From Compliance to Trust: Building a Compliance Framework that Protects the Company
Share
Subscribe
Events

From Compliance to Trust: Building a Compliance Framework that Protects the Company

Conference “A company’s practice of compliance” by Emmanuel Dupic (Ethics & Compliance VP – Dassault Aviation)

Event
By Grégoire Kraoul–Riera
Recommendations
  • Compliance is a business skill, not a cost centre: it protects access to markets, financing and the brand.
  • Without support from governing bodies, there is neither budget nor alignment across business lines: “tone from the top” is publicly demonstrated (code preface, statements, objectives).
  • Map the risk before addressing it: business scenarios guide the allocation of effort (export sales, intermediaries, high-risk countries, after-sales).
  • Third parties and value chains are the new focus of care: screening, UBO, clauses, periodic reviews, financing red flags.
  • Train, prove, audit: training traceability, accounting controls, targeted audits, documented corrective plans.
  • Compliance is a shared culture that makes trust a competitive advantage.
Summary

On October 8th, 2025, as part of SKEMA Publika, Diane de Saint-Affrique welcomed Emmanuel Dupic, Ethics & Compliance VP of Dassault Aviation, for a conference and a discussion on compliance practices in companies.

Emmanuel Dupic presenting corporate compliance practices.
Emmanuel Dupic presenting corporate compliance practices.

Compliance practice can be defined as a strategic lever protecting a company’s access to the market, its financing and its reputation. This conference is a testimony from a compliance professional in the aeronautical sector on building an efficient programme and, when necessary, learning to have the courage to say no.

Compliance: A Strategical Challenge for Companies

From Compliance to Trust

Compliance was long perceived as a simple exercise in legal conformity. However, it has today changed in nature. It is no longer a matter of ticking boxes or mechanically responding to regulatory obligations, it has established itself as a trust and sustainable performance lever.

With globalisation, geopolitical tensions and transparency demands on the rise, compliance has become a governance tool. In other words, it frames a company’s capacity to act, to finance and to maintain its reputation.

In French, “compliance” does not have an exact translation. Conformité is simplistic, it conveys more an idea of conformity with technical norms or of quality approaches. Compliance, in its modern acceptation, can be defined as all the processes that allow a company to ensure its executives and employees abide by the law, regulations and ethical principles. It is at the crossroad of law and ethics, constraint and conviction.

A Notion at the Crossroad of Law and Ethics

Theoretical bases of compliance are legal – abiding by the law, preventing corruption, respecting an embargo or data protection – but also ethical and cultural.

Nowadays, every company implements values – loyalty, integrity, respect, transparency, etc. – which become the foundation of their commitment with partners, clients, and, more extensively, civil society.

Therefore, beyond criminal risk, an ethical failure, weakens the trust relationship between a business and its stakeholders. Clients, investors, and even States expect companies to embody the principles they promote. The numerous environmental or child-labour-related scandals are an illustration of the fragility of reputation, collapsing in a few days, even when the actor that is responsible is a far link in the value chain.

The aeronautical and spatial sectors are different because clients are essentially States or big businesses, whence trust is as based on technology as on probity. For a company like Dassault Aviation, abiding by the law is not only a moral demand but a condition to access markets and to sustain its business model.

Economical, Legal, and Operational Challenges of Compliance

Non-compliance can have grave consequences for companies, from great economic penalties (fines, losing public procurements) to detrimental reputational degradation (termination of banking relations, irreparable damage to brand image). Large western companies shifted their positioning when high-profile cases burst in the open, realising none could now afford to neglect compliance.

Compliance is not a cost centre, it protects companies.

In addition to penalties, companies are exposed to the risk of prolonged monitoring by a State supervisory authority, thereby depriving the organisation of its decision-making autonomy for several years. Conversely, a robust framework becomes a strategic asset. It reassures customers, financial partners and authorities. It secures international operations and strengthens the company’s credibility.

Ultimately, compliance is no longer an appendage of the legal department but an integral part of the governance model and corporate strategy. This transition from compliance to trust was illustrated by Emmanuel Dupic during his lecture, highlighting a cultural and organisational shift that is essential for any company seeking to balance performance, integrity, and sustainability.

Compliance Framework: A Systemic Practice

An Increasingly Demanding Legal Environment

The growing importance of compliance can be explained by the constant strengthening of the regulatory framework at a national, European, and international level.

In France, the Sapin II law of December 9th, 2016, was a crucial step. This new legislation introduced specific obligations for companies with more than 500 employees and a turnover of more than €100 million, while giving public authorities the power to oversee its implementation through the creation of the French Anti-Corruption Agency (AFA).

However, in today’s globalised world compliance extends beyond national borders:

  • The Foreign Corrupt Practices Act (FCPA), adopted in 1977, requires U.S.-listed companies to prevent corruption abroad;
  • The UK Bribery Act of 2010 extended these obligations to any company with economic ties to the United Kingdom;
  • The duty of care, enshrined in French law in 2017 and then incorporated into a European directive in 2024, requires monitoring of human rights and environmental violations throughout the supply chain;
  • Finally, export-control measures, anti-money-laundering and -terrorist-financing regulations, or GDPR complete this set of regulations.

