June 30, 2018

Releases : I. Isolated Articles

The Law of Compliance unleashes the moorings of the Law of Regulation but retains its principles: consequences on companies

by Marie-Anne Frison-Roche

To read the French version of this working paper, click on the French flag

The Law of Compliance is a branch of law so recent that some still doubt its very existence.

This paper does not take up this question again, nor that so often evoked of the "definition" of the Compliance and the Law that goes, nor the issue of the translation which is appropriate for it.

The purpose of the reflection is rather to observe the movement that started from the requirements of specific sectoral Law, such as Financial Law and Banking Law, which undeniably correspond to "sectors", the Law of Compliance being the extension of the Law of Regulation, an extension that metamorphoses it, extending beyond the regulated sectors.




Read below

This evolution, which goes from the Regulation Law to the Compliance!footnote-99 - passing by Supervision Law!footnote-10, not only is observed but it can be justified entirely because the "concern" of the protection of the environment, the fight against corruption, the protection and the circulation of digital information (data) justifies this extension of Compliance Law beyond these sectors!footnote-101 to reach all companies, because these goals are as imperative as, or even more than, the only public order of prevention and management of risk management of regulated systems!footnote-100.

The difficulty comes from an observation on a movement which is also mechanical. The Law of Regulation is  violent and archaic in its modalities. It subjects the company entering a regulated sector (banking, finance, telephony, transport, health, postal activities market) to legal constraints in Ex Ante and Ex Post that ordinary legal system, "common law", does not know!footnote-103. Including transparency (passive but essential obligation), taking charge of the efficiency of the system (active obligation, for example universal service obligation) or the prevention of general risks.

But because the Law of Compliance is an extension of the Law of Regulation, the first collects the archaic power of the second: it is then in a very general way that companies having no activity on regulated markets become transparent and are now subject to obligations Ex Ante to restructure in their own organization, management and governance to ensure the effectiveness of an entire system that does not concern them (eg the fight against terrorism ).

Thus by the Law of Compliance, all companies even if they are not in a regulated sector, will firstly lose control of their information and their internal structure and secondly be established as being responsible for achieving goals decided by others: public authorities who will have decided to fight "by all means" against terrorism, against pollution, against child labor, for education, for peace, etc.

Here we find the basis of the Law of Regulation: efficiency and the fact that "by all means" we must achieve the goals, as long as the means are proportionate to the goals, proportionality becoming the major legal principle, the one by which the Judge exercises his control. The principle is archaic: "the end justifies the means".

And as it is internalized in these global enterprises, the reason being that the evils are global or that the coveted goods are global too and that they must be reached "by all means" then the public authority located in a precise place of the world can give a global order of compliance and sanction any company that has not complied with it, even if it is outside its jurisdiction.

This makes international institutions like the WTO less useful. This is what the United States does for the rest of the world, disengaging itself from institutions, since it finds more direct links. But the other public authorities can do this for all businesses.

Territoriality is then a legal notion crushed by the Law of Compliance which, because it has seceded with the notion of "sector" has mechanically also secede with the notion of "border", Globalization and Compliance making a happy couple!footnote-104. The Law of Compliance crushes at this point the Law conventionally understood that some have seen in Compliance the enemy of the Law.

Companies are thus "forced" to save the world - because that's what it is. So they are now in charge of what is called a "global public service"!footnote-105, as even the French authors would not dream to design it ... We can be stunned and collapsed, especially if we think that companies are not made for that!footnote-106.

We can also approve such an evolution if on the one hand we intends not to remain without doing anything in front of the decomposition of the Public International Law, destruction which is operated under our eyes, in particular by the action of the United States thinking notably because of the Law of the Compliance not to need more of Public International Law, and if on the other hand we also want to consider that the concern for others which covers all these "monumental goals" is our concern to all.


Yes. But if we approve of such an evolution, we must also recognize that this constitutes a shock of a dimension without equal for the legal subjects that are the companies.




Companies which learn that the legal boundaries no longer exist, that they are subject to receive orders to realize a new world order of concord and total information, order issued by any localized public authority and to execute it, except to suffer sanctions against which his own sovereign will not keep it.Les exemples quotidiens et spectaculaires abondent.

Certainly, companies can be "in reaction", since this may seem unfair. For example, it is unfair for a European company to receive orders from the US administration and have to execute them without saying a word, transmit information and pay while other areas of the world continue to receive no order or not to submit to it because these injunctions do not rely on what appears to be the "dollar law". Businesses may feel that they are being abandoned by their State while it should be fighting on their side. In a system often described as "feudal"!footnote-107, the suzerain should defend the vassal .... New crusade?

