As the previous article discussed, not only public or multi-national organizations need compliance policies—such policies can benefit a company of any size. However, there is no one-size-fits-all compliance policy or ethics program. Organizations cannot merely give lip service to compliance and ethics policies that they institute. Instead, for a corporation to receive the benefits of having a compliance policy, it must be effective.
What is an effective compliance policy?
The Federal Sentencing Guidelines (FSGs) have outlined the basic elements of an effective compliance and ethics program:
- Compliance standards and procedures that are reasonably capable of reducing the prospect of criminal conduct
- Oversight by high-level personnel
- Due care in delegating substantial discretionary authority to appropriate individuals
- Effective communication to all levels of employees
- Reasonable steps to achieve compliance, which include systems for monitoring, auditing and reporting suspected wrongdoing without fear of reprisal
- Consistent enforcement of compliance standards (including disciplinary measures)
- Reasonable steps to respond to and prevent further similar offenses upon detection of a violation
In late 2010, the FSGs were further amended to strengthen and clarify provisions related to compliance programs:
- Place a premium on having compliance personnel report directly to the governing body of a company or an audit committee that oversees the organization’s compliance and ethics program
- Reward companies that detect an offense internally before its discovery outside the organization, and implement appropriate remediation efforts
- Encourage prompt reporting of an offense to the appropriate governmental authorities
Employers looking to maximize the benefits of a compliance and ethics policy would be well advised to consider ethics training as mandatory and examine whether any existing training covers the following areas:
- Confidential information
- Insider trading
- Conflicts of interest
- Accounting practices
- SOX requirements
- Financial reporting procedures and records maintenance
- Use of company property
- Handling gifts and favors
- Reporting ethical and compliance concerns
Effective, periodic training is required
The FSGs specifically reference the need to proactively communicate the organization’s ethics and compliance program by “conducting effective training programs.” The FSGs impose the requirement that all employees, including high-level personnel, receive periodic training pertaining to their organization’s ethics and compliance standards.
Simple, quick-fix solutions will not satisfy the FSGs. For example, merely distributing a code of conduct will not suffice. While “periodic” is not defined by the FSGs, employers can be guided by how that term has been interpreted in the employment law arena. For example, a review of cases decided by the U.S. Supreme Court shows that the term “period” —within the context of the Equal Employment Opportunity Commission’s (EEOC) requirement for “periodic” harassment and discrimination prevention training—is generally interpreted as every 12 to 24 months. Effective training should also address the gray areas and provide managers, executives and employees with practical skills for identifying required practices and resolving ethical dilemmas.
Calls to update the FSGs
There have been recent calls to update and clarify the FSGs, to comport with the way businesses operate today. Specifically, a blue ribbon panel has suggested that the FSGs be modified to incorporate the following concepts:
- Integrity should be considered in compensation and performance decisions. In other words, an employee’s commitment to ethics should be considered for his or her advancement and compensation within the company.
- Employers should ensure that both senior and mid-level managers proactively support compliance within the organization. Employees may feel most comfortable bringing issues to the attention of their first-level supervisor. While the FSGs encourage a top-down approach, middle managers are very important in effectuating the policies drafted by senior management.
- An employer should be required to devote adequate resources to the compliance program and these resources should be consistent with the organization’s size and geographic complexity. In other words, larger companies might consider decentralizing their compliance office and establishing regional or locally-based personnel to ensure that the compliance/ethics message is understood, local issues are spotted and locally-based employees have a comfortable place where they can go with sensitive issues.
Developing a corporate compliance program that promotes honest and ethical conduct and compliance with applicable laws provides employees with clear expectations and at the same time provides companies with a substantial safety net should an employee violate those principles.