COMPLIANCE Challenges and opportunities for the legal profession Introductory Report What is compliance about ? Building and implementing an effective Compliance Program – Nuts and bolts UIA Congress Budapest 29 October 2016 Guido DE CLERCQ Former Deputy General Secretary Engie

COMPLIANCE – DEFINITION Compliance is an approach the goal of which is to achieve such a behavior by the company, its employees and related parties that The legal requirements The expectations, requirements and objectives set by compliance enforcement agencies, acting as guardians of the legal requirements in certain domains (e.g. antitrust; anti-corruption), and The internal rules based on such requirements are actually and entirely complied with by the company, its employees and related parties in such a manner that infringements are avoided

COMPLIANCE – KEY FEATURES 1/2 Relates to behavior rather than values This behavior is in response to a compliance agenda set by enforcement agencies These agencies may decide to focus exclusively on the “supply” side of the equation, not on both - the supply and the demand side Addressing the supply side, these agencies have oriented the compliance agenda towards enforcement, investigations, audits, monitoring and the like

COMPLIANCE – KEY FEATURES 2/2 The company’s behavior is hence focusing on avoiding the consequences of non-compliance with the interests and objectives set by the legislator and the enforcement agencies: i.e. avoiding sanctions or liabilities resulting from infringements of rules as interpreted by the agencies in the light of their policies

COMPLIANCE – A COMPLIANCE ENFORCED APPROACH 1/2 Compliance is compliance with the objectives set by the legislator and the enforcement agencies, i.e. actors other than the company. Compliance refers not only to obedience with law, but also to the manner in which a company has to achieve this obedience i.e. through a compliance enforced approach which is set by strong compliance enforcement agencies and which constitutes a mandatory reference framework, the result of which should be that the rules as interpreted by these agencies in the light of their policies, are not infringed.

COMPLIANCE – A COMPLIANCE ENFORCED APPROACH 2/2 The answer by the company is the elaboration of a robust, dynamic and lasting compliance program with a clear set of objectives which “mirror” these “external” objectives. These objectives and the realisation thereof will be measured by reference to their “effectiveness”: effectiveness “being the sole benchmark of success”.

EFFECTIVENESS 1/2 Effectiveness is defined With regard to expectations etc. set by compliance enforcement agencies, acting as guardians of legal requirements in certain legal domains; Expectations set by compliance enforcement agencies refer to prohibitions; Prohibitions are to be complied with by way of a comprehensive compliance program; Prohibitions are set in an absolute manner with reference to “ norms” including “open norms”; The credibility of the compliance agenda set by the compliance enforcement agencies and hence its effectiveness is challenged given the inclusion of norms, vulnerable to charges of subjectivity, selection bias, etc.. .

EFFECTIVENESS 2/2 Queries: How to integrate the relevant requirements of the other stakeholders? How to integrate a risk based approach? US Department of Justice: November 2015 – The US Department of Justice announces a 7 metrics by which it would judge the effectiveness of a compliance program

COMPLIANCE PROGRAMS 1/4 Are set up by companies in order to respond to the objectives set by the legislator and the enforcement agencies. Compliance programs and multiple domains of compliance: They address multiple domains of compliance: hence multiple enforcement agencies are competing for the limited resources available within a company. One of the consequences thereof may consist in a direct conflict between on the one hand the prioritization by the company among the domains based on a comprehensive risk analysis, and the expectations of the enforcement agencies in charge of the other domains. The latter agencies may therefore challenge the effectiveness of the compliance program related to their domain.

COMPLIANCE PROGRAMS 2/4 Compliance programs and contextual factors: Why do companies and employees behave the way they do? If they look for solutions which are not compliant: what are the internal and contextual factors that will influence them to change their attitudes and to take decisions which are compliant? This behavioral change relates to “behavioral offenses”. Change management is therefore key: leverage on the context companies and employees are involved in and by doing so, create an environment that will induce them to be(come) compliant.

COMPLIANCE PROGRAMS 3/4 Compliance programs , contextual factors and risk management: Contextual factors may induce or hamper effective compliant behavior. Contextual factors constitute an important component of risk management. They represent a critical part of the internal and external risk to be assessed in structuring an effective compliance program. They are to be interpreted in the “to do “ list, the action plan to be set up by the companies under the form of a compliance program in order to respond to the objectives set by the enforcement agencies.

COMPLIANCE PROGRAMS 4/4 Compliance programs are in essence legal compliance programs: Compliance programs are construed in order for companies, employees and related parties to follow the law and the regulations, as read by the enforcement agencies. Compliance programs : lengthy, costly and time consuming investment: Compliance programs require a lengthy, costly and time consuming investment of setting up, mobilising, reporting, monitoring and updating the compliance agenda demonstrating the company’s commitment to compliance.

COMPLIANCE – AN APPROACH TO BEHAVIORIAL CHANGE THROUGH A COMPLIANCE PROGRAM 1/2 Compliance is a matter of law; Compliance is also a matter of making organizations and individuals responsible by being proactive through a comprehensive compliance program, the constitutive elements of which are: Establishing an overall compliance policy supported by an appropriate management system; Establishing such a compliance management system; Leadership commitment to establish a culture of integrity, openness and compliance in order to make the management system successful; Taking measures to implement policies, procedures and controls: these measures are to be reasonable and proportionate according to the risks the company faces with reference to risk factors such as size of the company; locations and sectors in which the company operates; nature, scale and complexity of the operations and of the organization.

COMPLIANCE – AN APPROACH TO BEHAVIORIAL CHANGE THROUGH A COMPLIANCE PROGRAM 2/2 Effectiveness is hence established when a comprehensive compliance program demonstrates that it can achieve the objectives set by the legislator and the enforcement agencies, through a risk based approach that reasonably anticipates, analyses, assesses and prioritizes the non- compliance risk.

COMPLIANCE – AN APPROACH TO BEHAVIORAL CHANGE THROUGH ENFORCEMENT MEASURES 1/2 Group approach: parental liability Civil and administrative sanctions: disqualification; debarment; agreements being declared void and unenforceable; Plea bargaining/settlement accompanied by a mandatory corporate compliance program under the responsibility of a third person;

COMPLIANCE – AN APPROACH TO BEHAVIORAL CHANGE THROUGH ENFORCEMENT MEASURES 2/2 Criminalization and in particular fines, confiscation and imprisonment of executives, employees and officers; Threats: whistleblowing and third party disclosure to enforcement agencies.