On December 2, at the Novotel Monaco, H2C Conseil will host an information day dedicated to “Panorama 2025 of ACPR and AMF sanctions – Strengthening the prevention of non-compliance risks.” Ahead of this event, H2C founder Henri Calvet gives an in-depth interview on the evolution of internal control, the increase in the level of sanctions, new detection tools, and the central role of the SANCO database, which he himself designed to meet the specific needs of compliance professionals.
I started my career at the Banque de France, within the Banking Commission, where I stayed for about ten years. That’s where I really learned my trade, carrying out document checks and on-site inspections at numerous credit institutions, including banks in Monaco. I then decided to move into the private sector. I joined Compagnie Parisienne de Réescompte, which was then a major player in the Paris financial market and a subsidiary of Crédit Agricole. I headed up inspections in France, the United Kingdom, and the United States, in a particularly dynamic environment combining trading, asset management, and sophisticated financial instruments.
Following a takeover bid for this company, I decided to continue my career at Edmond de Rothschild. For nine years, I worked there first as Director of Inspection, then as Deputy Chief Financial Officer. This institution was one of the most comprehensive in terms of asset management, whether private or collective, the latter covering all asset classes, from money management to private equity and real estate.
Finally, I decided to start a new chapter by becoming an entrepreneur, notably to create the SANCO database, a tool that I would have liked to have had when I was in charge of control systems, but which did not exist at the time. Since 2012, I have been developing this solution, which has become a daily working tool for many financial players. At the same time, I sit on the board of several credit institutions, where I am particularly involved in internal control and compliance issues. These three stages—the public sector, private banking, and freelance work—have a common thread: protecting the balance sheet and image of institutions through internal control and risk management.
The first development is the gradual realization of the need to organize and structure control functions. For a long time, institutions responded to each new regulatory requirement by adding an additional layer, without an overall vision. Today, this logic has given way to a structured and consistent approach. Control mechanisms are now designed with two joint objectives: to meet regulatory requirements and to control costs. In an environment of tight budgets, the productivity of control functions has become essential.
The second change is the increase in the level of resources allocated to control functions. Executive committees are now fully aware that risk management, particularly non-compliance risks, requires high-level skills. Today, these functions are filled by people with prestigious educational backgrounds, which was relatively less common fifteen or twenty years ago. Access to powerful technological tools has also increased.
The third development is the fear of heavy, even extreme, penalties. Cases that have resulted in very significant, sometimes extreme, penalties have had a profound impact on the sector. The extraterritoriality of US law, illustrated by the penalty imposed on BNP Paribas (USD 8.9 billion in 2014) or the AMF’s penalties, such as the €75 million fine imposed on H2O AM in 2022, have created a climate in which institutions know that a serious incident can impact their income statement, equity, and even their reputation on the stock market, in the case of a listed entity. In a hyper-regulated environment, this fear has become a defining factor.
The SANCO database was designed to provide compliance professionals with a tool capable of strengthening the prevention of non-compliance risks in a context where regulations are numerous, evolving, and complex. Unlike traders, for example, who have multiple decision-making tools at their disposal, employees in charge of internal control did not previously have any instrument that systematically compiled compliance incidents that had occurred among their colleagues. They had to search for information that was often scattered and difficult to locate, making this search time-consuming.
The tool lists all sanctions imposed by the ACPR and the AMF since 2003, as well as the judgments of the courts of appeal (it also includes settlements reached between an initially prosecuted person and the AMF, a legal solution that does not exist on the ACPR side). The SANCO database now contains nearly 1,200 decisions.
Each decision is presented in summary form, but the full text is also available. Users can therefore choose between a summary or a full text version of the decision in question. In addition, there is an operational commentary designed to guide employees in building or adapting their internal control systems, updating their risk maps, or preparing training courses.
One of SANCO’s key strengths is its multi-criteria search engine, which allows users to immediately find relevant decisions, whether, for example, to prepare an audit of anti-money laundering systems, to examine acceptable or unacceptable commercial practices, or to illustrate training on market abuse with concrete cases.
The SANCO database is updated quickly whenever a new decision is made public. For example, the recent sanction imposed by the ACPR on Banque Chaabi in Morocco was added just a few days after it was published. This responsiveness is essential for the institutions that rely on the tool, including a Monegasque supervisory authority and several other players in the financial sector. Access is by annual subscription, at a very low cost considering the time saved and the improvement in risk prevention.
The trends we see depend in part on the supervisory authorities’ control programs. Nevertheless, certain key trends seem quite clear to me.
The first concerns the increased focus on anti-money laundering measures. The ACPR has always been strict in this area, but the AMF is now also increasing the number of sanctions and transactions relating to these issues.
The second trend is increased protection for third parties, whether they are bank customers in relation to loans, overdrafts or insurance, or investors in relation to order execution, asset management on behalf of third parties or the marketing of financial products. The authorities want to prevent professional misconduct from harming clients’ interests. Where there is harm to third parties directly related to professional misconduct, this harm is considered an aggravating factor in determining the amount of the sanction, as provided for in the Monetary and Financial Code.
The third trend is the intensification of the fight against market abuse. Such misconduct disrupts the functioning of the markets and can harm certain investors. The AMF is imposing increasingly severe penalties and, in recent years, has equipped itself with more powerful tools to detect such misconduct.
Finally, the supervisory authorities have equipped themselves with considerably enhanced technological resources. A striking example is the sanction imposed two years ago on a regional branch of Crédit Agricole, in which the inspectors used, for the first time, a computer tool enabling them to analyze all clients and all transactions, rather than just a sample. This made it possible to identify anomalies that occurred infrequently and might not otherwise have been detected.
The first lesson is the importance of returning to the rule of law. In the financial sector, this is often complex, evolving, and sometimes poorly understood or misunderstood. Ensuring that it is fully understood is an essential prerequisite.
The second lesson concerns the quality of dialogue between control functions and operational staff. The latter must understand the concerns of the control teams and integrate regulatory requirements into their practices. Controllers, for their part, must be familiar with operating procedures, constraints, and the reality on the ground. A lack of dialogue or a disconnect between these two spheres would be a mistake with serious consequences.
The third lesson concerns the constant vigilance of control functions. In any institution, there will always be an employee willing to cross the line or attempt to circumvent the legal and procedural framework in order to generate business. In some cases, it is the institution itself that chooses to operate in a gray area, as close as possible to the regulatory limit, and sometimes beyond it. Control functions must therefore remain particularly attentive, effective, and productive in order to prevent these risks.
