Compliance and Ethics Programs: The First Line of Defense for Public Companies
In the wake of increased guidance from regulators, companies should expect much less sympathy when they fail to implement programs and policies according to that guidance.
March 27, 2020 at 02:20 PM
8 minute read
"I'm shocked, shocked to find that gambling is going on here," is the famous line by Casablanca's Captain Renault that might best describe the way senior management feels when corporate misconduct is discovered at their company. Because criminal liability may attach to an organization whenever an employee commits an act within the apparent scope of his or her employment, many companies are exposed to huge amounts of liability for the acts of but one, potentially rogue employee. But prosecutors and regulators, both in the United States and abroad, have been increasingly making it clear that being "shocked" to learn of corporate misconduct by a rogue employee is no defense. What will be of assistance to the defense of the company is a thoughtful, comprehensive, and effective compliance program that can induce prosecutors and other regulators to often significantly reduce the applicable fine and sometimes even decline to bring charges in the first place if an organization's program is well thought out and designed to handle real-life business risks.
Most notably and instructive is the DOJ's recent compliance guidance, released in April 2019, giving prosecutors a framework for evaluating the effectiveness of corporate compliance programs. This also gives companies instruction on how to proactively organize their compliance programs within the framework of what the DOJ expects. In the wake of increased guidance from regulators, companies should expect much less sympathy when they fail to implement programs and policies according to that guidance.
|Benefits of Compliance
No compliance program can account for every possible risk. Even comprehensive and generally effective programs may fail—and often do when employees intentionally evade controls. See, e.g., Speech, Deputy Attorney General Rod J. Rosenstein Delivers Keynote Address on FCPA Enforcement Developments, Dep't of Justice (March 7, 2019). Unfortunately, even when an employee acts contrary to the established ethics and compliance program, the company may still be on the hook for criminal liability. At both the charging and sentencing stages, the perceived effectiveness of the company's compliance program will unquestioningly influence the DOJ's determinations and has in the past proven to drastically alter the company's outcome.
The U.S. Sentencing Guidelines grants the court the authority to reduce the sentence based on the existence of an effective compliance program. (U.S.S.G. §8C2.5) This may both reduce the potential fine range a charged company faces and lessen other possible penalties imposed by the court, including the appointment of a monitor or similar overseer.
Even better, the presence of an effective compliance program may affect the prosecutor's decision to bring a charge or charges in the first place. The factors in the U.S. Attorney's manual to be considered when determining whether to bring criminal charges include "the existence and effectiveness of the corporation's pre-existing compliance program" and the corporation's remedial efforts "to implement an effective corporate compliance program or to improve an existing one." Principles of Federal Prosecution of Business Organizations 9-28.300, Department of Justice. Prosecutors face many alternatives to bringing criminal charges, including choosing to only prosecute the offending employees or pursuing civil or regulatory alternatives. In addition to reductions for the compliance program itself, having an effective compliance program also allows companies to flag misconduct early on and obtain reductions for self-reporting and cooperation.
Companies that do not take care to implement effective programs expose themselves to headline-making fines and reputational damage. For example, after its widely reported "fake accounts" scandal, Wells Fargo was fined $3 billion to settle criminal and civil charges, and in early 2020, committed to make "fundamental changes to our business model, compensation programs, leadership and governance." Brian Monroe, Wells Fargo to Pay $3 Billion to DOJ, SEC to Resolve Criminal, Civil Charges Tied to 'Fake Accounts' Scandal, Assoc. of Certified Financial Crime Specialists (Feb. 21, 2020).
|Recent Focus on Compliance
The past few years have seen a focus from regulators on compliance, both in the United States and abroad. Different divisions of the DOJ, Office of Foreign Assets Control (OFAC), and the United Kingdom's Serious Fraud Office (SFO) have all issued guidance on what they expect from corporate compliance programs. May 2, 2019, OFAC Framework for Compliance Commitments; Jan. 17, 2020; UK SFO Compliance Guidance. Companies must tailor their ethics and compliance programs to adequately respond to the array of guidance from different regulators out there.
