In order to better understand how corruption and corruption risks are perceived and managed by French companies, The Red Flag Group asked a panel of senior French compliance and risk professionals their views, which they have provided in a series of interviews and written responses. To provide a wide view across France, we comprised the panel from a cross-section of industrial sectors – from outsourcing service providers through to small- and large-scale manufacturing and distribution – all of whom have a global presence.
We are therefore very grateful for the contributions of:
Florence Ascher, Group Risk Manager & Chief Compliance Officer at Rexel, a global leader in the professional distribution of products and services for the energy world
Alexandre Menais, Group General Counsel of the IT and outsourcing services company Atos
Pedro Montoya, Chief Compliance Officer of the aerospace and defence manufacturer EADS
François Le Maistre, who manages vehicle maker Renault’s fraud and bribery prevention project.
The first question presented to the panel regarded whether corruption is one of the top risks that French compliance departments are asked to deal with. As expected, the responses to this depended largely on the industry sector involved. For EADS and Renault corruption is clearly in the top risks, but there was recognition from the other members of the panel that for smaller businesses and customer-type companies, and for those with a more-local outlook, product liability is a larger risk. It was also suggested that even for large global companies anti-trust and data protection tend to be higher on the list.
When asked whether moves into emerging markets changed their view of corruption risks, there was a consensus amongst the panel that this was a factor, both in increasing awareness and in the provision of resources. The panel also agreed that even though they feel senior management has some understanding of the risks they take when conducting business abroad, there is still work needed to educate them further.
There was a distinction between members of the panel as to whether businesses should be focused solely on mergers and acquisitions in these locations, or whether consideration of active supply and distribution chains should be included. This inconsistency in opinion indicates that there continues to be differences in how the emerging markets are viewed by different companies. Again the case of company size was raised, and M. Menais indicated that smaller French firms struggle with raising the resources and support needed to implement programmes against foreign bribery and corruption attempts, whilst the larger French corporations with activities in emerging countries (such as Renault) are developing strong compliance programmes to tackle this issue.
M. Montoya made the important point that many of the emerging markets have already emerged, and the enforcement risks that he is concerned about are coming from that direction rather than from the FCPA or from the United Kingdom Bribery Act. He also noted that, for companies acting in global markets, it is not just one country’s legislation that matters – all legislations need to be considered.
Following on from a discussion on the current perception of corruption, the panel was asked whether the prosecution and large fines levied against Total under the FCPA had any significant impact on that perception. The panellists all agreed that the Total case has not noticeably changed the views of French companies about corruption. However, when asked about why they thought it had not significantly changed French companies’ views, the panellists considered that there were many reasons. Some thought that Total’s high risk of corruption was more about the industry Total is in rather than the country, because the oil and gas industry has had similar issues in the past. For others it was because Total is seen as a very politically-connected company, so it did not surprise them that the company was involved in more difficult ethical situations. There was also a feeling that because Total is a large, politically-connected state enterprise, the French public would expect them to further the interests of the French state in bringing jobs and revenue.
This result led to a discussion about when consciousness of corruption risks had actually changed in France, with half of our panellists suggesting that the implementation of the Bribery Act in 2011 had significantly heighted awareness and forced companies to consider their internal procedures. The other panellists, however, thought that the Bribery Act did not cause them any great change, as their existing corruption policies (albeit FCPA-focused) were sufficient, or because they believe it is their reputation (and those of their partners and customers) that drives awareness within their business rather than any legislation.
Given that the panel agreed there was a lack of impact from the Total enforcement, they were asked what they thought would influence the perception of corruption in France. Most considered that it would take the prosecution of a large French company who was not in a challenging industry like oil extraction. M. Montoya considered that it would take an action like the implementation of the 2009 OECD Anti-Bribery Recommendation, which suggested that firms need to have an effective compliance programme to be eligible for public procurement and that those firms who had been found to have bribed would be barred from public procurement. This would make the implementation and enforcement of rigorous controls into a competitive advantage for those who remained free to bid for public work.
None of the panel suggested that strengthening French anti-corruption laws was either necessary or would provide any great change to the perception of risk.
The next set of questions considered the maturity of anti-bribery compliance programmes within French companies, including those that the panel are running themselves and those of their peers.
The responses were fairly consistent, with the panel admitting that the maturity of programmes in France is not as great as the maturity of programmes they know of in American corporations, given the length of time that they had been running and the enforcement environment they exist in. An opinion was provided that less than one-quarter of the CAC 40 companies had what might be considered a robust anti-corruption programme by United States standards. There was, however, a sentiment that the programmes were of a similar standard to those in the United Kingdom and other European countries, and that the gap with the United States is closing.
There was recognition of variances between the standards of programmes of different industries, with the financial services sector leading the way due to the high level of regulation. M. Menais believes that, while French companies have been slower to start, they have taken the right approach in taking their time to define the model that works best for them (rather than jumping into strict regulations like what happened around Sarbanes-Oxley Act compliance).
When asked about the areas where French companies are doing well, it was generally considered that codes of conduct and ethics are well understood and used, and have been for many years. Many companies also employ a deontologue who provides ethical advice and guidance but is not necessarily involved in the compliance function.
It was also expressed by the majority of the panel that they believed the communication of their codes was well managed. Most have feedback methods (such as surveys) to ensure that their tone and messages are broadly received throughout the business.
[On the topic of codes of conduct, The Red Flag Group is currently undertaking a country-based review of codes of conduct, with the review for France due in early 2014.]
Lastly, the panel was asked to provide guidance for any French company that is currently without a robust compliance programme.
On this point there was near unanimity from the panel. They outlined the following steps:
- The first place to start is with a risk assessment. Without a clear and honest assessment of your business risks it is very hard to know where to focus your energy.
- Once you have a clear set of risks defined, the next step is to gain buy-in and messaging from the top of the organisation. It is vital to ensure that you don’t leave compliance to other functions like legal or social responsibility – it must be owned by the board and the business.
- Fight for and ensure you get the resources you need to properly manage the risks identified. This is not always easy, but you will know you have achieved buy-in from the top when that level of management provides you with access to the resources you have asked for (whether financial or personnel).
- Define realistic milestones. A company cannot decide one day to implement compliance immediately; it needs to be deeply embedded in the life of the company so that it becomes a true element of performance. Don’t expect compliance to be immediate.
Although there are always many points of view on a subject as broad as perception of risk, there does seem to be a significant level of agreement amongst the panel on a number of the areas covered. From this discussion it is clear that the risks of corruption are becoming better understood in France, but there is a long way to go.
The Red Flag Group is very appreciative to the panel for sharing their insights and for the very open dialogue that they provided.