Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 10 – Connected Compliance

Disconnectedness compliance comes from the fact that there is not one system that connects the disparate strands of the compliance discipline. Connected compliance allows a CCO and all those people in the organization working with compliance to have one central place, a system of record for everything they do. This can be their whistleblowing hotline, case management,  training of their employees, or training of their vendor’s policy. It is literally connecting them all so they are running from one central location, and these disparate systems can be monitored from one central location. A key way to think about it is “getting everything under one roof,” as one of the struggles many compliance officers have is that the information they need is literally siloed across different functions of the company. Information can be contained in the sales function, where there may be employee expense data, information on marketing expenses, or charitable donations in the sales organization, but it could be spread among other corporate functions as well.

All of this is what the DOJ has articulated as operationalizing compliance. It first garnered attention in the February 2017 release of the original Evaluation of Corporate Compliance Programs and has only increased with the 2023 ECCP. Since that time, compliance practitioners have steadily worked to move their compliance programs forward onto the front lines of their business units. Connected compliance is one way to do so, but it clearly requires a human element to not only interpret data but to impart the appropriate or required compliance solution. Operationalizing compliance means that you cannot have an annual or even quarterly update on what’s going on in the program. It must be operationalized in such a way that you are sharing information not only with the regional business units of floating up to the corporate compliance folks but also sharing information back and forth with the other business units, procurement, finance, and reacting in real-time.

Three key takeaways:

  1. Connected compliance moves you towards continuous monitoring.
  2. Compliance under one roof.
  3. Never forget the human element.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Blog

The Week That Was in Compliance – The ECCP: Part 1 – Incentives

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we will begin a multi-part review of this document by considering financial incentives.

This section begins with a new introduction which makes clear the seriousness in which the Department of Justice (DOJ) views incentives, both financial and other types of incentives. The ECCP states, “The design and implementation of compensation schemes play an important role in fostering a compliance culture. Prosecutors may consider whether a company has incentivized compliance by designing compensation systems that defer or escrow certain compensation tied to conduct consistent with company values and policies. Some companies have also enforced contract provisions that permit the company to recoup previously awarded compensation if the recipient of such compensation is found to have engaged in or to be otherwise responsible for corporate wrongdoing. Finally, prosecutors may consider whether provisions for recoupment or reduction of compensation due to compliance violations or misconduct are maintained and enforced in accordance with company policy and applicable laws. Compensation structures that clearly and effectively impose financial penalties for misconduct can deter risky behavior and foster a culture of compliance.”

However, the DOJ reiterated that “providing positive incentives, such as promotions, rewards, and bonuses for improving and developing a compliance program or demonstrating ethical leadership, can drive compliance. Prosecutors should examine whether a company has made working on compliance a means of career advancement, offered opportunities for managers and employees to serve as a compliance “champion”, or made compliance a significant metric for management bonuses. In evaluating whether the compensation and consequence management schemes are indicative of a positive compliance culture.”

Neither of these concepts for incentives are new. Financial incentives were a part of the original 10 Hallmarks of an Effective Compliance Program, as delineated in the 2012 edition of the FCPA Resource Guide. It was brought forward in the 2020 2nd edition. Promotions, rewards and bonuses were also discussed in both of those documents as well as other DOJ pronouncements and formulations over the years. However, this is the first time the DOJ has specifically spelled out the role of the ‘compliance champion’ as both an indicia of a best practices compliance program as well as a mechanism to demonstrate a ‘positive compliance culture.’

The ECCP also added a new section on financial incentives which directs prosecutors to specifically evaluate how a company designs and applies financial incentives. It states:

Incentive System – Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethicsconsiderations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?

Rephrasing these questions, a compliance professional might consider them in the following manner:

  1. How does the company incentivize compliance and ethical behavior?
  2. Has the company considered the implications of its incentives and rewards on compliance?
  3. Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?
  4. Have there been specific examples of actions taken (g., promotions or awards denied) as a result ofcompliance and ethics considerations?

These four questions basically breakdown into the following continuum: (1) Assessment, (2) Analysis, (3) Implementation; and (4) Monitoring.

Incentive program assessment. Here you need to review your corporate incentive program for all employees, most particularly the discretionary bonus program but also your non-financial incentives such as promotion. Is your bonus program only related to individual sales, division sales or other similar metric or overall company performance? You can begin with some questions suggested by the ECCP: What role does the compliance function have in designing and awarding financial incentives at senior levels of the organization? Has the company evaluated whether commercial targets are achievable if the business operates within a compliant and ethical manner?

If you do not have any component for doing business ethically and in compliance, your entire compliance program is probably falling short at this point. You should also see if this is a query for promotion and not simply does an employee.

Incentive program analysis. Here you need to see what perverse incentives may exist in your organization. Obviously if meeting your target numbers is the sole criteria, your program is once again falling short. On the promotion front, you need to analyze patterns of promotion to (1) see if any employees with ethical or compliance program violations have been promoted; and (2) also determine if employees are promoted simply for NOT have any ethical violations. This would lead to a review of whether or not promoted employees have been actively participated in improving or maintaining a culture of compliance. How does the company incentivize compliance and ethical behavior? What percentage of executive compensation is structured to encourage enduring ethical business objectives?

Incentive program implementation. After implementation of the incentive program, it must be monitored. The ECCP suggests an inquiry into the following area: Has the company considered the impact of its financial rewards and other incentives on compliance? Additionally, what role, if any, did the corporate compliance function have in advising on the bonus program or participating in setting the bonus and promotion structures?

