With the increased focus by the Obama Administration on financial crimes, health care fraud, and corporate fraud, corporate compliance and ethics programs have never been more important. Effective corporate compliance and ethics programs show a commitment to honest and responsible corporate conduct and improve the quality of corporate practices and reputations within the community. In addition, they also are a factor considered by the United States Department of Justice in determining whether to charge a corporation and by United States District Courts when doling out sentences to convicted corporations.
In April 2010, the U.S. Sentencing Commission voted to change the Federal Sentencing Guidelines pertaining to organizations (“2010 Guidelines”). Barring any congressional action, these changes will take effect on November 1, 2010.
Since 2004, the Sentencing Guidelines permitted a reduction of the culpability score, and subsequently the sentence, for convicted organizations if they had an effective compliance and ethics program in place at the time of the offense. This automatic reduction/credit nonetheless became inapplicable if high-level personnel in the organization (e.g., CEOs, Presidents, etc.) participated in, condoned, or were willfully ignorant of the offense(s).
The 2010 Guidelines seek to make corporate boards more responsible for the effectiveness of their corporation's compliance and ethics programs. Current guidelines give management personnel overall responsibility for oversight of the organization's compliance program. The 2010 Guidelines shift responsibility to the board of directors or audit committee to educate themselves on the organization's compliance program, participate in its implementation, ensure that compliance officials have adequate resources, and have a direct line of communication between a compliance officer and the board or audit committee to report on the program's effectiveness.
In addition, under the 2010 Guidelines, if high-level personnel are involved in the misconduct, the credit might still be available in limited circumstances. For example, the credit will still be offered to organizations if there is a direct reporting line. This direct reporting line requires an organization to authorize the compliance officer to have direct reporting authority for the purposes of informing the board or a relevant committee of any suspected misconduct.
The 2010 proposal also introduces four new components to the receipt of compliance and ethics program credit:
- The head of the compliance program must report directly to the governing authority or appropriate subgroup (e.g., the audit committee of the board of directors);
- The compliance program must discover the problem before its discovery outside the organization or before such discovery was reasonably likely;
- The organization must promptly report the problem to the appropriate governmental authorities; and,
- No person with operational responsibility in the compliance program participated in, condoned, or was willfully ignorant of the offense.
The 2010 Guidelines also clarify the definition of an effective compliance and ethics program for the purposes of a culpability score reduction. This new addition focuses on the steps an organization must take after the detection of criminal conduct.
First, the organization must respond appropriately to the criminal conduct by remedying any harm resulting from the criminal conduct. These steps include, providing restitution or otherwise remedy the harm resulting to identifiable victims, self-reporting, and cooperation with authorities.
Second, the organization must act to prevent any future similar conduct by assessing its compliance and ethics program and making any necessary modifications to ensure the program's effectiveness. The organization is encouraged to consult with an independent professional advisor to ensure adequate assessment and implementation of any modifications.
More generally, the 2010 Guidelines encourage the development of a corporate culture that promotes legal compliance and ethical conduct. The key is adding substance and addressing attitudes towards compliance at all levels, ranging from senior management to employees. Simply having a compliance program is not sufficient. The program must have an actual impact.
To comply with the 2010 Guidelines, organizations should have a standing agenda item that allows for the compliance officer to report any matters of concern during pertinent executive meetings. This involves identifying an individual within the organization who will serve as the compliance officer. If there is an audit committee, the chairperson is an ideal candidate for this role. Once the individual is identified and titled, the organization can set up direct communication authority and specific lines of communication between that individual and the board or any other appropriate board committee. This individual should be responsible for reporting on any criminal conduct at every meeting, as well as making annual reports on the organization's compliance program and compliance initiatives.
In conclusion, it is important to highlight the criteria that must be met in order to ensure the organization is positioned to qualify for the compliance credit even if high level personnel are involved:
- The compliance officer has a direct reporting line to the board or any other appropriate board committee (e.g., audit committee).
- The compliance program is structured to successfully detect an offense prior to its discovery or reasonable likelihood of its discovery outside the organization.
- The organization promptly reports violations to the appropriate authorities.
- No compliance officer participated in, condoned, or was willfully ignorant of the offense.