Ethics and Compliance-Part 3 in a Series by Outlook Law, LLC-The Basics of an Effective Program
Earlier in our series, we touched on the Federal Sentencing Guidelines, which outlines seven basic compliance prongs that can be tailored to fit each company. The Government assumes, when reviewing compliance programs, that every effective compliance plan has a formal commitment to these prongs. Taking those seven prongs, many compliance programs break those prongs into individual components on which to focus on as key elements. Depending on the organization, resources may be allocated according to where they are needed. (Please note that the references contained herein refer to the updated 2016 guidelines, not the 2006 guidelines.) In this Part of the Series, we will set forth the following: (1) a broad overview of the sentencing guidelines; (2) a link to the guidelines; and (3) basic elements that build upon the guidelines. Keep in mind that although the sentencing guidelines refer to criminal behavior and conduct, the same type of system can be applied for civil activities. In short, for civil or administrative actions, following the Sentencing Guidelines should be able to be used as mitigating factor.
The Federal Sentencing Guidelines
The Federal Sentencing Guidelines (Guidelines) and its subparts provide the basic landscape and break out of elements needed as the building blocks of an effective ethics and compliance program. These can be found at pages 533-535 at §8B2.1of the Guidelines, a link for which is at the end of this piece. Outlook Law has annotated the Guidelines in bold with familiar terms to assist in translation of the Guidelines into practice.
(1) The organization shall establish standards and procedures to prevent and detect [inappropriate behavior] [criminal conduct]. Standards of conduct, policies and procedures, including a Code of Conduct
(2) (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program. Oversight and accountability by high level personnel in the Company.
(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program. Oversight and accountability by high level personnel in the Company.
(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority. Specific people such as compliance officer or legal department to monitor, oversee the day to day activities of the program, and periodically report up the chain of command.
(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program. Exercise due diligence in hiring personnel, including criminal background checks.
(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subparagraph (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities. Periodically educate on the standards, policy, and procedures of the Company in each respective area to the employees in that department.
(B) The individuals referred to in subparagraph (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents. The education must be embraced by high level personnel- Tone at the Top.
(5) The organization shall take reasonable steps—(A) to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; (B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and (C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation. Audit to make sure the program is up to date, stress test it, and allow for anonymous hotlines and/or emails. Ensure there is a no retaliation policy and follow it.
(6) The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct. What are the built-in deterrents and well as incentives for knowing and following the policies and procedures/Code set forth by the Company?
(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program. (c) In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process. If something happens, evaluated the event/action and adjust the compliance code if such action could have been caught or caught sooner. Adjust accordingly.
Each Guideline has elements which can be built upon as the basic cornerstones for a compliance program. The compliance programs cannot end there as each element, such as a Code of Conduct, should also contain certain content. Later in the series, Outlook Law will explore those building blocks and content. Here is the link to the 600 pages of Guidelines: Sentencing Guidelines