Satisfying the Seven Elements of an Effective Program Pursuant to the Federal Organizational Sentencing Guidelines
Updated to Reflect 2010 Amendments
Introduction to the Federal Organizational Sentencing Guidelines
In light of numerous corporate scandals and the enactment of the Sarbanes-Oxley Act and related NYSE and NASDAQ listing requirements, the boards of directors for many public companies have taken a greater role in compliance and ethics programs. Amendments to the Federal Organizational Sentencing Guidelines (“Guidelines”) in 2004 increased the level of management and board responsibility for compliance and ethics.
First adopted in 1991, the Guidelines provided for reductions of criminal penalties if a corporation established an “effective program to prevent and detect violations of law.” In light of the beneficial impact of an effective program under the Guidelines, directors have been held to have a duty to make a good faith attempt to ensure the existence of adequate corporate information and reporting systems. A breach of this duty may render a director personally liable for losses caused by non-compliance with legal standards. In determining whether the directors breached their duties to the corporation, courts have examined corporations’ compliance programs to determine whether directors breached their duties.
Effective November 1, 2004, the Guidelines were amended to emphasize the role of corporate management and boards of directors. Following the 2004 amendments, an “effective compliance and ethics program” was defined to include (a) due diligence to prevent and detect criminal conduct and (b) promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law. The amended Guidelines also modified the seven specific elements required to be implemented by a corporation in order to be deemed to have an “effective compliance and ethics program.” The seven elements set forth in the Guidelines have become the de facto baseline for corporate compliance and ethics programs.
Effective November 1, 2010, the Guidelines were amended with changes to the "direct reporting obligations" of chief compliance & ethics officers, remediation requirements, and self-reporting obligations.
Boards and management should review the effectiveness of compliance and ethics programs to ensure that they are fully satisfying the Guidelines. Although a corporation can be held criminally liable for the wrongful acts of employees, the Guidelines allow sentencing courts to reduce the penalties imposed on corporations for those wrongful acts. If a sentencing court determines that a corporation’s compliance and ethics program is effective, there can be significant mitigation of criminal penalties. Another benefit of such programs is that the internal guidelines of the Department of Justice indicate that, in deciding whether to prosecute a corporation, the prosecutor may look to the steps the corporation has taken to implement an effective compliance and ethics program. Therefore, an effective compliance and ethics program may help to avoid prosecution in the first place.
The Seven Elements of an Effective Compliance and Ethics Program
Corporations should take care to ensure that their compliance and ethics program meet the seven elements of an “effective” program under the Guidelines. The following describes those seven elements and discusses the actions that corporations can take to ensure that each element is met:
Element 1: Document standards of conduct and internal controls that are reasonably likely to reduce violations.
The first element required for an effective compliance and ethics program is that the corporation must have established standards and procedures to prevent and detect violations of law. While the standards and procedures must be "reasonably capable of reducing the likelihood of criminal conduct,” they should not be limited to the deterrence and detection of criminal conduct. In order to adequately deter and detect criminal conduct, the standards and procedures should be designed to address a broader range of unacceptable conduct.
Actions To Consider:
· Adopt a Code of Compliance & Ethics (“Code”) that meets SEC and NYSE (or NASD) requirements.
· Ensure that the Code addresses criminal and inappropriate behavior.
· Distribute the Code to all employees, officers, and directors.
· Require an annual affirmation by all officers and directors that they have read and understand the Code.
· Require that all new employees acknowledge that they have read and understand the Code as part of their new-hire orientation.
Element 2: Assign responsibility for overseeing compliance and ethics.
The second element requires that directors and senior management engage in the design, implementation, and maintenance of the compliance and ethics program. The amended Guidelines set forth three specific levels of responsibility for the board, senior management, and the chief compliance and ethics officer: (1) The board must be knowledgeable about the content and operation of the program and exercise reasonable oversight as to both its implementation and its effectiveness. (2) Senior management is responsible for the program. (3) And a specific manager must be assigned overall responsibility for the program, with access to the board and sufficient resources to implement the compliance and ethics program. In addition, if a high-level personnel are involved in an offense, credit is dependent upon the chief compliance & ethics officer must have authority to report misconduct directly to the board of directors and, no less than annually, report on the implementation and effectiveness of the compliance and ethics program to the board of directors.
Actions To Consider:
· Appoint a full-time Chief Compliance & Ethics Officer with responsibility for enterprise-wide compliance, ethics, and business practices.
· Ensure that the Chief Compliance & Ethics Officer has adequate resources and reports to a senior executive.
· Form a Compliance Committee of the Board of Directors to provide oversight of compliance and ethics issues.
· Provide Chief Compliance & Ethics Officer with authority and ability to report misconduct directly to the Board of Directors.
· Provide Chief Compliance & Ethics Officer with opportunity to report annually to the Board of Directors.
