Oct. 5, 2021

Compliance: at the moment

March 10, 2021

Teachings : Banking and Financial Regulatory Law - Semester 2021

Résumé de la dernière leçon : La Compliance, ne serait-ce que par ce terme même, est un mécanisme nouveau dans les systèmes juridiques européens, venant notamment en convergence du Droit de la concurrence, du Droit financier et du Droit du commerce international. L'on considère généralement qu'il provient du Droit financier et du Droit américain, qui développe ainsi d'une façon extraterritoriale ses conceptions juridico-financières. 

Est ainsi en train de naître un Droit de la Compliance

Il pourrait être celui qui disciplinerait l'économie numérique, laquelle croise étroitement l'économie bancaire et financière, qu'elle renouvelle.

Pour en mesurer l'importance et le développement, qui ne font que commencer, le plus probant est de commencer par sa manifestation incontestable en Droit français, à savoir la loi du 9 décembre 2016 de la loi dite "Sapin 2", suivant de peu la loi du 21 juin 2016 sur les abus de marché et suivie de peu par la loi du 27 mars 2017 sur le devoir de vigilance des sociétés donneuses d'ordre.


Accéder aux slides servant de support à la leçon sur la régulation internalisée dans les opérateurs bancaires et financiers par l'émergence du Droit de la Compliance

Revenir aux bases avec le Dictionnaire bilingue du Droit de la Régulation et de la Compliance

Approfondir grâce à la Bibliographie générale du cours de Droit de la Régulation bancaire et financière


Revenir au plan général du cours de Droit de la Régulation bancaire et financière

Revenir à la présentation générale du cours de Droit de la Régulation bancaire et financière


Parcourir les billets quotidiens d'actualité sur la Compliance. 




Utiliser les matériaux ci-dessous pour aller plus loin et préparer votre conférence de méthode:

Oct. 15, 2020

Thesaurus : Soft Law

Full reference: Serious Fraud Office, Operational Handbook about Deferred Prosecution Agreements, October 2020

Read the Operational Handbook

Oct. 9, 2020

Thesaurus : Soft Law

Full reference: Financial Stability Board, The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutions. Market Developments and Stability Implications, Report of 9th of October 2020, 36 p. 

Read the report

Read the presentation of the report by the Financial Stability Board

To go further on the question of the use of new technologies in regulatory processes, read Marie-Anne Frison-Roche's working paper: Analysis of blockchains with regards with the uses they can fulfill and the functions that the ministerial officers must ensure  

Aug. 17, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Risk Mapping: is it legally different when it is made by Regulatory Bodies or by Regulated Enterprises?, in  Newsletter MAFR - Law, Compliance, Regulation, 17th of August 2020

Read, by freely subscribing, other news of the Newsletter, MAFR - Law, Compliance, Regulation


Summary of the news

Each year, the Autorité des marchés financiers (French financial markets regulator), the European Central Bank and the Agence française anti-corruption (French anti-corruption agency) publish risk maps. At first glance, risk maps established by the regulator aim to both help regulator and the regulated company to face risks by anticipating them. These documents would only be an assistance brought to firms in their Compliance mission and not an injunction from the regulator to take into account the risks that it emphasizes.  

However, Law forces firms to do their own risk maps under penalty of sanctions. Since the regulator has previously published its own risk map, can companies, obliged to write theirs, deviate from it? If the firm follows the map published by the regulator, can it protect itself against this if it is accused of not having fulfilled its compliance obligations? On the contrary, if the operator does not follow regulator's risk map, can this be blamed on it? Formally, regulator's risk maps do not come with an injunction to take it into account but, as everyone knows, any recommendation from a regulator or supervisor must be taken into account.

The legal solution could here be the implementation of a system of "comply or explain" which would mean that if the firm decides to no follow the risk map established by the regulator, it must be able to justify its choice. 


To go further, read:

Aug. 10, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference : Frison-Roche, M.-A., The practical utility to have a firm definition of "Compliance"Newsletter MAFR - Law, Compliance, Regulation, 10th of August 2020.

