US embassy cable - 05PARIS7814

UNCLAS PARIS 007814 
 
SIPDIS 
 
PASS SEC FOR SBOONE 
PASS FEDERAL RESERVE 
STATE FOR EB AND EUR/WE 
TREASURY FOR DO/IM MSOBEL AND LHULL 
TREASURY ALSO FOR DO/IMB AND DO/E WDINKELACKER 
LABOR FOR ILAB 
USDOC FOR 4212/MAC/EUR/OEURA 
 
E.O. 12958: N/A 
TAGS: EFIN, ECON, PGOV, FR 
SUBJECT: CNIL UNLOCKS SOX 
 
 
1. SUMMARY: Bowing to pressure, CNIL Commissioners announced 
on November 15 that they would allow US-listed companies to 
enact whistleblower provisions in France, as required by 
Sarbanes Oxley Section 301.  CNIL published an "orientation 
document" and promised to grant blanket approval to firms 
that self-certify compliance.  CNIL plans to take the 
document to the EC WP 29, in the hopes of reaching a common 
EU position.  END SUMMARY. 
 
BACKGROUND 
---------- 
2.  The French National Commission on Information and 
Liberty (CNIL), a French agency set up to guard civil 
liberties, has effectively reversed its decision of May 2005 
that prevented firms in France from complying with Sarbanes 
Oxley (SOX) Section 301.  That section requires audit 
committees of publicly traded companies to establish 
procedures for confidential, anonymous submission by 
employees of concerns regarding questionable accounting or 
auditing matters (e.g., whistleblower systems, also known as 
ethical hotlines). 
 
SOLUTION 
-------- 
3. CNIL published an orientation document on November 15 on 
its website, www.cnil.fr, in which it permits companies to 
set up whistle-blowing systems under certain conditions. 
Each system should be set up to respond to specific 
obligations, e.g., to report financial or accounting 
irregularities, or corruption.  Anonymous reports are 
permissible, but should not be encouraged.  Companies should 
maintain the confidentiality of data.  Companies should 
inform anyone implicated as soon as practicable to ensure 
rights of opposition, access to the facts (but not the 
identity of the source), and correction of facts. 
 
4.  The CNIL stated its next step would be to adopt a 
decision approving in advance those systems that conform to 
the conditions spelled out in its orientation document. 
Companies will thereafter be able to self-certify compliance 
by a simple letter to the CNIL, avoiding the need for the 
CNIL to examine each company's policy on a case-by-case 
basis. 
 
5.  The CNIL may issue a further note to explain the 
practical steps companies will need to take, and will issue 
an authoritative English translation of its orientation 
document as soon as possible. CNIL will present its work at 
the next meeting of the European Commission Article 29 
Working Group on November 24-25, as the basis for adopting a 
common position to the data privacy issues presented by 
whistle-blower systems. 
 
6. COMMENT:  We have heard that associations, lawyers, and 
others representing about 300 firms, both French and 
multinational, had contacted CNIL to express concerns about 
its prior opposition to ethical hotlines.  At the Embassy, 
we organized several meetings with representatives of major 
and smaller US companies to devise strategic solutions and 
improve on the CNIL draft text. We also actively engaged 
government officials, CNIL staff and CNIL Commissioners to 
advocate for SOX implementation.  Although local firms 
tended to acknowledge that whistle-blowing was alien to 
French culture, and government officials are wary of 
extraterritoriality, there is general recognition that 
current trends in corporate governance point to the need to 
accept stronger financial safeguards. 
STAPLETON#