Element 3: Prevent delegation of substantial discretionary authority to individuals with a history of engaging in illegal activities or other conduct inconsistent with an effective compliance and ethics program.
The third element for an effective compliance and ethics program is screening of new management personnel for past illegal or unethical conduct. While the careful vetting of CEO’s and other senior managers has long been standard practice, this requirement expands the number of managers who should be screened to include, at a minimum, all employees with substantial authority (such as employees authorized to negotiate material contracts).
Actions To Consider:
· Perform background checks on all new employees, with increasing levels of scrutiny for higher levels of management.
· Perform periodic background checks on all existing employees.
Element 4: Effectively communicate the corporation’s policies and procedures and provide effective training for employees, senior management, and board.
The fourth element is that there must be compliance and ethics training of all corporate personnel. This training should communicate, in a practical and straightforward manner, the corporation’s standards and procedures, as well as other relevant aspects of the compliance and ethics program. Such training should include directors, officers, and employees.
Actions To Consider:
· Regularly communicate to employees regarding compliance and ethics.
· Build a compliance and ethics site on the company intranet.
· Deliver compliance and ethics materials to all employees.
· Distribute a periodic employee bulletin regarding compliance and ethics.
· Include compliance and ethics components in your employee orientation.
· Provide on-line, interactive computer-based compliance and ethics training.
· Provide ethics leadership training to all officers.
· Provide directors with ongoing training on their responsibilities, including ensuring the corporation has an effective compliance and ethics program.
Element 5: Utilize monitoring, auditing, and reporting procedures to detect misconduct and periodically evaluate effectiveness of the compliance and ethics program.
The fifth element is evaluation of the effectiveness of the compliance and ethics program. A corporation must take reasonable steps to ensure that its compliance and ethics program is being followed and is effective in detecting and deterring prohibited conduct. Companies must have anonymous and confidential systems for employees to report concerns with respect to any questionable conduct without threat of retaliation for whistleblowing, and must audit, monitor, and evaluate the compliance and ethics program.
Actions To Consider:
· Publicize the Chief Compliance & Ethics Officer’s e-mail address, phone number, and address for employee questions and violation reporting.
· Outsource a 24/7, toll-free Compliance & Ethics Hotline for employees to report violations confidentially and/or anonymously without fear of retaliation.
· Develop a corporate compliance and ethics audit program.
· Evaluate the compliance and ethics program annually.
· Actively participate in groups such as the Ethics & Compliance Officer Association to benchmark against best practices.
· Monitor new laws, regulations, and rules, and implement changes as needed.
· Formalize the employee exit interview processes to capture, categorize and quantify potential compliance risks that should receive additional scrutiny.
· Implement a self-assessment process for business units to conduct assessments of compliance risks and controls.
· Track training completion rates, pass rates, and questions with high miss rates that may indicate compliance risks.
· Analyze hotline reporting to identify emerging issues by geography, business unit, or risk.
· Conduct employee surveys to assess attitudes, awareness of reporting mechanisms, and identify emerging issues.
· Consider engaging a third party to conduct an assessment of the effectiveness of the compliance and ethics program.
Element 6: Consistently enforce disciplinary measures and provide incentives to perform in accordance with the compliance and ethics program.
The sixth element of an effective compliance and ethics program is the use of incentives and discipline to promote compliance and ethical conduct.
Actions To Consider:
· Impose sanctions consistently when Code violations occur.
· Include a compliance and ethics section in employee performance reviews.
· Make compliance and ethics a factor in salary increases and bonus payments.
Element 7: Respond appropriately to misconduct and take steps to prevent a recurrence.
The seventh and final element of an effective compliance and ethics program is the appropriate response to criminal conduct. The corporation should be prepared to address both specific instances of misconduct as well as any systemic shortcomings that may compromise the effectiveness of the compliance and ethics program. The corporation should "take reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct."
Actions To Consider:
· Implement a written process for coordinating investigations of reported violations with Human Resources, Internal Audit, Legal, and other departments as appropriate.
· Review results of investigations with the Board of Directors and implement appropriate corrective measures and controls with respect to that specific incident and other related control weaknesses.
· Voluntarily report misconduct to appropriate legal and/or government authorities and cooperate with official investigations.
· Pay restitution to identifiable victims.
· Consider retention of outside professional advisors.
An effective compliance and ethics program provides important protections to a corporation in the event of criminal prosecution. In addition, a compliance and ethics program can be presented to outside parties as evidence of an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Management and directors need to be aware of the mitigating impact the Guidelines can have on criminal penalties assessed against corporations if their employees are found to have engaged in criminal conduct. However, mitigation requires senior management and board involvement in ensuring the promotion of and commitment to an ethical corporate culture.
Click Here for Information on Lang Compliance & Ethics Consulting
Lang Compliance & Ethics Consulting