Read by subscribing the other news in the Newsletter MAFR - Law, Compliance, Regulation


Summary of the news

Some says that defining Compliance is a theoretical and non useful exercice that should be left aside to tackle the study of concrete technical cases. However, to be able to use Compliance tools, it is first necessary to have a clear, firm and simple idea of what is Compliance. Moreover, the future of this new branch of law intensely depends on the definition we choose to use. 

Compliance Law gives to some crucial private firms new responsibilities such as the one to fight against global dangers or the one of saving the planet. In this, Compliance Law can be perceived as a kind of new deal between the private sector and public authorities, with the only difference that this time the consent of the private sector is not required.

Some would say that the concretization of such projects is the duty of the State and that private firms, if they must respect the rules, do not have to find a way to concretize a "monumental goal". However, the world face new and systemic dangers in the face of which the State alone is powerless, technically or geographically, and against which crucial companies can act.

It is not about, as some advocate to put human being aside of Compliance Law by letting machines decide. It is about placing the human being and its protection at the heart of Compliance Law. In this, Compliance Law can become a new humanism. 


To go further, read Marie-Anne Frison-Roche's working paper, The Dreamed Compliance Law 

July 25, 2020

Thesaurus : Doctrine

Full reference: Thouret, T., Le pharmacien, un "opérateur crucial" pour prévenir une crise des opiacés en France, Actu-juridiques, Lextenso, 2020

Lire l'article (in French)

March 23, 2020


Without any request, on his or her newsfeed, those who surfs on the social network built by Facebook, has found on 23 of March 2020, in the morning, the following message :

« X (prénom de l'internaute), agissez maintenant pour ralentir la propagation du coronavirus (COVID-19) Retrouvez les actualités des autorités sanitaires et institutions publiques, des conseils pour ralentir la propagation du coronavirus et des ressources pour vous et vos proches dans le Centre d’information sur le coronavirus (COVID-19)" ("X (user's name), act now to slow down the spread of the Coronavirus (COVID-19). Find the health authorities and public institutions' news, advices to slow down the spread of the Coronavirus for you and your entourage in the Information Center about Coronavirus (COVID-19) »).

This corresponds to the more general declaration done the same day by Kang-Xing Jin, director of Health at Facebook, who declares : "In response to the coronavirus outbreak, Facebook is supporting the global public health community’s work to keep people safe and informed. Since the World Health Organization declared the coronavirus a public health emergency in January, we’ve taken steps to make sure everyone has access to accurate information, stop misinformation and harmful content, and support global health experts, local governments, businesses and communities.".

Thanks, Facebook to indicate how to do ; by the way, thanks to having invited me to do it. By the way, is it really an « invitation » ? Since the expression is « act now ». Just miss the exclamation point, and the pointed finger of Uncle Sam for « war effort »!footnote-1770.

If in Law, we can consider « invitation », it would be not to the "invitation" that in the past Bank of France did to shareholders banks to refinance a bank which risks to be soon into difficulties that we could consider, invitation from which the invited cannot really escape. No, obviously no, it is just the same message that you and me can write on our Facebook pages to tell similar things about the same purpose ! But, Facebook would be, like you and me, editor of contents ?

Questions and difficulties which encourage to proceed to the legal analysis to know under which title Facebook posted such a message.

The first hypothesis is that this firm has acted spontaneously, following its « Corporate Social Responsibility » (I) If it is the right qualification, with regards to the content of the message, legal consequences are important because this firm, without generalizing to others, by the expression of its care of common good, shows, by transitivity, that it is an editor.

The second hypothesis starts from the observation that Facebook is a « crucial digital operator ». In this perspective, the firm is constraint to Compliance Law (II). It is the reason why, it is constraint by specific obligations, that excludes the spontaneous message emission qualification. If it is the right qualification, with regards to the content of the message, legal consequences are also important and of a totally different nature. Indeed, the qualification leads to develop the relation between the obligation to fight against fake news and malicious websites towards those of redirecting towards public websites, benefiting for the operator of a reliability presumption.

