Officially designated as the law on transparency, anti-corruption and economic modernisation, it aims to bring France up to the highest international standards. Its primary ambition is to prevent and detect corruption and influence peddling, whether committed in France or abroad. This legislation imposes a strict framework on large companies and their executives, encouraging them to adopt a proactive approach to ensuring impeccable ethics in the conduct of their business. The objective is no longer simply to punish, but to establish robust prevention mechanisms at the very heart of corporate strategy.
One of the pillars of this law is undoubtedly the creation of the French Anti-Corruption Agency (AFA). This new independent administrative authority has a dual mission. On the one hand, it provides advice and support to economic and public actors to help them implement prevention and detection measures. On the other hand, the AFA has supervisory powers enabling it to verify the reality and effectiveness of the measures deployed within organisations. Its recommendations and reports are valuable tools for guiding companies in their compliance efforts and for assessing the maturity of their anti-corruption programmes.
Beyond simple regulatory compliance, the spirit of the Sapin 2 law is to foster a genuine culture of compliance within organisations. It is no longer a matter of ticking boxes, but of making ethics a fundamental pillar of governance and day-to-day operations. This approach requires the involvement of all levels of the company, from senior management to the employees most exposed to risk. Preventing corruption thus becomes a shared responsibility, promoting transparency and strengthening the confidence of business partners, investors and the public. The success of the system depends on the sincere commitment of management to promoting integrity.
Finally, another fundamental objective of the law is the protection of whistleblowers. Recognising their crucial role in detecting breaches of integrity, the legislator has established a protective status for individuals who, in good faith, report acts of corruption or other serious offences of which they have become aware in a professional context. This measure aims to guarantee the confidentiality of their identity, protect them from possible reprisals and ensure that their reports are dealt with diligently. The establishment of a secure internal reporting channel is one of the key obligations imposed on companies covered by the scheme.
The obligations imposed by the Sapin 2 law
The Sapin 2 law does not merely set out general principles; it requires the companies concerned to implement a compliance programme structured around eight mandatory pillars. This obligation applies to companies with more than 500 employees and consolidated turnover exceeding €100 million, as well as to their managers, who are responsible for ensuring its implementation. These measures, which must be tailored to the size and risk profile of each company, are designed to form a comprehensive and consistent prevention and detection system. The entire programme must be based on a precise analysis of threats, formalised in a corruption risk map, which serves as the foundation for the entire system.
Development of an anti-corruption code of conduct
The code of conduct is the cornerstone of the compliance system. Incorporated into the internal regulations, this document must clearly define and illustrate the different types of behaviour that may constitute corruption or influence peddling. It is not simply a legal document, but a practical guide for all employees and managers within the company. It reflects the commitment of senior management to integrity and establishes clear ethical rules for risky situations, such as gifts and invitations, relations with public officials, and sponsorship. Its dissemination and understanding by all are essential to establishing a culture of integrity.
Implementation of an internal alert system
An essential complement to the code of conduct, the internal whistleblowing system allows information about potential breaches to be reported. The company is required to implement a secure channel for collecting reports from employees or external collaborators. This procedure must guarantee the strict confidentiality of the person making the report, the facts reported and the persons concerned. Each alert must be handled diligently and impartially by competent and trained individuals. This system is a valuable detection tool that enables the company to identify and address compliance risks before they escalate into legal or reputational crises.
Customer and supplier evaluation procedure
The risk of corruption does not only come from within. It is often linked to interactions with third parties. The Sapin 2 law therefore imposes a procedure for assessing the situation of customers, primary suppliers and intermediaries in relation to risk mapping. This process, often referred to as “due diligence”, involves assessing the integrity of business partners before entering into a business relationship and throughout its duration. The aim is to verify their reputation and probity and to ensure that they offer sufficient guarantees in terms of anti-corruption measures, thereby reducing the company’s exposure to external risks.
Establishment of accounting and financial controls
Financial transparency is a bulwark against corruption. The law requires the implementation of internal and external accounting controls to ensure that the accounts do not conceal acts of corruption or influence peddling. These procedures may include double validation mechanisms for payments, specific audits of the most exposed transactions, or enhanced controls on expense reports and sponsorship contracts. A robust and documented control system ensures the traceability of financial flows and discourages any attempt to conceal illegal operations.
