Program: The Basic Questions
Ted Banks
President, Compliance & Competition Consultants, LLC
Question:What companies need a compliance program?
Answer:Everyone. Why? 1) It is the right thing to do. 2) Companies with a robust commitment to comlpliance and ethics are more successful businesses. 3) A compliance failure can destroy the lives of the individuals involved. 4) Private plaintiffs. 5) Prosecutors don’t mind going after small companies, too – easy pickins!
Question:What does an effective compliance program look like under the U.S. Federal Sentencing Guidelines?
Answer:Follow the steps.
1.An organization must be able to show that it exercised due diligence to prevent and detect criminal conduct, and promoted an organizational culture that encourages ethical conduct and a commitment to compliance with the law.1.
2.The organization will have established standards and procedures2 to prevent and detect criminal conduct.3
3.The organization’s governing authority (i.e., board) shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.4
4.High-level personnel of the organization5 shall ensure that the organization has an effective compliance and ethics program, and specific individual(s) within high-level personnel shall be
1.USSG §8B2.1(a)(1) – (2).
2.“Standards and procedures” means standards of conduct and internal controls that are reasonably capable of reducing the likelihood of criminal conduct. USSG § 8B2.1 Application Note 1.
3.USSG § 8B2.1(b)(1)
4.USSG § 8B2.1(b)(2)(A)
5.High-level personnel of the organization" means individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization. The term includes: a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest. USSG § 8A1.2 Application Note 3(B).
assigned overall responsibility for the compliance and ethics program.6 High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program, shall perform their assigned duties consistent with the exercise of due diligence, and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.7
5.Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority (e.g., Audit Committee), on the effectiveness of the compliance and ethics program.8 If the specific individual(s) assigned overall responsibility for the compliance and ethics program does not have day-to-day operational responsibility for the program, then the individual(s) with day-to-day operational responsibility for the program typically should, no less than annually, give the governing authority or an appropriate subgroup thereof information on the implementation and effectiveness of the compliance and ethics program.9
6.To carry out operational responsibility for compliance, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.10
7.The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization11 any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.12
8.The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents, by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.13
9.The organization shall take reasonable steps to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct. 14
10.The organization shall take reasonable steps to evaluate periodically the effectiveness of the organization’s compliance and ethics program15
11.The organization shall take reasonable steps to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s
6.USSG § 8B2.1(b)(2)(B)
7.USSG § 8B2.1 Application Note 3.
8.USSG § 8B2.1(b)(2)(C)
9.USSG § 8B2.1 Application Note 3.
10.USSG § 8B2.1(b)(2)(C)
11."xz
12.USSG § 8B2.1(b)(3)
13.USSG § 8B2.1(b)(4)(A)-(B)
14.USSG § 8B2.1(b)(5)(A)
15.USSG § 8B2.1(b)(5)(B)
employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.16
12.The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through appropriate incentives to perform in accordance with the compliance and ethics program and appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.17
13.After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.18
14.The organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each element of the compliance program to reduce the risk of criminal conduct identified through this process.19
15.In order to get credit for violations where a high-level person was involved, the compliance program needs to be organized so that the individual with operational responsibility for the program reports directly to board, promptly if a problem, and annually on the program effectiveness. The compliance program must have detected the offense first and promptly reported it to authorities, and no compliance person was part of the offense.20
Question:How do industry, geography, and size factor into compliance programs?
Answer:One size does not fit all. Your compliance program should be tailored to the size of the company, the nature of the business, and the culture of the company. Your program should always be designed to communicate with employees on their level.
Question:How can companies achieve a culture of compliance?
15USSG § 8B2.1(b)(5)(B)
16USSG § 8B2.1(b)(5)(C)
17USSG § 8B2.1(b)(6)(A)-(B)
18USSG § 8B2.1(b)(7)
19USSG § 8B2.1(c)
20USSG §8C2.5(f)(3)(C).
Answer:There are many things that can be done, but the most important is that management at all levls set an example that every employee can follow. The message must be consistent. The result is that employees will follow their leaders, and be proud of their company.
Question:Why compliance needs to be concerned about whistleblowers?
Answer:The growth in federal laws that encourage, protect, and reward whistleblowers should be a warning to every company that if is does not have a mechanism for employees to report wrongdoing, and a culture that make employee comfortable knowing that there will not be retaliation, if there are any compliance problems, they may not find out about them until it is too late.