Read the developments below.

Dec. 19, 2019

Publications : Chronicles MAFR - Compliance Law

Complète Reference : Frison-Roche, M.-A., Théorie juridique de la cartographie des risques, centre du Droit de la Compliance (Legal Theory of Risk Mapping, center of Compliance Law), D.2019, chronique Compliance, p. 


Summary : The act of mapping risks is not currently defined by Law. It is only described in special laws. While risks mapping is central to preventing in Ex Ante the occurrence of crises or behaviors from which the occurrence is excluded, no legal regime is available, due to the lack of a legal definition available. This legal definition is proposed here in 5 stages, starting from special laws and specific cases to go towards a general conception. Risk mapping then appears as a concern for others taken care of willingly or by force by crucial operators, through a new subjective right: the “right to be alarmed”, the map being the structural counterpart of the character of the whistleblower. Two articulated systems of Compliance Law.


Read the article, published in French.


Read its translation in English. 


Read the English Working Paper  on which this article is based, working paper with additional developpments, technical references and hypertext links



Dec. 19, 2019


Reference Frison-Roche, M.-A., Le droit de la compliance pour réguler l'internet  (Compliance Law to Regulate the Internet), Interview given in French to Sylvie Rozenfeld, Expertises, December 2019, p.385-390.


Summary. Law seems increasingly powerless to stem the social disorder generated by the Internet. For Marie-Anne Frison-Roche, Law professor and specialist in Regulatory Law, the solution is to be found in Law, and more particularly in Compliance Law. This specific Law is already applied in the banking and finance sector, or in the area of ​​personal data. As it has done for green finance and through the GDPR, Europe could impose a compliance system which internalizes concern for the individual in large digital operators. It is up to them to put in place the means and bear the cost, such as the right to be forgotten erected by the CJEU. Marie-Anne Frison-Roche does not offer anything revolutionary, she is content to take elements of positive law that already exist and to correlate them.


Read the interview (in French)


Read the presentation of the official Report for the French Government about which this interview is given:: The contribution of Compliance Law to the Governance of Internet

Sept. 27, 2019


Generale Reference : Frison-Roche, M.-A., Les solutions offertes par le Droit de la Compliance pour lutter effectivement contre les contrefaçons de masse (The solutions offered by Compliance Law  to fight effectively against mass counterfeiting) , in Seminar of the Association des Praticiens du Droit Droit des Marques et des Modèles (APRAM), La contrefaçon de masse : va-t-on un jour réussi à y mettre un frein ? Quelques nouvelles pistes de réflexion (How to stop the mass Counterfeiting?, some new ideas), Paris, September 27, 2019. 

Read the program of the Seminar. (in French)

This conference is based on the report given to the French Government and published in July2019 : The contribution of Compliance Law to the Governance of Internet.

It is also based on the new contribution to the new edition of the Grands Arrêts de la propriété intellectuelle : "Le maniement de la propriété intellectuelle comme outil de régulation et de compliance"(in French).  This publication is based on this Working Paper : The use of Intellectuel Property as a tool for Regulatory and Compliance Perspectives



Summary : In this seminar devoted to new ways of reacting to "mass counterfeiting", the idea here is to start from the observation of an increase in the ineffectiveness of intellectual property rights - and thus of the I.P. Law. Law being a practical art, it is not a simple inconvenience, it is a central question. This can be remedied by improving the Ex Post legal process, but we can think of finding Ex Ante mechanisms. The Regulatory Law is Ex Ante, but digital world is not a sector, it is the world itself. A promising direction is therefore Compliance Law, in that it is both Ex Ante and non-sectoral. The contribution shows how Compliance Law is already useful, could be developed and how it could be applied so that these specific rights could be effectively protected in a digital world, where for the moment counterfactors have in fact the means to ignore them.


