its new guidelines on anti-corruption programmes (the Recommendations).[12] These replace the 2017 version that was drafted soon after the AFA was created, before the agency had real-world audit experience. The Recommendations are a high-level soft law guidance document that, while not legally binding, allows audited entities that follow them to benefit from a prima facie presumption of compliance with Sapin II.

In its revised 2021 version, the AFA builds on its 2017 guidance by adding practical considerations gathered from its advisory and audit missions, from industry feedback and, in certain cases, by the first AFA sanctions board cases in which non-compliance with the Recommendations was a key issue.

The revised Recommendations include the following elements, among other things:

  • for the first time, a set of high-level recommendations applicable to all entities regardless of their public or private status or their obligation to enact a compliance programme under article 17 of Sapin II;
  • an increased focus on the top management’s involvement, which the Recommendations define more precisely, as they are personally accountable for the entity’s compliance with its obligations under article 17 of Sapin II; and
  • a confirmation of the importance of risk mapping, which should constitute the first step of the compliance programme and must permeate the other measures (code of conduct, training, etc) based on the corruption risks it identified

Interestingly, and even though they are not legally binding in principle, the guidelines themselves set a period of six months during which the AFA cannot use them as part of its audit activity, in order for corporations to have sufficient time to review the new guidelines and fine-tune their programmes if need be.

Judicial enforcement

The Sapin II law’s creation of the AFA and its capacity to audit and administratively sanction corporations does not mean that judicial enforcement (ie, by prosecutors, in contemplation of a trial or an agreement when available) is a lesser legal risk.

On the contrary, in 2019, this article presented judicial white-collar enforcement as getting tougher for the foreseeable future, in view of the €3.7 billion fine for UBS (2018, appeal pending) after the bank refused a CJIP deal for a substantially smaller amount.

Since then, joint guidelines by the AFA and the PNF issued in June 2019 offered a consolidation of the agencies’ doctrines on the prosecution of corruption offences. In the guidelines, the agencies cite the implementation of an effective compliance programme and cooperation of the targeted entity as key factors to reach a CJIP agreement with prosecutors. Although ‘cooperation credit’ is not presented as automatic, the agencies explicitly say that cooperation can reduce penalties. They cite self-reporting and cooperation through internal investigations (turned over to the government) as essential factors for the prosecutors not only to decide whether to allow a transactional outcome, but also to determine the sentence or fine.

The record-breaking sanction of the January 2020 Airbus settlement confirmed that French prosecuting authorities and jurisdictions are now a force to be reckoned with in foreign bribery enforcement. The Airbus investigation involved not only government agencies – the French and British authorities forming a joint investigation team – but also an extensive internal investigation conducted by the targeted company itself to cooperate with the authorities.

The agreements – DPAs in the United Kingdom and the United States and a CJIP in France – were discussed at length in the media for the sheer size of the fines imposed: a combined €3.6 billion in fines, including a public interest fine of more than €2 billion for the French CJIP. Some takeaways from this agreement are worth noting as part of a global view of French compliance law:

For the French compliance and white-collar crime community, this case confirmed the success of CJIPs and the credibility of the PNF as a key prosecuting agency in the global white-collar enforcement space. Starting with its role in the Société Générale DPAs (2018) where it managed to include itself as an equal to the US Department of Justice, the PNF’s willingness to work on transactional agreements has allowed France to assert its role in French-centric cases where US extraterritorial jurisdiction would have gone unchallenged in the past.

The case also highlighted the benefits of cooperation efforts by corporations charged with corruption-related wrongdoing. By conducting an internal investigation of a scale rarely seen in Europe, the company displayed cooperation that was taken into account as a mitigating factor, even though it did not self-report the wrongdoing.

Self-reporting and cooperation are not yet part of the French legal culture, but are increasingly used and promoted in white-collar cases in conjunction with transactional tools in what one may call an ‘Americanisation’ of prosecutorial practices. We expect that the Airbus case will be an important step in future efforts by the AFA and prosecutors to promote such conduct (and, conversely, to seek larger sanctions when corporations do not cooperate).

