open search
close
France Internationales Arbeitsrecht

France: Major changes to whistleblowing laws

Print Friendly, PDF & Email
France

Until recently, there was no obligation to implement a whistleblowing policy in France. However, when such a policy was put in place very strict regulations applied. These included obtaining prior authorisation, which was only very reluctantly granted, from the French data protection agency (the “CNIL”). Law of 9 December 2016 on transparency, the fight against corruption and the modernisation of the economy (referred to as “Sapin II”) created general protection for whistleblowers. It also introduced the following new compliance obligations for companies.

New mandatory obligations

As from 1 June 2017, “large” companies are required to implement an anti-corruption policy. This obligation applies to private companies and public establishments that have (i) at least 500 employees or belong to a group of companies with at least 500 employees whose parent company’s head office is in France and (ii) a turnover or consolidated turnover exceeding €100M.

The anti-corruption plan must include specific measures and procedures, including: a risk assessment, a code of conduct that must be submitted to the employee representative bodies for consultation and be appended to the company’s Internal Rules (“règlement intérieur”), a formalized whistleblowing policy that allows employees to report acts or behaviours that violate the company’s code of conduct, a training program as well as disciplinary procedures.

As from 1 January 2018, companies with at least 50 employees must have a whistleblowing policy in place. A ministerial decree issued on 19 April 2017 (relating to whistleblowing policies implemented by legal entities in the private and public sectors) provides details on the content of the mandatory whistleblowing policies, including those put in place by “large” companies.

Special obligations apply to companies in the insurance, finance and banking sectors that are subject to regulatory monitoring.


Consequences of “Sapin II” on whistleblowing policies

Implementing a whistleblowing policy in France has and will continue to require compliance with several steps, including submission of the policy to the CNIL.

This submission can be made by means of a simple notification (“declaration simplifiée”), if the whistleblowing policy complies with the requirements set forth in the CNIL’s authorisation (“autorisation unique”) no. AU-004. Otherwise, a request for authorisation must be submitted to the CNIL.

On 26 August 2017, the CNIL published a new deliberation that modified authorisation no. AU-004 as follows to take into account Sapin II’s new anti-corruption provisions:

The scope of the whistleblowing policies covered by authorisation no. AU-004 was expanded; they can now be used by employees and “external and occasional collaborators” to report information relating to: a misdemeanour (“délit”) or a felony (“crime”), a serious and obvious breach of an international commitment duly ratified or approved by France, a unilateral act of an international organisation based on a duly ratified international commitment or any law or regulation, a serious threat or danger to the public’s interest of which the whistleblower has personal knowledge, or acts or behaviours that violate provisions of the company’s code of conduct concerning corruption or influence peddling;

Whistleblowing policies must comply with new additional conditions: the company must provide detailed information to its employees and “external and occasional collaborators” on the policy; this information must include a presentation of the different steps of the procedure and identify the person(s) to whom and the conditions under which whistleblowing reports must be made; data making it possible to identify the whistleblower or the person who is the subject of a report may not be disclosed without their consent, except where the information is communicated to judicial authorities; and security measures should be taken to protect personal data and ensure confidentiality, including protection against unauthorised access.

What’s next?

A company that has an obligation under Sapin II to have a whistleblowing policy must:

  • If it already has a whistleblowing policy: verify that its policy complies with the new anti-corruption legislation and, if needed, modify it and re-submit it to the CNIL by means of a simplified notification or a request for authorisation.
  • If it does not have a whistleblowing policy: put one in place before 1 January 2018 following the appropriate procedures (consultation with relevant employee representative bodies and submission to the CNIL).

A “large” company as defined by Sapin II, if it does not now have a compliant anti-corruption plan in place, must implement one as soon as possible.

Lastly, for a company in the insurance, finance and banking sectors that is subject to regulatory monitoring, ensure that it is in compliance with the new obligations applicable to it under Sapin II.

Verwandte Beiträge
Neueste Beiträge Whistleblowing & Investigations

Frist zur Umsetzung der Whistleblower-Richtlinie abgelaufen – und jetzt?

Die Frist zur Umsetzung der europäischen Whistleblower-Richtlinie (EU) 2019/1937 in das deutsche Recht ist am 17. Dezember 2021 ergebnislos verstrichen. Der einst vom Bundesministerium für Justiz und Verbraucherschutz zur Umsetzung der Richtlinie eingereichte Gesetzesentwurf zum Hinweisgeberschutzgesetz ist bereits im April 2021 gescheitert. Längst überfällig, beabsichtigen nun die Ampelparteien der aktuellen Regierungskoalition, das deutsche Hinweisgeberschutzgesetz endlich auf den Weg zu bringen. Doch was gilt in der…
Neueste Beiträge Whistleblowing & Investigations

Internal Investigations – gute Planung ist (fast) alles

Internal Investigations betreffen mehr als die Aufklärung strafrechtlich relevanter Sachverhalte zum Schutz des Unternehmens. Eine saubere Aufarbeitung von Problemthemen kann bereits auf weit „harmloserer“ Ebene angezeigt sein. Eine gezielte Planung der Untersuchungen beeinflusst die Qualität der Ergebnisse sowie deren rechtliche Verwertbarkeit. Internal Investigations werden in Unternehmen immer häufiger durchgeführt und sind zum Alltag in der Beratungspraxis geworden. Ihr Anlass kann verschiedenster Art und Schwere sein…
Compliance Neueste Beiträge Whistleblowing & Investigations

Interne Verhaltensrichtlinien und Whistleblowing-Meldesystem – wie sich beides vereinbaren lässt

Ende des Jahres läuft die Frist zur Umsetzung der Whistleblower-Richtlinie (EU) 2019/1937 ab: Sie sieht vor, dass bestimmte Unternehmen nach näherer Ausgestaltung durch ein nationales Gesetz dazu verpflichtet sind, ein Meldesystem einzuführen, mit dem Verstöße gegen EU-Recht vertraulich gemeldet werden können – doch ein solches nationales Gesetz gibt es noch nicht. In diesem Beitrag zeigen wir, wie Unternehmen Verhaltensrichtlinien und Meldesysteme schon jetzt so gestalten…
Abonnieren Sie den KLIEMT-Newsletter.
Jetzt anmelden und informiert bleiben.

Die Abmeldung ist jederzeit möglich.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.