Published on 26 February 2021 by Soulier Avocats

The French Anticorruption Agency publishes its new guidelines

On January 12, 2021, the French Anti-Corruption Agency (Agence Française Anticorruption, hereinafter “AFA”) published its new guidelines which will serve as the reference framework for its investigations, effective from July 13, 2021.

These new guidelines, which are both more demanding and pragmatic because they have been adapted to take into account the inspections and audits carried out by the AFA since the entry into force of the former guidelines, deserve, in our opinion, the full attention of entities subject to Article 17 of the Sapin II Law[1].

Instead of the 8 measures of the Sapin II Law to which was added the necessary involvement of the top management, the AFA structured its new guidelines[2] around three inseparable pillars:

  • Commitment of the top management;
  • Knowledge of risks through risk mapping; and
  • Risk management through the implementation of the measures provided for in Article 17 of the Sapin II Law.

With these three pillars in mind, the AFA drew up general recommendations applicable to all organizations (1), as well as specific recommendations applicable to the entities subject to Article 17 of the Sapin II Law (the “Entities subject to Article 17”) (2). The AFA also set specific recommendations for public sector entities (3).

1. The general recommendations of the AFA

First of all, the AFA drew up recommendations intended to help private law and public law legal entities, without any size- or activity-related requirement, prevent and detect facts, in particular, of corruption, influence peddling, extortion by public officials, favoritism, etc.

As such, it calls on all entities to fight against corruption by implementing measures adapted to their size and risks.

Although the AFA does not have the power to sanction or even control these entities, it nevertheless seems to encourage them to carefully analyze the risks to which they are likely to be exposed in order to better anticipate and avoid them.

In our view, these general recommendations should encourage organizations – even those that are not subject to Article 17 of the Sapin II Law – to stay alert and take an interest in anti-corruption issues.

Without necessarily establishing a risk mapping as complex as that provided for under Article 17 of the Sapin II Law, these entities could nevertheless draw up documents listing the risks to which they are likely to be exposed. In a context where the processes of control of external staff are on the rise, it cannot be excluded that their contractors may require it.

2. The specific recommendations to the entities subject to Article 17 of the Sapin II Law[3]

Extension of the relevant offences

The AFA makes an extensive interpretation of the Sapin II Law and the targeted offences. Indeed, while Article 17 covers only two offences (bribery and influence peddling) and Article 1 covers six, in its new guidelines, the AFA summarizes all these offences under the umbrella concept of “corruption”. In so doing, it extends the relevant sanctions/penalties within the meaning of Article 17.

In addition, the AFA advises Entities subject to Article 17 to also focus on offences that may constitute the “premise” or “consequence” of corruption, i.e., the offences of forgery, misuse of corporate assets, concealment or money laundering.

Crucial commitment of the top management

In these new guidelines, the AFA has decided to make the commitment of the top management a crucial component in the establishment of the anti-corruption program.

The AFA therefore calls on managers to be committed to a proactive approach to preventing and detecting probity breaches. It also requires them to implement appropriate means.

In order to make the top management more responsible, the AFA also points out that the top management is “personally responsible for the design, deployment and control of the program, even when it entrusts its implementation to a staff member” and stresses that it is therefore responsible for providing all the necessary resources and for ensuring that the program works properly by examining the results.

In short, the AFA calls on the top management to be really committed to the fight against corruption, which should result in a real change of culture within the entity, and to implement strong communication on the anti-corruption policy put in place.

Precise mapping of the risks of probity breaches

The AFA emphasizes the role of risk mapping as a “cornerstone” of anti-corruption policy, as it allows for the determination of preventive and detection measures.

In its new guidelines, the AFA gives to risk mapping a more significant role and provides further details on the methodology.

In particular, it specifies that the company’s risks should be identified by detailing all the processes step by step. These gross risks are then assessed according to scales and severity coefficients established according to the nature of the relevant entity’s activity, the countries it works with, its type of clientele, etc.

The AFA also specifies that the relevant entity should then assess these risks in light of the preventive measures that have been taken.

In this respect, the AFA stresses the importance of establishing a specific mapping of the entity, taking into account its particularities (including, but not limited to, competitive and regulatory context, value chain, internal organization and decision-making circuits, etc.).

The AFA considers that this method must provide a “reasonable assurance that the risks identified are a true reflection of those to which the organization is actually exposed” and enable action plans to be devised to ensure that these risks are controlled.

Establishment of effective tools to control the risks of probity breaches

The AFA strengthens the process and its requirements for formalizing the handling of reports made through a whistleblowing scheme, third party due diligence process, and control and audit rules.

The AFA confirms that the anti-corruption code of conduct must be incorporated into the internal rules and regulations and that – insofar as this does not hinder its effectiveness – it can be common to all group companies. While the AFA states that it does not apply to external and occasional staff, it nevertheless specifies that it can be considered as an external communication tool.

With regard to the internal whistleblowing scheme and in particular its interaction with that provided for in Article 8 of the Sapin II Law, the AFA recommends – for readability purposes – to set up a single scheme by opening up the possibility to make a report to the employees of the entity as well as to external and occasional staff.

Finally, the AFA places real emphasis on the need to raise awareness among the entity’s workforce about the fight against corruption. In particular, it mentions general training on corruption as well as more specific training depending on the level of risk exposure of the relevant employees.

3. Specific guidelines for public sector entities

In line with the guide entitled “Controlling the risk of corruption in the public procurement cycle” it published in June 2020, the AFA established guidelines applicable to public sector entities.

In particular, the AFA published an Annex No. 2 that includes risk scenarios specific to public sector entities.

Despite the AFA’s obvious efforts to fight corruption in the public sector, it is regrettable that only public industrial and commercial establishments with more than 500 employees and a turnover of more than 100 million euros are subject to Article 17 of the Sapin II Law. The other public sector entities are only asked to implement whistleblowing schemes.


While – as recalled by the AFA – these guidelines do not, as a matter of principle, create an obligation, they are nevertheless intended to serve as a reference system and the entities that have followed them will benefit from a rebuttable presumption of conformity. It will be up to the AFA to demonstrate that the application of these guidelines has not been correct, effective and regular. In the end, it can only be recommended to the Entities subject to Article 17 to comply with them as much as possible and for other organizations to start building on them.

[1] Adopted by the French Parliament on November 8, 2016, the “Sapin II Law” was primarily designed to strengthen the French anti-corruption arsenal and introduced new measures to prevent and penalize corruption. See our article entitled Adoption of the “Sapin II Law”: Strengthened anti-corruption enforcement arsenal and changes to the rules governing business relationships published on our Blog in November 2016.

[2] AFA’s new guidelines (in French only) are available on the following website:

[3] Article 17 applies to any private company or public entity – having its headquarters in France or being a subsidiary of a parent company headquartered in France – with more than 500 employees and with an annual turnover or annual consolidated turnover in excess of 100 million euros.