The recent news

Compliance Law, like Regulatory Law, of which it is an extension, is an Ex Ante Law.

It translates into a set of obligations that companies must perform to ensure that harmful behavior does not occur, such as bribery, money laundering, pollution, etc.

This results in "structural" obligations, such as the establishment of a risk map, a third-party vigilance system, internal controls, the adoption of codes.

The practical question that arises is whether to punish a company, it is necessary but it is sufficient that the company has not adopted these structural measures, or if it is also necessary that within it or through the persons whom it must be accountable (through the corporate officers and the employees, but also the suppliers, the sub-contractors, the financed operators, etc.) there were behaviors that Compliance Law prohibits, for example corruption, money laundering, pollution, safety-related accident, etc.

The question is probative. Its practical stake is considerable.

Because to obtain the conviction the prosecuting authority will have to demonstrate not only a failure in the structural device but also a behavioral failure.

Si l'on considère que le Droit de la Compliance est à la fois sur l'Ex Ante et sur l'Ex Post, alors l'autorité de poursuite qui requiert une sanction doit démontrer qu'il y a un comportement reprochable (Ex Post) et qu'à cela correspond une défaillance structurelle (par exemple le compte bancaire anormal n'a pas été signalé) ; si l'on considère que le Droit de la Compliance est purement en Ex Ante, alors même s'il n'y a pas de comportement reprochable en Ex Post, la seule défaillance structurelle suffit pour que l'entreprise qui doit l'organiser en son sein soit sanctionné.

If we consider that Compliance Law is both on the Ex Ante and the Ex Post, then the prosecuting authority that requires a sanction must show that there is a reprehensible behavior (Ex Post ) and that this corresponds to a structural failure (for example the abnormal bank account has not been reported); if we consider that Compliance Law is purely Ex Ante, then even if there is no reprehensible behavior in Ex Post, the only structural failure is enough for the company to be sanctioned, even if it does its best efforts, even if no prohibited behavior will have accured in Ex Post.  

The second system, which is much more repressive and places a considerable burden on companies, even if there is no proven illicit behavior, is that of French Law, probably because of a tendency towards Ex Ante organization. ..

Mais il faut garder mesure. Et cette mesure est probatoire.

But we must keep measure. And this measure is probative.

This is what the Commission des Sanctions of the Agence Française Anticorruption -AFA (French Anti-Corruption Agency's Sanctions Committee) has just said, in its decision of 4 July 2019, SAS S. et Madame C.,(written in French) contradicting the position of its director, who acted as the prosecuting authority. This is yet another general proof of the autonomy of the Sanctions Committee vis-à-vis to the Administrative Authority of which it is a part, and in relation to its director, who nevertheless governs it. But, jurisdictional model obliges, he has here the status of prosecuting authority, is subject to the regime of this one and not to the regime of head of the entity. Demonstration of the "functional autonomy" of the sanctioning bodies within the administrative regulatory and compliance authorities.

Indeed, this important decision expresses with precision and reason the distribution of the "burden of the allegation" and the "burden of proof" on the prosecuting body and on the company pursued, as well as the role of presumption that the recommendations issued by the French Anti-corruption Authority can play.

Read the analysis below.

Europe is definitely the zone of the world in which the protection of persons is thought.

Elle le fait par des textes, dont le très fameux Réglement adopté en 2016 relative à la protection des personnes physiques à l'égard du traitement à caractère personnel et à la libre circulation de ces données, dit "RGPD", recopié par exemple en Californie par la loi du 12 juillet 2018, par des initiatives nationales, comme la prochaine loi française contre les discours de haine dans l'espace numérique, par de nombreuses études et rapports - le droit souple étant aussi importante que le Droit pénal en Droit de la Compliance, mais encore par des décisions de justice.

Europe does this by texts, including the very famous Regulation adopted in 2016 relating to the  treatment of personal data for their free circulation and the protection of peope concerned by them ( known as General Data Protection Regulation - GDPR ), copied for example in California by the Act of 12 July 2018, by national initiatives, such as the next French law against hate speech in the digital space, by numerous studies and reports - Soft Law being as important as Criminal Law in Law of Compliance  system -, but also by court decisions.

Indeed, judicial decisions were at the origin of the movement of the person protection, with the creation of a "right to be forgotten" by the 2014 Google Spain decision of the Court of Justice of the European Union.

The judgment of the CJEU on 29 July 2019, Fashion ID, is just as important. Like the previous one, it clearly settles an essential question: who must police consents in the digital space?

And the answer is: all the digital players who benefit from it.

As a result, there is an "intermesh" (on this notion which is the future of Compliance Law in the digital world, see Frison-Roche, M.-A., The contribution of Compliance Law in the Governance of Internet, 2019 ).