Incentive program monitoring. Here there needs to be ongoing monitoring of the incentive program, including has the company ensured effective management of the incentive program? The ECCP suggests a review of how much compensation has in fact been impacted (either positively or negatively) on account of compliance-related activities?

Join me tomorrow where I take a deep dive into discipline or the new formulation, “consequence management.”

Categories
Blog

Impact of the Federal Sentencing Guidelines at 30

The Federal Sentencing Guidelines for Organizations (FSGO) by the US Sentencing Commission (USSC) turn 30 this year. For compliance officers, this was perhaps the most significant government release. It did not create the compliance profession, but it certainly put compliance professionals in the forefront of the design, creation and implementation of corporate compliance programs. The FSGO also laid out for the first time, the government’s expectations of what a well-designed compliance program should look like in practice. This led to a dramatic increase in compliance professionals. Earnie Broughton, writing in the ECI blog, said, “In many ways the promulgation of the guidelines was a defining moment in our collective journey in understanding and realizing the benefits of good corporate character.”

In 2021, the Bureau of Labor Statistics reported 291,000 compliance officers in the US. But more than driving the compliance profession and a concomitant increase in compliance professionals the FSGO has in many ways shaped the structure of the 21st century corporation and dramatically improved corporate governance. In these ways, it laid the environmental, social and governance (ESG) foundations. Last month the US Sentencing Commission (USSC) released a summary of the FSGO and how it helped drives these changes, “The Organizational Sentencing Guidelines: Thirty Years of Innovation(the History).

Regarding the FSGO themselves, they take a “carrot and stick” approach to the sentencing scheme that bases the fine range on the culpability of the organization. The guidelines instruct courts to determine culpability by considering six factors. The four aggravating factors, “that increase the ultimate punishment of an organization are: (i) the involvement in or tolerance of criminal activity; (ii) the prior history of the organization; (iii) the violation of an order; and (iv) the obstruction of justice.” The two mitigating factors are: “(i) the existence of an effective compliance and ethics program; and (ii) self-reporting, cooperation, or acceptance of responsibility.” Rather amazingly, the History reported that only 1.5% overall of all organizations sentenced “received the five-point culpability score reduction for disclosing the offense to appropriate authorities prior to a government investigation in addition to their  full cooperation and acceptance of responsibility.” Obviously, there is still room for improvement.

Rather unsurprisingly, the Department of Justice (DOJ) drew heavily on the FSGO for two key documents which laid out the foundations of an effective compliance program. The first was the 2012 FCPA Resource Guide (developed and released jointly with the Securities and Exchange Commission (SEC)) and its update, the 2021 FCPA Resource Guide, 2nd edition. The second was the Evaluation of Corporate Compliance Programs, initially released in 2019, and the 2020 Update to the Evaluation of Corporate Compliance Programs. The History noted that the Evaluation and its update, “was first developed in 2017 under the leadership of the DOJ’s first “corporate compliance expert”” and “provides greater clarity on some key issues prosecutors consider when assessing the adequacy of corporate compliance programs during charging and settlement decisions, by laying out “fundamental questions” that prosecutors should ask about compliance programs:

  • Is the corporation’s compliance program well designed. There were three key questions for consideration:
  • Is the program being applied earnestly and in good faith?
  • In other words, is the program being implemented effectively?
  • Does the corporation’s compliance program work in practice?

The Evaluation and its Update then proceed to describe “in detail the topics that prosecutors should consider when answering those questions.”Demonstrating its influence far beyond the DOJ, SEC and other government agencies, the Delaware court decision in Caremark demonstrates a key effect in the transformation of compliance programs, policies and procedures in the corporate world. The Caremark decision was a departure from prior Delaware case law which said that a board did not have to look for wrongdoing but only had to investigate if informed about it. That was from an old 1963 decision and the Court relied on the 1992 US Sentencing Guidelines to note how such views were no longer accepted. Board obligations had changed by 1996 with the following, “obligation to be reasonably informed concerning the corporation, without assuring themselves that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”

Caremark considered the proposed settlement of a derivative suit seeking to impose personal liability on members of the board of directors. The History noted, “the court considered whether director liability could stem from unconsidered action by the board. After observing that “[t]he Guidelines offer powerful incentives for corporations today to have in place compliance programs to detect violations of law, promptly to report violations to appropriate public officials when discovered, and to take prompt, voluntary remedial efforts,” the court concluded that “[a]ny rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account [the organizational guidelines].”

This meant that a director has a good faith duty to see that the organization establishes adequate information and reporting systems. i.e., a compliance program. No doubt due to the significance of the Delaware courts, “following the Caremark decision, federal and state courts recognized the importance of compliance programs in the context of shareholder derivative suits.” Caremark  and its progeny are now the law of the land regarding corporate governance and compliance across most states in the US.

All of these changes and much more point to the far- and wide-ranging impact of the FSGO.  “What began as an “experiment” to encourage legal compliance and foster more ethical business practices is now widely accepted as a success.” Moreover, “evidence suggests that compliance and ethics programs implemented using the guideline criteria produce positive effects on an organization’s behavior” and that the FSGO has had a significant impact on public and private sector actors.” Finally, the History concludes that the influence of FSGO “is now spreading around the globe, suggesting that the hallmarks of an effective compliance and ethics program have universal appeal.”