See the slides. (in French)


July 18, 2019


Référence complète : interview à propos du rapport reçu par le Gouvernement le 15 juillet 2019  : Frison-Roche, M.-A., "Gouvernance d'Internet : nous sommes face à un enjeu de civilisation", Petites affiches, 18 juillet 2019, entretien mené avec Olivia Dufour. 


Résumé de l'interview : 

"Dans le rapport qu’elle a remis au secrétaire d’État au numérique en juillet, Marie-Anne Frison-Roche émet 55 propositions visant à élaborer une gouvernance d’internet fondée sur la compliance. Il s’agit en pratique pour le politique de définir des buts monumentaux : par exemple la lutte contre le réchauffement climatique et de les internaliser dans les acteurs cruciaux, par exemple Facebook ou Google sous le contrôle d’un superviseur. Ainsi Facebook serait-il appelé à surveiller les échanges numériques de la même façon qu’aujourd’hui Euronext surveille les échanges financiers. Au-delà de la question cruciale de la régulation du numérique, l’ambition consiste pour l’Europe à être fidèle à sa tradition humaniste en imposant par le droit la protection de la personne.".


Lire l'interview.

Se reporter au Rapport de Marie-Anne Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet, à propos duquel l'interview a été donné. 

Dec. 11, 2017


► Référence complète : Frison-Roche, M.-A., Compliance et confiance, in Mélanges en l'honneur de Jean-Jacques Daigre, Autour du droit bancaire et financier, Joly éditions - Lextenso, déc. 2017, pp.279-290.



► Résumé de l'article : Compliance. Confiance. Deux mots qui reviennent de plus en plus souvent sous nos yeux de lecteurs ou à nos oreilles d'auditeurs. Et pourtant ils ne semblent pas bien s'assortir. Ils paraissent même se repousser l'un l'autre.

En effet, la compliance est ce par quoi les autorités publiques font confiance à certains opérateurs privés, non pas en eux-mêmes, mais à leurs capacités structurelles à capter mécaniquement l'information dont ces autorités ont besoin (I).

Cela suppose une vision du monde dans lequel les entreprises sont puissantes et sont seules puissantes mais ne sont pas vertueuses, tandis que les autorités publiques, comme le Ministère public ou les régulateurs, sont faibles mais sont seuls vertueux. Une telle conception de la compliance transforme les entreprises en automates. Une telle vision du monde n'a pas d'avenir : on ne peut faire confiance qu'à des êtres humains, dont il faut accepter le caractère faillible, la compliance étant alors l'expression d'un rapport noué sur une confiance qui se donne à voir entre des opérateurs non mécaniques, à savoir les institutions publiques et les opérateurs privés qui peuvent l'un et l'autre avoir en commun souci d'un intérêt qui les dépasse et que l'on appelait naguère l'intérêt général (II).



🚧 Lire le document de travail bilingue servant de base à l'article ici publié.


Lire une présentation générale de l'ouvrage dans lequel l'article est publié.


📝Accéder à l'article.



June 2, 2017


Reférence complète : Frison-Roche, M.-A., Les fonctions de la Compliance. Un choix politique à faire ("The functions of Compliance. A political choice to do"), in  Borga, N. et Roda, J.-Ch. (dir.), La compliance : nouveaux enjeux pour les entreprises, nouveaux rôles pour les juristes ? ("Compliance: new challenges for companies, new roles for lawyers?"), Centre du Droit de l'entreprise Louis Josserand, Université Lyon IIII Jean Moulin, France, Lyon, 2 juin 2017.

Read the program (in French)

Summary of the conference :

Compliance mechanisms are being constituted in "Compliance Law", new branch of Economic Law. Its functions are determined by the goals. But the goals are "monumental", since it is nothing less than the end of corruption, trading in influence, arms trafficking, international terrorism, trafficking in human beings, selling of human organs, the effective safeguard of environmental protection, safeguarding the planet, access to culture for all, preservation of civilization, the effectiveness of human rights ...

The goals of a company are not a priori of this order, even if every firm understands that it is clever to appear amiable.

By comparing the two types of goals, a difference of nature is measured.

By the Compliance Law, companies are therefore invited to "get out of themselves.