This body of norms forms a coherent corpus, consecrating corporate responsibility not only for its own actions, but also for those of its partners and subcontractors.

The 3 Cross-Cutting Pillars of any Effective Programme

Despite the legislative variety, compliance programmes are based on 3 common pillars, identified through practice and adopted by the AFA.

  1. Tone from the top”: Executive Commitment

    Governing bodies must be exemplary. The CEO bears personal criminal responsibility in matters of compliance. His or her involvement is reflected in clear communication, the allocation of resources and a visible presence in charters and codes of conduct.

  2. Risk Mapping

    Each company must identify and prioritise its risks according to its business, markets and partners. An aeronautical company exporting to third countries will not carry out the same analysis as a textile or a bank.

  3. Mastering and Preventing Risks

    Once the risks have been identified, procedures, training and controls should be put in place to limit them. This management is based on education, internal control and, as a last resort, disciplinary action.

These 3 pillars form the common framework for all areas of compliance, whether anti-corruption, data protection, duty of care, artificial intelligence, or anti-money laundering.

Compliance Architecture: An “8 + 1” Model

In accordance with the AFA guidelines, a comprehensive compliance framework is structured around 8 main measures and 1 cross-cutting pillar (executive commitment).

  1. A code of conduct clearly stating the expected behaviour of employees and partners.
  2. An internal whistleblowing system ensuring confidentiality and protection for whistleblowers.
  3. Regularly updated risk mapping.
  4. A third-party assessment process (due diligence, KYC, UBO) for assessing the probity of customers, suppliers and intermediaries.
  5. Anti-corruption accounting control ensuring traceability of financial flows.
  6. A training and awareness programme tailored to the positions at risk.
  7. A disciplinary mechanism to punish breaches.
  8. An internal audit and control mechanism assessing the effectiveness of the system.
  9. (+ 1): executive leadership to ensure the consistency and legitimacy of the framework.

This scheme forms the foundation of a model of modern governance. It is no longer a matter of documentary compliance, but rather a culture which is integrated at all levels of the organisation.

A Dedicated Function at the Heart of Corporate Governance

The place of the compliance function within the organisational chart is a crucial issue.

Three models coexist:

  • Reporting to the legal department, the traditional model;
  • Integration into internal control or audit, which remains common;
  • And finally, the autonomous model, favoured by Dassault Aviation, where the Ethics & Compliance department reports directly to the Chief Executive Officer.

This latter model gives the function genuine independence and decision-making power. As such, it can engage in dialogue on an equal footing with other departments and to intervene at an early stage in projects.

In practice, compliance works closely with legal, finance, Human Resources, and audit departments. This cross-functional network illustrates the philosophy behind the compliance system: making compliance everyone’s business, not just that of a single department.

Compliance: Internal and External Challenges

Fostering a Culture of Compliance…

The success of a compliance framework depends not only on well-written rules, but also on the culture that supports these rules. The first challenge is therefore internal: transforming a legal requirement into a collective reflex.

Executive commitment, “tone from the top”, is the first requirement. Without this impetus, no model can last. However, all employees must be convinced that compliance is not just a matter for the legal department, but for everyone. This message is conveyed in the company through training, communication and the example set by a network of ambassadors, training courses and dedicated events such as Ethics Days.

Another, more delicate, challenge is balance business imperatives and risk management. Saying no to an attractive but risky deal remains a test of credibility for the whole organisation. Compliance only makes sense if it can actually block a contract, ultimate proof of its recognition as a strategic rather than symbolic function.

Being able to say no to a high-risk business opportunity is the ultimate proof of a robust compliance framework.

Finally, internal alert management completes this cultural foundation. It must inspire trust, protect whistleblowers and ensure confidentiality. When this internal alert system is functional, it becomes a preventive tool. However, when the internal alert system fails, it undermines collective trust.

… in a Changing and Demanding Environment

Compliance faces multiple external pressures. First, those from supply chains, which are now included in the duty of care. Their integration aims to ensure respect for human rights and the environment throughout the value chain, sometimes in areas where local standards differ significantly. The key lies in supporting and engaging in dialogue with suppliers.

Then comes financial pressure from banks and investors, who may make their support conditional on ESG criteria. In sectors such as defence and aeronautics, this requirement creates a paradox. It is necessary to both support a production that is polluting but essential for national sovereignty and convince others of its ethical compliance. Hence the importance of a robust, traceable, and controllable system.

Finally, emerging technologies (artificial intelligence, automation, cybersecurity) pose new ethical challenges, particularly in a world where legal frameworks diverge, making compliance a matter of international influence.

Compliance is now a factor of influence and a marker of international leadership.

Watch the conference

About him

Former Public Prosecutor and Advisor to the Ministries of Justice and the Interior (Gendarmerie), Emmanuel Dupic is the Director of Ethics and Compliance at Dassault Aviation Group. He teaches at Sciences Po Paris and is the author of several books, including Guide de la compliance (Compliance Guide) and Guide juridique du dirigeant (Legal Guide for Executives), published by StudyramaPro.

menu home publications videos news