But in the first place, as all the "reactionary" approaches show, so good are the reasons, we never manage to recreate the past. We can not go back to when the world was built by the States that made multilateral treaties, respected them except in limited cases, when the WTO appeared to be the crucible of a civilized world order because it is legalized, in which would be added nascent rule of a competition law from others like those of the environment law or the decent work principle. If we can not revive an old dream, then we must not dream no more but think of another dream.

In this perspective and secondly, why should companies be hostile to such an evolution, if we attach it to other moorings?

Is not it then and on the contrary the best prospect for them? And for the States on which they rely and which must also design a Compliance Law, rather than fight it.

Businesses today rule the world. Rather than denying it, they have an interest in admitting the consequence of this: the responsibility!footnote-108. Not only in Ex Post (repair the damage that inevitably causes the exercise of power) but also in Ex Ante.

The "responsibility in Ex Ante" is precisely the Law of Compliance. It is to admit in Bottom up that the company elaborates standards of safety (concern of preservation of the systems) but also standards of concern of others.

What is often called "Corporate Social Responsibility" is not anything other than Compliance, is not even "in touch" with Compliance: it is Compliance itself. It is the Compliance informed no more by the public authority but by the company: these are the same rules as those enacted by the Public Authorities.

Take an example: "do not corrupt, do not be corrupted". It is a principle that is issued by the public authorities through many laws against international and domestic corruption (FTCA for instance), but it is also the heart of the "ethical culture" of CSR. It's the same rule.

Therefore, why spend so much energy (time, money, etc.) to escape legal systems of global restraint, since they are the same as those of the company itself? And for once in the same space of deployment, that is to say the World.

Moreover, the big challenge of the Law of Compliance is constituted by what is called the "data". The European Union has succeeded in 2016 by the General Data Protection Regulation (GDPR), where the other zones have done nothing; the California legislature  just followed in June 2018!footnote-109.

But data has never been the characteristic of a particular sector. Data can be defined as "digital information", which must at all times circulate, be the material of future goods and not harm the human beings who are concerned ("personal data"). This concerns not only all markets, but all sectors and all businesses.

This is one of the ways to conceive of a Law that manages to understand the phenomenon of "platforms", which remains to be done, by no longer conceiving the Compliance in a single report of extension of the Law of the Regulation, nor by conceiving it in a single constraining link between public authorities and firms.

Thus the companies that hold the platforms, including the financial market companies are an example well before the non-financial product platforms come, by dint of not entering the frameworks of the Law of Regulation - itself, unfortunately, often thought through the traditional framework of the Competition Law - as long as they do not constitute a market or even a sector, were not thought of in a Law of Compliance that did not separate from the Law of Regulation.

But if we conceive of an autonomous and structured Compliance Law then the phenomenon of "platforms" can be grasped in its power, and therefore in its responsibility, not only in Ex Post, but also in Ex Ante (Compliance Law ).

If the companies do not passively pass this role but seize it, then the digital Europe, which is a major stake of existence of Europe in the world, will be able to be done. And especially by the Law of data compliance, that is to say, an information market that does not reduce the human being to being a raw material consumed by others but on the contrary to being the center of the system preserved by the Public Authority. This Regulator of the data does not intervene any more in Ex Ante since the system of regulation was internalized by the Compliance in all the companies, the company being in charge security, traffic efficiency and protection systems. It is the very model of Europe: a market whose heart is the person.

Thus, if the Compliance Law has effectively separated from the moorings of the Law of Regulation, it is not to the detriment of companies, especially those that are not regulated and which may have been very disoriented by this mass of constraints come as meteorites, it is to their great benefit.

This is a chance that companies must seize. They just need to translate it.




Frison-Roche, M.-A., The Compliance Law, 2016.


Frison-Roche, M.-A., Régulation, Supervision et Compliance (dir.), 2017 (general presentation in English). 


Frison-Roche, M.-A., From the Regulation Law to the Compliance Law, 2017. 


Frison-Roche, M.-A., Compliance : before, now, after, 2017.


Association H. Capitant, La Mondialisation, 2016 ; in English, Frison-Roche, M.-A., Globalisation from the point of view of Law, 2017. 


Frison-Roche, M.-A., From the Regulation Law to the Compliance Law, 2017. 


On this issue of the "subjects of the Compliance Law", see  Frison-Roche, M.-A., Drawing the circles of Compliance Law, 2017.


In French the fundamental article of Alain Supiot, Face à l'insoutenable : les ressources du droit de la responsabilité,  in Delmas-Marty, M. et Supiot, A. (dir.), Prendre la responsabilité au sérieux, 2015 (english translation : "In the face of the unsustainable: the resources of the law of responsibility" in "Taking the law of responsability seriously)


California passes sweeping Law to protect Online PrivacyNewYork Times, 28 June 2018


comments are disabled for this article