In 2021, CJIPs are now a fixture of the white-collar environment: the deals concluded to date cover the entire range allowed by law (public and private agent bribery and various forms of tax fraud) and have imposed, so far, more that €3.18 million in fines – an impressive amount for French judicial enforcement. However, a crisis of confidence may be looming, as prosecutors and practitioners are reminded that judicial approval is a key step of negotiated justice for both corporations and individuals in France.

Physical persons being ineligible for CJIPs, the fate of directors, officers or employees involved in (or accountable for) wrongdoing has long involved using, after the corporation’s settlement, a negotiated procedure offering an agreed upon sanction in exchange of a guilty plea (CRPC). The two proceedings are, in practice, negotiated at the same time but remain subject to judicial approval and are, in principle, procedurally separate. This means that there is a risk that judges approve the corporation’s CJIP but not the CRPC for one or more individuals (which would then be sent to trial, defeating, in part, the purpose of negotiated proceedings).

This risk materialised for the first time on 26 February 2021, when the Paris Criminal Court approved the €12 million CJIP for Bolloré SE, a French corporation accused of public agent bribery and fraud in Togo, but declined to validate the proposed sanctions for the CEO and two officers of the corporation (the individuals had agreed to a €375,000 sanction) because they were deemed too lenient.

This very public refusal raised an issue practitioners had long been worried about: are faster negotiated proceedings such as CJIPs any use if directors, officers and employees always remain at risk of being sent to lengthy and taxing criminal trial proceedings? Practitioners, prosecutors and legislators (which had already started proposing amendments on the issue in recent judicial reform bills) are likely to try to solve this issue in 2021 to maintain the credibility of such proceedings and the attractiveness of the French forum to self-report white-collar matters.

Towards a reform of the French blocking statute?

Heavy fines on French corporations on international sanctions matters (such as the US$8.9 billion fine for French Bank BNP Paribas in 2014) or anti-bribery (such as Alstom’s US$772 billion fine in 2014) based on extraterritorial jurisdiction have become a very sensitive issue in the French political space. Several congressional investigations on that matter, ongoing or completed since 2014, and a recognition, across party lines, of the need for more protection of French companies’ data and documents have incited the government to act upon the issue.

Since 1968, the French have had a blocking statute designed to prevent the abuses of entering discoveries or subpoenas on French entities or individuals. It criminalises the transmission of information to foreign courts outside the channels set forth by treaties (such as the 1970 Hague Convention for civil matters or the mutual legal assistance treaties for criminal issues). Although it was applied recently (in an attempt to conduct depositions in the Executive Lifecase), it is widely considered as not strictly enforced (noticeably by the US Supreme Court in its 1987 Aérospatiale decision).

After several failed reform attempts by previous legislatures, French MP Raphaël Gauvain was tasked by the prime minister to write a report on measures to limit the impact of extraterritorial assertions of jurisdiction, which included a possible reform of the French blocking statute. The report, which was published on 26 June 2019, proposes, among other things:

  • stricter enforcement of the statute, with heightened sanctions in the event of transmission of evidence in civil or criminal proceedings (up to two years’ imprisonment and a €2 million fine for physical persons and €10 million for legal entities);
  • mandatory registration with the Ministry of Economy’s economic intelligence office of corporations targeted by foreign investigations: the government may directly conduct the dialogue itself in certain important cases where strategic issues are at stake;
  • administrative sanctions of up to €20 million for physical persons and up to 4 per cent of the global turnover for legal entities (eg, cloud service providers) that unlawfully transfer data abroad in anticipation of litigation: this provision aims at limiting the extraterritorial effects of the US CLOUD Act and its coercion power on French or European companies; and
  • extension of legal privilege to in-house counsel, as only attorneys currently enjoy that protection: this would allow France to align itself with other juris­dictions on the issue, giving corporations the opportunity to assess frankly the legal implications of a situation (ie, without creating incriminating evidence with their work product).

The spirit of the proposed changes is not to block cooperation, but to limit extensive information gathering operations that may have unwanted effects when target entities are deemed ‘strategic’ for the French economy. These follow extensive debates in Parliament[13] and in the media on assertions of jurisdiction by the United States that have sometimes been seen as attacks on strategic players of the European economy.

