One size does not fit all

The new guidance considers comments that had been communicated to the AFA by several professional associations in view of the first version of this guidance, which was issued back in January 2019. The language used in this new version also takes into account the remarks made last July by the AFA’s Sanctions Committee (i.e., the body in charge of sanctioning companies in case the AFA’s audits reveal strong defaults in anticorruption compliance programs) when they considered in their first decision^[3] that the AFA-issued guidelines are not mandatory to follow as long as the company being audited can demonstrate the effectiveness of its compliance program regarding risk mitigation.^[4]

As a consequence, this new version takes a few precautions, noting, for example, that there is no one model for a compliance officer and that this is left to each company to define in view of their specificities (size, nature of activities, maturity of their compliance program, etc.); their risks; the design of the compliance function; how the compliance officer should be chosen; and the scope of their mission while considering other transverse functions’ missions in the organization, such as auditing or legal.

The guidance also states clearly that it is not mandatory to have a compliance officer, although the AFA considers it very useful to implement a compliance function with the necessary means, as this shows how dedicated the management team is to the success of the compliance program. This is also a way for management to show stakeholders and employees how committed they are to the company’s values and the compliance program. Management defines the compliance function in their organization, assists in deploying the program, and amends the program in order to make it more efficient.