FRANCE Law and Practice Contributed by: Sophie Scemla, Didier G Martin, Diane Paillot de Montabert and Calypso Korkikian, Gide Loyrette Nouel
supply chain risks. Chief Compliance Officers, General counsels, communication teams and strategic teams typically attend crisis commit- tees and internal control functions to manage risks and prevent crises. Company boards usu- ally oversee crisis governance. 3.3 Crisis Committees: Composition and Attributes In France, crisis committees play a key role in crisis prevention and management, with their structure and independence varying by sector and governance model. Permanent committees exist in highly regulated industries (finance, healthcare, and infrastruc- ture), while ad hoc committees are formed in response to specific incidents like regulatory investigations or cybersecurity breaches. While many crisis committees include senior executives, compliance officers, and legal coun- sel, companies increasingly appoint independ- ent members – such as ethics experts or exter- nal board directors – to ensure impartiality and regulatory oversight. Crisis committees typically combine multi-disci- plinary expertise (compliance, legal, finance, risk management, cybersecurity, and PR). They can oversee crisis simulations, risk assessments, and regulatory reporting to align their responses and strategies. The level of independence from senior manage- ment varies. Some companies establish board- level crisis oversight committees separate from operational management. 3.4 Crisis Management Team Crisis management teams in France usually combine expertise from multiple fields such
as legal, financial, strategic or communication departments. The Chief Compliance Officer (CCO) ensures crisis response aligns with compliance regu- lations such as the Sapin II Law, the Duty of Vigilance Law, and ESG obligations, oversee- ing regulatory risks and compliance audits. The General Counsel advises on corporate liability and regulatory reporting, while the Chief Risk Officer (CRO) manages risk assessments, crisis simulations, and enterprise-wide risk mitiga- tion. The Chief Financial Officer (CFO) evaluates financial exposure, regulatory disclosures, and reporting risks. The Chief Information Security Officer (CISO) handles cybersecurity incidents, GDPR compliance, and IT risk response. The Public Relations Director co-ordinates external communication and crisis messaging to protect corporate reputation, while the Human Resourc- es Director manages employee-related crisis responses, labour law compliance, and internal ethics investigations. The CCO or General Counsel often leads the cri- sis team, ensuring compliance-driven respons- es. In high-impact crises, the CEO or a Board- appointed executive may take charge, and independent board members or external compli- ance experts are sometimes consulted for gov- ernance oversight. Crisis management teams typically meet quarterly under normal conditions for compliance reviews, crisis simulations, and risk assessments. In an active crisis, meetings occur daily or in real time to adapt response strategies and ensure regulatory compliance. The Crisis Management Team can report directly to the Board, ensuring executive oversight. Audit and risk committees receive regular updates for transparency, while whistle-blower hotlines and compliance dashboards facilitate internal report-
62
CHAMBERS.COM
Powered by FlippingBook