The prime minister reacted favourably to some of Gauvain’s propositions but, to date, the government has not yet released a time frame for the implementation of such a reform. The reform will be sensitive as it must balance fundamental national economic interests with the necessary leeway companies need to defend themselves.

A draft bill containing some of Gauvain’s recommendations is the next logical step, to which Gauvain alluded to as being ‘possible’ in 2020;[14] however, it has not materialised so far. The Ministry of Justice is working on a bill, temporarily allowing, as an experiment, attorneys to work for corporations as in-house counsel while retaining their title and the protection attached to their communications and workproduct.

In addition to Gauvain’s proposals, EU-level solutions are also in the works:

  • EU projects, including the upcoming e-evidence regulation, are intended to pursue this effort and offer a common defence of EU companies and data while still providing a framework for cooperation against crime.
  • Following its experience with Sapin II, France is spearheading an EU-level push to adopt common legislation on the detection and prevention of corruption. This may imply a new role for the newly founded EU prosecutor’s office, inserted into French criminal procedure law in late 2020, which is, for now, an independent prosecution agency focused on defending the financial interests of the EU across its member states’ courts.

Duty of vigilance Law

Enacted on 27 March 2017, the Duty of Vigilance Law is France’s initiative to promote the accountability of large corporations regarding the prevention of ESG risks related to their operations (including their subsidiaries and business partners, such as subcontractors or suppliers).

Although norms on this topic, such as the UN Guiding Principles on Business and Human Rights of 2011, have long remained non-binding soft law, simply encouraging companies to regulate themselves through the voluntary adoption of internal rules, France’s initiative was original as it initiated a ‘hardening’ of human rights obligations for businesses.

The Law applies to companies with at least 5,000 employees within their company and in their direct and indirect subsidiaries when their registered office is in France, and 10,000 employees when their registered office is located abroad. This includes French subsidiaries of foreign companies or global groups insofar as they meet the above-mentioned requirement.

The ‘vigilance plan’ is the key measure of the Duty of Vigilance Law, requiring qualifying companies to set up a plan containing measures designed to identify and prevent risks of human rights violations, serious physical or environmental damage and safety risks.

In line with the spirit of the Sapin II-mandated compliance plan for bribery, the vigilance plan must cover items such as:

  • risk mapping;
  • procedures for evaluating subsidiaries, subcontractors and suppliers with whom an established commercial relationship is maintained;
  • appropriate actions to mitigate risks or prevent serious violations;
  • a mechanism for alerting and collecting alerts; and
  • a mechanism for monitoring the measures implemented to assess their effectiveness.

The plan must be published in the corporation’s annual report, which can be enjoined to establish and publish a plan if it fails to do so.[15]

In the past few years, NGOs have actively tracked qualifying corporations’ compliance with the law,[16] and some have started to issue official demand letters to corporations. Proceedings were initiated in 2019 against French oil company Total, alleging insufficiencies in the vigilance plan regarding extraction operations in Uganda and pursuing – as a first remedy – an injunction to correct the plan.[17] The case hit a procedural roadblock on 30 January 2020 as the Nanterre Civil Court declined jurisdiction in favour of the commercial court, which plaintiffs consider less likely to support their case. On 10 December 2020, the Versailles Court of Appeals confirmed the decision and the jurisdiction of the Nanterre Commercial Court.

According to a January 2020 government report citing external studies,[18] some eligible corporations are not yet compliant with the law, exposing themselves to major liability and damages in case an incident happens.[19]

Failure to comply with the law (ie, to effectively implement the plan described above) exposes the corporation to a new form of fault-based civil liability in the event of an incident, where it can be liable for damages ‘repairing the harm that [its] compliance with the law could have avoided’.[20]

This means that, although the occurrence of an accident in a subsidiary or subcontractor does not necessarily mean that the corporation is liable (as a fault is required), companies are bound by a duty of care that comprises thoroughly implementing the vigilance plan.

The very broad writing of the law means that only the first liability cases will allow us to grasp its real extent, and assess whether it reached its goal to foster accountability without creating an overly burdensome liability regime.

