Compliance has been a key topic of interest for all professionals the last couple of years. Big operational challenges, risks associated with the way professionals conduct business and many other cyber and privacy threats are the key issues concerning the compliance profession today. In this respect the International Compliance Conference organised by the Cyprus University of Technology is targeting to provide professionals with the required tools and knowledge to be able to carry their daily tasks with ease and see the bigger picture regarding all compliance-related matters.
We spoke with Maria Lancri, a French lawyer practicing as a Counseil with GGV Avocats à la Cour – Rechtsanwälte and keynote speaker of the conference to give us her thoughts about the latest developments in the compliance area.
Maria assists and advises international companies in French, English and Spanish in business law and in compliance matters: data protection, corruption, product safety, distribution, competition law. She has been involved in the discussion of the new French Sapin II law as part of the team proposed, as a member of the ACE’s International Section, amendments to the parliament on behalf of the ACE (Association des avocats conseils d’entreprises).
Legal News Cy: Give us an overview of the current global landscape regarding compliance? Which are most recent developments?
Maria Lancri: Compliance started mainly as soft law and is becoming more and more hard law. I believe this is the main change we have seen these last years.
Antitrust Compliance is something that is well known in most of the countries nowadays. Fight against corruption or the screening of suppliers for human rights compliance and all CSR matters came in later on.
Many countries have now published laws regarding the fight against corruption, for instance, the UK a few years ago now, Brazil, and France in 2016.
The French Sapin II Law asks large companies to have an anticorruption compliance program. Some countries like Italy and Spain have gone for a more general risk assessment of all criminal sanctions.
With the internationalization of the supply chain, and after the Rana Plaza collapse, a new field of compliance is on the rise, respect of human rights: California Chain Transparency Act, the UK Modern Slavery Act. France adopted in 2017 the Law on Duty of Care. It is not limited to compliance with human rights and has a larger scope that embodies environment and health and safety.
LNCY: How do you believe the latest changes in the 5th EU AML directive will affect professionals for the years to come?
ML: Anti-money laundering is a domain of compliance that is constantly evolving considering the evolution of the risks (money laundering further revealed by the Panama Papers and fight against terrorism). With the 5th Directive, or rather the revision of the 4th Directive, the EU seeks to most notably increase transparency on beneficial owners, to control the use of virtual currencies and to enhance due diligence on high risk third countries.
For instance, beneficial owners registry is going to become public which is going to facilitate screenings of third-parties for AML and anticorruption issues.
The Directive is not yet formally endorsed by the Council and provides for an implementation for the end of 2019. It is going to extend the scope of professionals submitted to these obligations and to raise the screening obligations that professionals have.
Note that the French agency in charge of AML controls, Tracfin, is seeking this enhancement of the controls. It has declared many times that the obligation to control AML practices is on all professionals and that it is not because in a specific deal, one of the professionals involved (such as a bank or the public notary) is currently screening the parties for AML issues, that the other professionals should rely on that first assessment. They should do another screening themselves.
In France, lawyers are not fully applying this obligation as they believe it could chock their clients. Also, both to facilitate the exercise of this obligation and preserve legal privilege, which is an essential tool when it comes to assist clients, the French National Bar Association has obtained that lawyers are not to report of suspicion directly to the authorities, but rather through their Bar Association. This practice should remain under the revision of the 4th Directive.
LNCy: Which is your biggest concern regarding the new GDPR? Do you think Europe is ready for the enforcement of such a regulation?
ML: We are now 2 or 3 weeks after the entry into application of the GDPR. Everybody was kind of frenzy to be able to modify their data protection policies and their consent forms on time, although this was not expressly required by the new Regulation. But this was also part of a marketing trend to allow companies to communicate and show their customers that they care about their data, at first for companies operating in BtoC, but in the end, also for those into BtoB.
The important thing for companies is to be able to process data in a secured way and in conformity with the processing principles, although the processing principles are actually the same ones than the ones that existed under the old Directive of 1995.
The GDPR most difficult issue for the companies to adopt and the reason why recent studies show that around half of the companies are not ready yet, is the implementation of the accountability principle. This is the main innovation: data processors do not have any longer to register their data processing, they rather have to be able to show, at any time, that their processes do comply with the GDPR obligations and thereby do ensure protection of data. To achieve this obligation, it means that companies have to modify their internal procedures to make sure that from the 1st step, at the time the data processing was designed, until they cease to use the data, privacy principles are integrated and they are capable of demonstrating it.
LNCy: Which are biggest challenges compliance officers/compliance professionals face nowadays?
ML: The biggest challenge these days as a compliance officer or a compliance professional is to convince corporate officers and managers to invest in compliance, to invest in people and to grant them a decent budget to implement all these new laws and regulations.
Companies do not want to spend too much on legal matters and changing internal procedures unless it is fully necessary. As a matter of fact, traditionally legal budgets are spent either on litigation, to be able to preserve the business or on mergers & acquisitions to expand the activity.
It is therefore difficult to be able to deploy and control simultaneously compliance programs on all these new legal texts: GDPR, Sapin II, human rights/duty of care with a tight budget.
In France, Compliance people have to find a way to be granted a raise of their legal budget: one way is the fear of litigation and heavy sanctions, but this is not a virtuous one, the other way is to accompany a change of culture and values of the company and to show that to enhance business ethics will actually benefit to the image and reputation of the company.
LNCy: Give us a brief overview of your presentation and what you will be talking about at the conference.
ML: I thought it would be interesting to show, and this is complementary to the previous question, that compliance concerns all companies and not only the ones that are within the exact scope of application of these laws.
It might be that a company is not in the scope of these laws, because it is too small or because they do not have such a regulation in their country, but when it wishes to contract with bigger companies, the agreement proposed by these bigger companies is going to comprise important compliance obligations and audit rights. This is when they are going to have to implement compliance programs if they have not done so yet, and when compliance people are going to get their budget.
To conclude, being compliant can also be an asset from a marketing standpoint. If you are not convinced, you can refer to the reports posted online by companies submitted to the UK modern slavery act obligations. If the content of these reports is originally legal, the way they are drafted and presented shows that companies used it as a marketing tool for reassuring their customers that they do care about human rights and that it is a serious criteria when it comes to the selection of their suppliers.