See below the analysis of the judgment.

 It is often observed, even theorized, even advised and touted, that Compliance is a mechanism by which public authorities internalize political (eg environmental) concerns in big companies, which accept them, in Ex Ante, because they are rather in agreement with these "monumental goals" (eg saving the planet) and that this shared virtue is beneficial to their reputation. It is observed that this could be the most successful way in new configurations, such as digital.

But, and the Compliance Mechanism has often been brought closer to the contractual mechanism, this is only relevant if both parties are willing to do so. This is technically true, for example for the Deferred Prosecution, which requires explicit consent. This is true in a more general sense that the company wants to choose itself how to structure its organization to achieve the goals politically pursued by the State. Conversely, the compliance mechanisms work if the State is willing to admit the economic logic of the global private players and / or, if there are possible breaches, not to pursue its investigations and close the file it has opened, at a price more or less high.

But just say No.

As in contractual matters, the first freedom is negative and depends on the ability to say No.

The State can do it. But the company can do it too.

And Daimler just said No.

___

Publicly, including through an article in the Wall Street Journal of June 28, 2019.

The company sets out in a warning to the market that it is the object of a requirement on the part of the German Motor Authority (Kraftfahrt-Bundesamt)  of an allegation of fraud, by the installation of a software, aimed at misleading instruments for measuring emissions of greenhouse gases on cars using diesel.

It is therefore an environmental compliance mechanism that would have been intentionally countered.

On this allegation, the Regulator both warns the company of what it considers to be a fact, ie compliance fraud, and attaches it to an immediate measure, namely the removal of the circulation of 42,000 vehicles sold or proposed by Daimler with such a device.

And the firm answers : "No".

_____

Which is probably only beginning, since a No ends the dialogue of Ex Ante to project in the Ex Post sanction procedures, calls 6 observations:

• 1. No doubt Daimler, a German car manufacturing company, has it in mind in this allegation of fraud calculating pollution of its diesel cars what happened to his competitor Volkswagen: namely a multi-billion dollar fine, for lack of compliance in a similar hypothesis (so-called dieselgate). The strategic choice that is then made depends on education through the experience of the company, which benefits as such from a previous case that has had a very significant cost. Thus educated, the question is to measure the risk taken to refuse any cooperation, when the company can anticipate that it will still result in such an amount ....

• 2. In addition, we find the difficulty of the distinction of Ex Ante and Ex Post. Indeed, saying No will involve for the company a cost of confrontation with the Regulator, then the peripheral jurisdictions or review courts. But in Germany, the Government itself, concerning a bank threatened with compliance proceedings and almost summoned by the US regulator to pay "of its own free will" a transactional fine, felt that this was not normal, because it must be the judges who punish, after a contradictory procedure with due process and after established facts. 

• 3.  However, this is only an allegation, of probable assertions, of what legally allows to continue, but which does not allow to condemn. The confusion between the burden of proof, which presupposes the obligation to prove the facts before being able to sanction, and the burden of the allegation, which only supposes to articulate plausibility before being able to prosecute, is very damaging, particularly if we are committed to the principles of Repressive Law, such as the presumption of innocence and the due process. This distinction between these two probationary charges is at the heart of the probatory system in the Compliance Law. Because Compliance Law always looks for more efficiency, tends to go from the first to the second, to give the Regulator more power, since businesses are so powerful ....

• 4. But the first question then arises: what is the nature no so much of the future measure to be feared, namely a sanction that could be taken later, against Daimler, if the breach is proven, or which will not be applied to the firm if the breach is not established; but what is the nature of the measure immediately taken, namely the return of 42,000 vehicles?

• This may seem like an Ex Ante measurement. Indeed, the Compliance assumes non-polluting cars. The Regulator may have indications that these cars are polluting and that the manufacturer has not made the necessary arrangements for them to be less polluting (Compliance) or even organized so that this failure is not detected ( Compliance fraud).

• This allegation suggests that there is a risk that thiese cars will polluting. They must immediately be removed from circulation for the quality of the environment. Here and now. The question of sanctions will arise after that, having its procedural apparatus of guarantees for the company that will be pursued. But see the situation on the side of the company: having to withdraw 42,000 vehicles from the market is a great damage and what is often called in Repressive Law a "security measure" taken while the evidence is not yet met could deserve a requalification in sanction. Jurisprudence is both abundant and nuanced on this issue of qualification.