Consequently, the functions that shape the contours of Compliance Law transform those who are the "subjects of law", the enterprises: these are the subjects, insofar as they are agents of legality. But this can not be the case for all companies.

If the effect of Compliance were to be generalized to all companies, this would be catastrophic and would make no sense.

However, who firmly and precisely drew the circle of "legal subjects eligible to be the legality agent" of Compliance? With the considerable costs and responsibilities that go with it?

If it has not been the Legislator, it will have to be the Judge. Because the judge is guardian of the spirit of Law and guardian of legal orders. Especially if it is a global legal order.


Moreover, companies are not only passive subjects of Compliance Law - which would be the case of a misunderstood Compliance Law - but are also active subjects of Compliance Law. Indeed, these "monumental goals" which draw the functions of the Compliance are exactly the same as those of the Corporate Social Responsibility.

Thus, if the Compliance is conceived of only as an immense and empty submission of all undertakings to total regulation, the result will be an opposition between the regulatory power and the will of undertakings, a concrete opposition between public authorities and companies. If, on the other hand, we conceive Compliance Law as that by which "crucial enterprises" like the Regulators are moving towards the realization of "monumental goals, then Compliance Law crystallizes a" Trust Pact""between the two, Which goes beyond the borders and becomes a means of regulating globalization.

This second conception is the future of European Law.



See the slides (in French).

Read the working paper on which the conference is based (working paper in English)

Feb. 2, 2017


Référence : Frison-Roche, M.-A., Le droit de la compliance : le rôle des opérateurs cruciaux, conférence Enedis, 2 février 2017, Paris.


Le Droit de la Compliance est un prolongement du Droit de la Régulation.

En effet, les autorités publiques expriment des buts monumentaux dépassant le fonctionnement marchand et qu’elles n’ont pas les moyens de mettre en œuvre mais dont elles chargent certaines entreprises de la concrétisation. Ainsi, la compliance est l’internalisation de la régulation dans des entreprises « cruciales », structurellement transformées.

Face à ce phénomène américain, les entreprises européennes sont restées passives, se contentant d’être condamnées. Il convient bien plutôt de s’approprier ce Droit de la Compliance. Notamment dans le secteur de l’énergie, dans lequel la dimension cruciale des entreprises « cruciales » apparaît par la dimension politique de leur objet technique.

Enedis est à ce titre un sujet dynamique de compliance et a vocation à se revendiquer comme tel.


media/assets/slides/enedis-2-fevrier-2017.pdf">Consulter les slides ayant servis de support à la conférence.

Feb. 10, 2011


Référence complète : FRISON-ROCHE, Marie-Anne, The auditor, a crucial player on financial markets, The Journal of Regulation, n°6, January / February 2011, I-1.26, p.470-479.

Cet article est écrit en anglais.

La Commission européenne par un Livre Vert d’octobre 2010 envisage une nouvelle politique de l’audit pour favoriser la stabilité financière. Pour cela, elle dessine le rôle de l’auditeur sur les marchés financiers, allant jusqu’à lui demande de prévenir les investisseurs des risques financiers que présentent les émetteurs. Mais l’auditeur a un rôle de certification des comptes, ce qui doit en être distinguer et cette "attente de marché" doit être satisfaite par d’autres, comme les agences de notation. Cependant, l’auditeur est un agent "crucial", en ce que son action est déterminante pour les investisseurs. Mais il n’est pas pour autant "systémique" et ne s’assimile en rien à une banque, puisque sa défaillance n’entraine pas d’effet domino. En outre, parce qu’il est crucial, l’ouverture forcée du marché de l’audit à plus de concurrence fragiliserait la bonne réalisation de son rôle dans le système. Cela est une nouvelle illustration de l’opposition entre la concurrence et la régulation.


Accéder à l'article.

June 4, 2002

Thesaurus : 05. CJCE - CJUE

Full reference: CJCE, 4th of June 2002, Decision C-483/99, Commission v/ France (Total)

Read the decision