top of page


Formerly a legal matter, compliance must now be deployed in every corner of the company.

It is the choice of the legislator which, in recent regulations, requires the implementation of real management systems.

Compliance must now deploy its networks, build effective processes and be able to report quickly to the authorities.

Legal & Digital supports you in the implementation of a pragmatic and equipped vision truly establishing COMPLIANCE by DESIGN.

Compliance is no longer just a cost center, it is a partner who anticipates, advises and supports the business in the simplest, healthiest ways, for truly sustainable development.


With the Highbond platform, Legal & Digital deploys a tooled approach allowing you to bring corruption issues under control in a few weeks.

Develop the essential components of a compliance program!

Attentive to the recommendations of the AFA, the DOJ or the British Ministry of Justice, Legal & Digital continually updates the system put in place.

The control of any compliance program is based on 5 inseparable levels of organization:

  • No policy can be reasonably deployed without the leadership of the General Management and its commitment, in terms of exemplarity, in particular.

  • The management of the problem, the fine and optimized allocation of resources must be guided by a risk approach making it possible to target the actions to be carried out in a “Quick-Wins” logic.

  • The management of fraud and corruption is everyone's business, and it must therefore integrate daily practices in terms of variations of processes and operational control plans.

  • Awareness, communication and training of key personnel is absolutely necessary.

  • Finally, the responsibility and monitoring of corruption issues must be embodied by a manager capable of leading, monitoring and proposing the necessary improvement actions.

  • Rely on the existing

    • Many initiatives already exist in the companies: internal control, quality, Social Responsibility, internal audit, external audit….

    • The SAPIN II approach must be based as much as possible on what already exists. Deploying an agile, learning approach that brings together all the players in the organization is key in the search for efficiency and cost control.



In an increasingly digital world, the EU wanted to regulate data processing to protect its citizens!

Concerned about preserving the fundamental freedoms of European citizens in a now digitalized world, the European Union voted on May 25, 2018 to implement a single regulation governing the processing of personal data.


This regulation aims to meet 3 objectives:

  • Strengthen the rights of individuals, in particular by creating a right to the portability of personal data and provisions specific to minors;

  • Empower the actors processing data (data controllers and subcontractors);

  • Increase the credibility of regulation through enhanced cooperation between data protection authorities, which will be able in particular to adopt joint decisions when data processing is transnational and sanctions are reinforced.

Measures significantly impacting businesses

With in particular:

  • Keeping a register of the processing operations implemented,

  • Notification of security breaches (to the authorities and people concerned),

  • Certification of treatments,

  • Adherence to codes of conduct,

  • The creation of the DPO (data protection officer),

  • Privacy impact studies (EIVP),

  • Obligations extended to subcontractors.

This regulation is intended to make the company responsible, which must itself:

  • Identify your personal data,

  • Make sure she holds them legally,

  • Analyze the risks weighing on this data,

  • Take the appropriate security measures accordingly.


What impact on the organization?

Personal data is likely to be found everywhere within the company and its ecosystem.

No function of the company is a priori immune to this problem.

In addition to this, you need to know more about it.

Usually initiated by the legal or compliance departments, the subject quickly takes on the functions in connection with customers (marketing, sales, after-sales) and with employees (HR, general resources, security). It also involves the people responsible for managing subcontracting (purchasing) and of course IT services (CIO, CISO).

With the HIGHBOND platform, Legal & Digital has digitized the entire function of the DPO by offering stakeholders a unique meeting place.



Due to the trend towards specialization and outsourcing, more and more companies are engaging third parties to perform key functions in their value chain.

Third party activity is generally responsible for about 60% of total revenue. In addition to this, you need to know more about it.

This trend is increasingly creating critical relationships with third parties throughout the economy which, in the case of companies with tens of thousands and even hundreds of thousands of relationships with third parties, can become difficult to understand. control and manage manually.

Third party: Definition

A “third party”, as defined in OCC 2013-29, is any entity with which a company does business. This can include suppliers, subcontractors, business partners and affiliates, brokers, distributors, resellers and agents. Third parties can be both “upstream” (suppliers and sellers) and “downstream” (distributors and resellers), as well as non-contractual parties.

The parallel with the “customer” vision, KYC and the fight against money laundering is immediate.

Third-party management was popularized in 2013 when the Office of the Comptroller of the US Currency stipulated that all regulated banks must manage the risks of all of their third parties.

In France, 3rd-party governance is made popular by:

  • The Sapin2 law on the prevention of corruption and influence peddling,

  • The General Data Protection Regulations,

  • The 2017 law on the duty of vigilance.

These regulations establish the obligation to be concerned with the continuity of control and the respect of the ethical rules of the company beyond its purses, all along the chain of subcontracting, but not only ...

Contractualization & relationship management

Relationship entry & selection

Assessment & verification

Monitoring &


Transition & end of relationship

3rd-party governance <> procurement

3rd-party governance is a concept of risk management that does not replace the management of purchases and supplies. This risk management process supports and controls these activities, it does not replace them.

Buyers, lawyers, accountants and suppliers participate in the process driven by risk management.

3rd-party governance is a continuum of actions throughout the life cycle of the third party.

In addition to this, you need to know more about it.

Legal & Digital has implemented an original approach to end-to-end risk management related to third parties.

bottom of page