Developing a Compliance Program

A checklist outlining the key steps to take and the main issues to consider when developing a compliance program, including overlaps with the environmental, social and governance (ESG) framework.

What Delcade can do for you ?

The firm’s multidisciplinary team assists companies in the implementation and monitoring of these risks prevention, governance, and ethical standards in application of laws and regulations relating to inter alia anti-corruption (Sapin II Law), EU and French competition law, the GDPR, the duty of vigilance and the fight against money laundering, the French foreign investment control scheme:

• Risk audit (criminal and regulatory but also ethical), corporate governance audit.
• Implementation of internal compliance procedures.
• Training of managers and employees.
• Assistance in the context of investigations.
• Assistance in the negotiation phase with the European Commission and the French Competition Authority (leniency programs or settlement procedures) and assistance in the context of competition investigations.
• Assistance in the negotiation phase with the French Treasury and assistance in the context of the foreign investment review.
• Assistance in the context of investigations in other fields (GDPR).

Why develop a Compliance Program?

The global compliance landscape is increasingly complex and creates significant challenges and opportunities for businesses. A robust and comprehensive ethics, risk and compliance program requires extensive planning, strategic thinking and coordination of numerous different resources and business functions. It is however the most effective means of:

• Navigating the array of laws, regulations and non-binding codes and frameworks that govern the current business environment.
• Protecting the business and reducing the costs associated with getting it wrong.
• Helping to manage wider ESG challenges and opportunities.

What Is a Compliance Program?

An effective compliance program brings together a company’s policies, procedures, training, controls and other compliance efforts. It requires the company to:

• Carefully examine its business activities.
• Identify areas of risk.
• Design, implement and maintain a system that effectively:
  • promotes a culture that encourages ethical conduct and compliance.
  • prevents and detects breaches of laws, regulations, and policies.

Our approach

1. Identify and Assess Risk

Our lawyers identify the key risks faced by the company:

• Examine its business activities to assess where risk lies and the scope of those risks.
• Review the legal, regulatory, and contractual obligations applicable to the company and industry.

This will involve consideration of geographical differences, including where:

• Operations, suppliers, customers and employees are located.
• Materials are sourced.
• Key business partners operate.
• Review customer complaint information, prior misconduct and customer or employee surveys.
• Conduct due diligence on third parties, including:
  • Agents, consultants and other third-party representatives acting on your company’s behalf.
  • Target companies in a merger or acquisition.
  • Joint venture, investment or other business partners.
  • Entities in your company’s value chain.

2. Create a Risk Matrix

 Once the key risks have been identified, we create a risk matrix that will:

• Identify applicable risks.
• Classify the nature of the risk (such as strategic, credit, market, operational, reputational).
• Assess the level of risk for each risk area.
• Quantify the likely cost to the company if the risk occurs.
• Assess and rank the quality of existing controls to address the risk.
• Calculate the residual risk level after taking account of existing controls.

3. Key Elements of an Effective Ethics, Risk and Compliance Program

Once the company has identified and ranked key risks in order of priority, it will need to:

• Design the compliance program, including policies and processes, to address those risks.
• Implement the compliance controls.
• Communicate compliance requirements, including through training.
• Where needed, manage external investigations, litigation, and enforcement.

Our multidisciplinary partners

Our compliance services require strong interaction with experts other than lawyers.

To this end, DELCADE has established privileged and trustworthy relationships with service providers, such as auditors, consultants, investigators, and accountants, so that they can contribute their references, skills and know-how.

Examples of services

• Assistance in the implementation of compliance programs (whistle-blower hotlines, anti-corruption systems (Sapin II))
• GDPR audits
• Internal investigations
• Regulatory audits
• Defense of corporate client and its chief executive officer in the construction sector (corruption, money laundering, transport)
• Defense of corporate client and its chief executive officer in for alleged violations of safety regulations, manslaughter / involuntary manslaughter
• Defense of several oil pipeline companies for alleged environmental violations
• Regulatory advice and audits for cosmetic laboratory for the sale of its products on French territory
• Assistance to a French industrialist for the marketing of a chemical product
• Assistance to various groups (industry and services) in cases of alleged anti-competitive agreements
• Internal investigations and defense of a French company in connection with alleged regulatory violations in the United States
• Assistance of various companies to file applications to the European Commission’s or the French Competition Authority’s leniency programs and during the competition investigation initiated following the application
• Assistance of a foreign investment fund to determine whether a closed investment fell within the scope of application of the French foreign investment control scheme, the notification of the closed investment and the sanction procedure