• 5. So to withdraw these cars, it is for the company to admit that it is guilty, to increase itself the punishment. And if at this game, taken from the "cost-benefit", as much for the company immediately assert to the market that this requirement of Regulation is unfounded in Law, that the alleged facts are not exacts, and that all this the judges will decide. It is sure at all whether these statements by the company are true or false, but before a Tribunal no one thinks they are true prima facie, they are only allegations.
•  And before a Court, a Regulator appears to have to bear a burden of proof in so far as he has to defend the order he has issued, to prove the breach which he asserts exists, which justifies the exercise he made of his powers. The fact that he exercises his power for the general interest and impartially does not diminish this burden of proof.

• 6. By saying "No", Daimler wants to recover this classic Law, often set aside by Compliance Law, classic Law based on burden of proof, means of proof, and prohibition of punitive measures - except imminent and future imminente and very serious damages  - before 'behavior could be sanctioned following a sanction procedure.
• Admittedly, one would be tempted to make an analogy with the current situation of Boeing whose aircraft are grounded by the Regulator in that he considers that they do not meet the conditions of safety, which the aircraft manufacturer denies , Ex Ante measurement that resembles the retraction measure of the market that constitutes the recall request of cars here operated.
• But the analogy does not work on two points. Firstly, flight activity is a regulated activity that can only be exercised with the Ex Ante authorization of several Regulators, which is not the case for offering to sell cars or to drive with. This is where Regulatory Law and Compliance Law, which often come together, here stand out.Secundly, the very possibility that planes of which it is not excluded that they are not sure is enough, as a precaution, to prohibit their shift. Here (about the cars and the measure of the pollution by them), it is not the safety of the person that is at stake, and probably not even the overall goal of the environment, but the fraud with respect to the obligation to obey Compliance. Why force the withdrawal of 42,000 vehicles? If not to punish? In an exemplary way, to remind in advance and all that it costs not to obey the Compliance? And there, the company says: "I want a judge".

​______

Le 24 juin 2019, le Régulateur irlandais a publié un rapport visant à participer à la consultation publique lancée par le ministère de la Communication, portant à la fois sur la façon dont il convient de transposer la directive européenne sur les services audiovisuels  et sur la perspective d'une loi nationale sur la "régulation des contenus dommageables sur les plateformes en ligne".

Pour le Régulateur, le rapprochement des deux actes législateurs offre une opportunité d'une régulation globale des "médias en ligne", offrant à l'internaute une "sécurité" que la simple transposition de la Directive ne permet pas. Ainsi la seconde loi complétera la première.

Pour le Régulateur, la loi nationale à adopter doit permettre au Régulateur de donner une pleine sécurité à l'internaute irlandais ("online safety"), en retirant les contenants violents ou dommageables (le terme harmful est difficile à traduire par un seul mot en français) et en l'avertissant à propos de ceux-ci. 

Comme l'explicite le rapport (p.52) :

The BAI considers that the following four strategic objectives and responsibilities are relevant for an online safety regulator operating within the new media regulatory structure: • Rectifying serious harms occurring to Irish residents through their use of online services. • Ensuring that individuals and members of groups that are frequently subject to harmful online content can fully benefit from digital technology and social media. • Reducing online harms by introducing online safety rules for online platforms. • Promoting responsibility and awareness of online safety issues among the general population and industry. To fulfil these objectives and responsibilities, the BAI considers that the Online Safety Regulator could have the following three functions:

1. Operating a statutory mechanism to remove harmful online content that directly affects Irish residents (Rectification of Harm)

2. Developing and enforcing an online safety code for Irish-resident online platforms (Minimisation of the potential for Harm)

3. Promoting awareness of online safety issues among the public and industry (Preventing Harm). Ensuring that online services play a more effective role in tackling online safety issues can provide wide, “collective” benefits to large numbers of individuals simultaneously.

Visant expressément Youtube et Facebook, qui en Europe ont choisi de se localiser en Irland, le Régulateur demande une Régulation des plateformes de partage de vidéos qui doit, à travers un Code s'appliquant à eux, permettre de régir leur activité qui se déploie à travers toute l'Europe. Ce Code aurait vocation à rappeler en premier le principe de la libre expression. Tout en organiser la "sécurité en ligne" de l'internaute.

Le Régulateur irlandais des Médias sera en charge de cela. Et puisque les opérateurs sont localisés en Irlande, ses conceptions et ses actions auront donc un effet européen : comme le dit le Président de l'Autorité de Régulation lui-même : " This is a particularly important issue for this country, given that many of the majoar international platforms are based her. Ireland has a unique opportunity - and responsability - to lead the debate and chart the way forward in relation to online safety and regulation". 

____

"to lead" ?

Il n'est pas certain que les autres régulateurs nationaux ni la Commission européenne partagent une telle conception irlando-centriste de la régulation euroréenne des médias.