Of Anglo-Saxon origin, compliance was first introduced in European countries in response to the extraterritoriality of American law used in a context of economic intelligence, or even war[1].

But the term "compliance" is a broad one and covers various essential aspects of business ethics and the law that are more or less developed in our European law - some, for which Europe is a reference, such as human rights, competition law and the protection of personal data; others, for which Europe continues to make progress, such as the battle against money laundering, cybercrime or fraud against the financial interests of the European Union with the creation of the European Public Prosecutor's Office[2]; others for which Europe needs to position itself or coordinate better, such as the fight against corruption and the rules of good governance.

Several definitions of "compliance" have been put forward, and Professor Marie-Anne Frison-Roche's definition "as the obligation of companies to show that they are permanently and actively complying with the law", but also "as the obligation or willingness of certain companies to achieve 'monumental goals' that go beyond economic and financial performance alone"[3] highlights both its breadth and its multifaceted character.

Paradigm shift in compliance, a challenge for European companies

The converging point of these definitions? It is the paradigm shift that compliance imposes in that it requires companies to take ownership of the applicable regulations and to implement a compliance programme within their organisation.

With compliance, European companies must not only build their programme, but must also carefully keep documentation and evidence of this in the event of an audit.

Compliance thus offers a dynamic and proactive vision of conformity, empowering the company, which becomes both the driving force and the main player.

The French term "conformité" alone does not therefore fully reflect this flexible and evolving definition of compliance. In an effort to ensure that the French language takes ownership of this concept, the term "conformance" would perhaps help to highlight the obligations of compliance, self-regulation but also performance, competitiveness and efficiency that companies are now required to fulfil in a context of growing social and environmental responsibility.

The evolving and binding nature of this concept helps us understand its success, since compliance allows the regulatory authorities to hold companies responsible for compliance with the legal and ethical standards in force and to intervene only a posteriori through strict monitoring and dissuasive sanctions, often leading companies to compromise for considerable sums of money[4].

For the diffusion of fundamental European values and the development of CSR

Europe has not lagged behind in the development of business ethics and compliance, concepts which it has taken up as tools and vectors for the promotion of its values and fundamental freedoms, as illustrated by the general data protection regulation ("GDPR"). By defining the territory of the European Union as the criterion for the application of this major text, whether it is the place of establishment of the data controller or its processor or, for data controllers or processors established outside the European Union, the place of residence of the individuals whose personal data are processed or who are the subject of profiling, the European Union has given itself the means to ensure that the principles and values it promotes in terms of personal data protection have worldwide influence. This is undoubtedly the European Union's first ambitious extraterritorial text, the repercussions of which are still being felt today as illustrated by the California Consumer Protection Act[5].

France has also adapted a great deal to the development of compliance. Initially, with the so-called Sapin II law of 9 December 2016[6], which subjects managers of companies up to a certain size to specific anti-corruption measures under the supervision of the French Anti-Corruption Agency and to administrative and/or criminal sanctions. Then, in a second phase, with the provisions of the Act of 27 March 2017 requiring companies of a certain size to establish and implement a monitoring plan to prevent their suppliers and subcontractors from breaching principles and obligations as diverse as human rights and fundamental freedoms, human health and safety and the environment[7]. Finally, with the various decrees of 2017, the PACTE law and the various decrees issued on this basis to promote the development of corporate social responsibility (CSR)[8]. So much so that the different levels of standards to be grasped with regard to these same subjects have multiplied and become difficult to read, even for the most seasoned professionals.

The dangers of "billboard" compliance and "cosm-ethics"

These new compliance requirements are all the more significant in that they are in practice extended to suppliers and subcontractors of companies who, in principle, should not be subject to them except if they have already met the set thresholds. SMEs and SMIs that want to sign contracts with large groups often have no choice but to commit themselves to comply with cumbersome, costly procedures and protocols that they do not always understand or implement if they want to be selected for the work.

The direct and operational consequence of this paradigm shift in compliance is also to force companies to allocate sufficient budgets to comply, or risk being sanctioned by the regulator or the judge for their inaction or negligence.

It is therefore understandable how companies often find themselves powerless in the face of this major change and the resulting costs, tossed between fear and rejection, between the wish to opt out and the fear of submission.

For a Europe of compliance at the heart of tomorrow's world

How then can we enhance this development in Europe and support European companies in their transformation and development in tomorrow's world by structuring and developing a Europe of compliance?

First of all, it is through political will. The new European Public Prosecutor's Office, headed by the magistrate Laura Codruta Kövesi whose twenty-two prosecutors were appointed by the Council of the European Union on July 27 last, is a first and ambitious achievement that we can only hope to strengthen, in the long term, with the participation of all Member States[9]. It should also be the culmination of a European business code that business, legal and compliance professionals have been calling for, for so many years[10]. But more than that, it is through real integration, or even an "infusion", of the notion of ethics and responsibility that must penetrate the heart of our European legal and political systems.

Indeed, how can we expect companies to adopt the notions of ethics and compliance if our governments and institutions remain entangled in internal modes of governance and operation where conflicts of interest remain numerous? The management of the current health crisis is unfortunately an illustration of this, between the health emergency declared without any real parliamentary debate, the measures that infringe freedoms taken over time and leaving room for the sometimes arbitrary interpretation of the police or administrative authorities acting on this basis, and the maintenance of many of these measures once the health emergency has been lifted. Without going any further into the major and omnipresent issue of conflicts of interest, which is at the centre of matters in the current context.

And so it is the company that finds itself confronted on a daily basis with the practical problems arising from this, having to deal with multiple standards, guidelines or even interpretations imposed on, or even opposed against them, in its functioning and development. And yet first and foremost the company comprises men and women, projects, technologies, ambitions and visions.

The company at the centre of tomorrow's world

In tomorrow's world that everyone is calling for, it now seems essential to place the company and its development as well as all of those involved at the heart of debate. This is the only way that compliance can become a real tool for economic, social and environmental development, enabling an adequate response to the challenges of renewal that our society faces and which is also in line with our European values.

A practical and operational development of "compliance" is called for and expected by all of those who support companies and work on a daily basis for the world of tomorrow!