Most notably, the Criminal Division issued guidance in April 2019, creating a robust framework, including checklists in different categories on what companies should be sure to address. See April 30, 2019, Department of Justice Criminal Division Evaluation of Corporate Compliance Programs. On the same day this guidance was released, the DOJ conducted first-of-its-kind compliance training on evaluating a program's operational functionality. Additionally, Deputy Assistant Attorney General Matthew S. Miner referred to compliance programs as a "super factor" in charging decisions. U.S. Dep't of Justice, Deputy Assistant Attorney General Matthew S. Miner Remarks at the American Conference Institute 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, July 25, 2018.
Also, in 2019, the Antitrust Division updated their manual to address evaluating compliance programs at the charging and sentencing stages, which was not previously considered. Likewise, OFAC recently released a framework for compliance commitments.
Companies that have operations abroad must also be aware of what is expected by other countries' regulators—among these, the United Kingdom's SFO, which in 2020 released guidance similar to the Criminal Division's April guidance. Operations abroad may also lead to Foreign Corruption Practices Act (FCPA) concerns, and companies' policies should be sure to address those risks. March 8, 2019, Foreign Corrupt Practices Act Revised Corporate Enforcement Policy; July 11, 2019.
While companies must still comply with other federal regulations, such as the Sarbanes Oxley Act, as well as state regulations, the focus on compliance from a myriad of regulators should signal to companies the importance of establishing compliance programs in line with current guidance.
|Companies Not Doing Enough
Compliance programs have many opportunities to fail. Programs must comply with a wide array of state, federal, and global regulatory regimes. Strong compliance programs take work, and to the detriment of the company, many suffer from underfunding, poorly structure, and a lack of meaningful risk assessment and review. Hui Chen & Eugene Soltes, Why Compliance Programs Fail—and How to Fix Them, Harv. Bus. Rev., 2018. According to Deloitte and Compliance Week, only 70% of firms attempt to measure the effectiveness of their compliance programs. Id.
|Integrating Recent Guidance Into a Company's Compliance Program
The Sentencing Guidelines provide a baseline for what a company should have included in their compliance program. Companies must at a minimum:
- Establish written procedures;
- Ensure that the company's governing authority understands the content and exercises reasonable oversight;
- Take reasonable steps to identify and remove employees the company knows or should have known have a history of engaging in misconduct;
- Communicate periodically with officers and employees;
- Take reasonable steps to ensure the program is being followed and have a confidential system where employees can report or seek guidance without a fear of retaliation.
The DOJ April 2019 Guidance provide a more comprehensive framework, asking companies to look at three main questions:
(1) Is the program well designed?
(2) Is the program being implemented in good faith?
(3) Does the corporation's compliance program work in practice?
The main areas on which companies should focus include meaningful risk assessment, evaluating "lessons learned", creating a "culture of compliance", providing effective training, due diligence on third-party relationships and targets of mergers or acquisitions, and meaningful review and evaluation of what is and is not working.
|Conclusion
Even the most effective compliance programs cannot account for and prevent every possible instance of misconduct, but given the recent comprehensive guidance, prosecutors will not likely be sympathetic to companies that fail to proactively enforce the procedures and policies in place. Companies must also avoid a "set it and forget it" mentality when it comes to compliance. Rather the company should reevaluate its risk profile at regular intervals and redesign and retrain the employees as the conditions dictate. Properly designed, robust business growth and corporate profitability does not have to be at odds with solid ethics and compliance—in fact, to once again quote Casablanca, it can be "the beginning of a beautiful friendship."
John J. Carney is a partner and co-leader of BakerHostetler's national white-collar, investigations and securities enforcement and litigation team. William B. Waldie is managing director with Alvarez & Marsal's disputes and investigations practice. Kayley Sullivan is an associate with BakerHostetler.
|This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250