Deployment of an employee training programme
No matter how sophisticated an anti-corruption system may be, it will only be effective if staff are made aware of it and trained in its use. It is essential for companies to implement a training programme for managers and staff who are most exposed to the risks of corruption and influence peddling. This educational approach should enable them to understand the implications of the law, master the content of the code of conduct and adopt the right reflexes when faced with a risky situation. To meet this obligation, it is crucial to rely on an anti-corruption training programme that is both engaging and adapted to the operational realities of each profession. Learning by experience is often the most effective method for embedding good practices in the long term.
Implementation of a disciplinary sanctions system
To ensure credibility and compliance with the code of conduct, the company must establish and formalise a disciplinary system in the event of proven violations of its rules. This system must be proportionate to the seriousness of the violations and comply with labour law. Clear communication about the existence of these sanctions has a deterrent effect and reinforces the message that no deviation from the company’s ethics policy will be tolerated. This is essential to the consistency of the entire compliance programme and the authority of the manager who oversees it.
Monitoring and evaluation mechanism
Compliance is not a one-off project, but a process of continuous improvement. The final requirement is to establish a system for internal monitoring and evaluation of the measures put in place. This monitoring ensures that the anti-corruption programme remains effective and appropriate over time. This involves implementing the management and continuous improvement of the anti-corruption programme by conducting audits, analysing incidents and updating the risk map in line with changes in the company’s activities and environment. This monitoring report is a key element for management and for the AFA in the event of an audit.
Practical guide to applying the Sapin 2 law in companies
Compliance with the Sapin 2 law may seem complex, but a methodical approach can transform it into a genuine corporate project that brings value and meaning. The first and most fundamental step is the unwavering commitment of senior management. The CEO must embody this zero-tolerance policy towards corruption. This commitment must not be merely superficial; it must be demonstrated through the allocation of sufficient resources, clear and regular communication, and personal involvement in steering the programme. Without this support at the highest level, any compliance initiative is doomed to remain a mere administrative formality with no real impact on the corporate culture.
Once management support has been secured, the groundwork begins with a tailored risk mapping exercise. This exercise forms the foundation on which the entire anti-corruption programme will be built. It involves identifying, analysing and prioritising the corruption risks to which the company is exposed due to its business sectors, geographical locations or internal processes. A detailed analysis of interactions with third parties, particularly commercial intermediaries or strategic suppliers in high-risk areas, is particularly crucial. This document is not static; it must be periodically reassessed to reflect changes in the company and its environment.
Based on this analysis, the company can then implement measures proportionate to the risks identified. The AFA emphasises this pragmatic approach: prevention and control efforts must be concentrated where the risks are highest. For example, third-party assessment procedures will be much more thorough for a strategic consultant in a country considered to be at risk than for a local office supplies supplier. Similarly, the code of conduct must address, with concrete examples, the ethical dilemmas that employees are most likely to encounter in their duties. It is this adaptation that guarantees the operational effectiveness and relevance of the system.
The roll-out of the compliance programme is inseparable from communication and training tailored to each audience. A code of conduct or procedure is only effective if it is known, understood and mastered by the teams. It is therefore essential to implement awareness-raising initiatives that go beyond simply distributing documents. Organising engaging training that places employees in real-life situations and helps them develop the right reflexes is a key factor for success. Innovative approaches, such as mobile training on anti-corruption, make it possible to effectively reach staff in the field and reinforce prevention messages. The aim is to make every employee an active participant in the ethics policy.
Finally, the application of the Sapin 2 law does not end once the eight measures have been implemented. For the system to be sustainable and effective, the company must establish a culture of continuous improvement. This involves monitoring performance indicators, conducting internal audits and, above all, analysing feedback, whether it be alerts received or difficulties encountered by operational staff. Every incident or near-incident must be an opportunity to learn and strengthen the control system. This dynamic management ensures that the compliance programme remains a living tool that provides lasting protection for the company, its managers and its employees against the risk of corruption.