France, whose approach of ESG issues through ‘hard law’ has so far been isolated, may soon be followed by other European countries (notably Germany) as well as the European Union itself, which is currently preparing a directive on those issues. The European Commission is consulting stakeholders on a contemplated obligation for corporations to perform due diligence on human rights and environmental risks, and the European Parliament adopted, on 10 March 2021, a resolution on the matter, calling for broadly applicable due diligence requirements.[21]

Criminal and administrative procedure: covid-19-related disruptions

To comply with the government’s stay-at-home orders, from March 2020 to May 2020, courts and agencies partially closed and significantly reduced their in-person operations.

Since then, courts have resumed their activities (even as France entered its third lockdown in April 2021), but the accumulated delays have put the French judicial system under stress, with most prosecutors and courts accumulating a larger backlog of cases than usual (about 19,000 additional cases as of September 2020, according to the Ministry of Justice).

Criminal statutes of limitations were suspended from 12 March 2020 to 20 August 2020 (one month after the end of the first ‘state of health emergency’ period declared by Parliament), which means that litigants can also expect procedural debates on that aspect.

Administrative agencies such as the AFA have resumed their audits, but some agencies will need time in 2021 to fully revert back to their normal operations.

The covid-19 pandemic still raises criminal liability issues for private companies, subject to increasingly stringent sanitary and safety requirements. In some cases, authorities and civil plaintiffs have sought to criminalise violations of sanitary rules, notably though reckless endangerment charges. To our knowledge, while several investigations were opened as a deterrent to ensure compliance with restrictions imposed on certain non-essential businesses, only one reported case led to criminal sanctions for reckless endangerment.


[1] This requirement, according to article 17 of the Law, applies to any private company or public entity of an industrial or commercial nature that has: (i) more than 500 employees or is part of a corporate group whose parent company is headquartered in France and employs more than 500 people; and (ii) whose annual turnover or annual consolidated turnover exceeds €100 million.

[2] Criminal Procedure Code, article 41-1-2. For more information on AFA audits, see also AFA’s ‘Investigation Charter’ (last updated in April 2019) on the rights and duties of AFA auditors and audited entities (

[3] Law No. 2020-1672 dated 24 December 2020 on the European Public prosecutor’s Office and Specialized Justice.

[4] Law No. 2016-1691 dated 9 December 2016 (Sapin II), article 4. No case of obstruction was reported in 2020.

[6] AFA, 2020 annual report, p. 17.

[7] See our paragraph on covid-19 disruptions below.

[8] Cour of Cassation, Criminal Chamber, Iron Mountain France SAS,Case No. 18-86.955, 25 November 2020.

[9] European Court of Justice, 5th Chamber, Modelo Continente Hipermercados SA, Case No. C-343/13, 5 March 2015.

[10] AFA, ‘Anti-Corruption Due Diligence for Mergers And Acquisitions’, March 2020 (English version available :

[11] AFA, ‘Practical guide on gifts and invitations policies for corporations, associations and foundations’, definitive version released on 11 September 2020 (English version available:

[12] AFA, ‘The French Anti-Corruption Agency Guidelines’, officially released on 12 January 2021 (English version available:

[13] See, for example, the 2016 report by MPs P Lelouche and K Berger ‘on the extraterritoriality of US law’ following cases on major French companies in the early 2010s.

[15] As the sanctions originally present in the law were declared unconstitutional.

[16] See, for example, the ‘Duty of vigilance radar’ ( created by three NGOs.

[17] For context in English, see, for example, Reuters article ‘Campaign groups accuse Total of breaching French corporate duty law in Uganda’, 25 June 2019 (

[18] Duthilleul, A and De Jouvenel, M, Report to the Ministry of the Economy, ‘Implementation assessment of Law No. 21017-399 dated 27 March 2017 on the duty of vigilance of parent companies’, January 2020, p. 28.

[19] Id., p. 30.

[20] Commercial Code, article 225-102-5.

[21] European Parliament resolution of 10 March 2021 with recommendations to the Commission on corporate due diligence and corporate accountability (2020/2129(INL)) (

Unlock unlimited access to all Global Investigations Review content