Categories
Blog

Ongoing Compliance Assessments: FCPA, UK Bribery Act and OCED Best Practices

One of the requirements consistent throughout the Principles of Federal Prosecution of Business Organization (US Sentencing Guidelines) and its section on corporate compliance programs; the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance, and the UK Bribery Act’s Consultative Guidance is the need for continued assessment of an anti-corruption and anti-bribery compliance program. This posting will review the specifics of each of these documents and will provide to the compliance and ethics practitioner some ideas on how to implement what each of these protocols stress is key component of any best practices compliance program.

US Sentencing Guidelines

The US Sentencing Guidelines state that there should be periodic reviews of a company’s compliance program, utilizing internal resources, such as a company’s Internal Audit function, and outside professional consultants. The OECD Good Practice states that a compliance program should be periodically re-assessed and re-evaluated to take into account any new developments. The UK Bribery Act Consultative Guidance, recently released by the UK Ministry of Justice, requires ongoing monitoring and review by noting that a compliance program and procedures should be reviewed regularly and a company should consider whether an “external verification [of the compliance program] would help.”

Speaking at the Compliance Week 2010 Annual Conference, Assistant Attorney General for the Criminal Division of the US Department of Justice, Lanny Breuer, indicated that such an external verification or assurance of the effectiveness of a compliance program is a key component to assist a company in maintaining a ‘best practices’ FCPA compliance program. He noted that it is through a mechanism such as an ongoing assessment that a company could continue to evaluate its own compliance program with reference to compliance standards which are evolving on a world wide basis.

OECD

In this same speech, Breuer cited as a benchmark for a best practices compliance and ethics program the protocols set forth in the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance. In this protocol the OECD suggested that “periodic reviews of the ethics and compliance programs or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.” Writing in the Society of Corporate Compliance and Ethics Magazine (SCCE) (Vol. 7 / No. 3), Russ Berland explained that this guidance meant that companies should regularly reassess their anti-bribery and anti-corruption compliance program to evaluate and improve its overall effectiveness. Although he did not give a time frame for this regular assessment, Berland noted that any such assessment “should take into account new developments in the area and evolving standards.

UK Bribery Act 

Principle Six of the UK Bribery Act’s Consultation Guidance discusses the need for ongoing monitoring and review. The Principle states “The commercial organization institutes monitoring and review mechanisms to ensure compliance with relevant policies and procedures and identifies any issues as they arise. The organization implements improvements where appropriate.” The reasons for this continued monitoring was to ensure that if, external events like government changes, corruption convictions, or negative press reports occur, an appropriate compliance response is triggered. The Guidance noted that it would be prudent for companies to consult the publications of relevant trade bodies or regulators that could highlight examples of good or bad practice. Organizations should also ensure that their procedures take account of external methods of issue identification and reporting as a result of the statutory requirements applying to their supporting institutions, for example money laundering regulations reporting by accountants and solicitors.

The Consultative Guidance provided advice for companies which covered several specific suggestions. The senior management of higher risk and larger organizations may wish to consider whether to commission external verification or assurance of the effectiveness of anti-bribery and anti-corruption policies. An independent review can provide to a company, which is undergoing structural change or entering new markets, with an insight into the strengths and weaknesses of its anti-bribery policies and procedures and in identifying areas for improvement. Such independent assessment would also enhance a company’s credibility with business partners or to restore market confidence following the discovery of a bribery incident, to help meet the requirements of both voluntary or industry initiatives and any future pre-qualification requirements.

Ongoing Assessment as ‘Best Practices’ 

All three cornerstones of guidance available to the Foreign Corrupt Practices Act (FCPA) compliance practitioner include ongoing assessments as a key component of any best practices program. The text of each document and the remarks by commentators make clear the reasons for such an ongoing assessment. Not only do best practices evolve but companies and business evolve. An assessment is key to measuring where your program currently stands to allow you to know where it needs to be updated.

Attention should be paid to who and how the assessment is conducted. The entity, be it a law firm; professional consultant or other, which designed the FCPA compliance program for your company should not be the assessor. Such assessment would obviously be a conflict of interest. Additionally a drafter usually has blind spots when assessing one’s own work. An outside FCPA compliance professional should be engaged to assess your compliance policy, at no less than every two years, to review and make recommendations to keep your program at the best practices standard.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2010

Categories
Blog

Using Agile for Compliance Innovation

Driving innovation in your compliance program is still seen as one of the most difficult challenges for every Chief Compliance Officer (CCO) or compliance professional. I was therefore intrigued by a recent article in the Harvard Business Review (HBR), entitled Purposeful Business the Agile Way by Darrell Rigby, Sarah Elk and Steve Berez, which discussed how business leaders can “transform a profit-maximizing system into a purpose-driven one without jeopardizing the future of their businesses and their own careers.”
Interestingly, the authors came to their approach due to the post pandemic great resignation, which they posit business leaders have no clue as to why there is such employee action and equally importantly how to adapt to it, stating, “For decades managers trusted influential economists who promised that if businesses maximized profits, an invisible hand would generate greater benefits for all society. That isn’t happening the way they said it would.” Yet business executives went overboard on creating value for shareholders as their only focus. The authors believe that such a myopic approach robs other “stakeholders of value.” That has certainly been the case for businesses treatment of employees. The authors conclude, “One recent manifestation: Record numbers of people are quitting their jobs, and others are hitting picket lines to demonstrate a growing conviction that life is too short to waste on demoralizing work. Concern about social inequities and environmental damage is escalating. The system is out of balance, and the situation is getting worse.”
Business executives stand at the turning point. They can continue down a destructive path or adapt. However, the problem is that most business leaders are afraid to change, afraid to create multiple stakeholders, as opposed to focusing solely on shareholders and do not want to listen to their employees. The authors believe, “agile ways of working can help, turning squishy debates about corporate purpose into real actions and results.” It provided to me numerous tangible ideas about how to drive innovation in the compliance arena. I have adapted the authors ideas for a corporate compliance program. The authors posit several concrete steps you can take, which every CCO and compliance professional should consider for their compliance regime.
Create a Microcosm
The authors suggest an approach not unlike Design Thinking. Here are some of their suggestions.

  • Assemble a multidisciplinary team, including experts outside your silo.
  • Develop deep empathy for users, exploring their goals and frustrations.
  • Examine the current system to identify the causes of those frustrations.
  • Envision a more purposeful system.
  • Describe changes that might improve the system.
  • Prioritize and sequence them.
  • Test potential improvements.
  • Adapt to unexpected effects and side effects.
  • Scale up solutions that enrich the lives of stakeholders affordably.

Every CCO should be comfortable with these suggestions and steps.
Continuous Monitoring Leading to Continuous Improvement
Compliance, like business purpose, should not be viewed as a mechanical watch. In 2008, I heard then Deputy Attorney General (DAG) Lanny Breuer say that a best practices compliance program needed to be nimble and agile. Obviously, continuous monitoring and continuous improvement are mandated parts of a best practices compliance program in 2022. Where the authors expand on this basic component for any compliance program is around five questions you should ask about your compliance innovation.
These include: Does your compliance initiative support your strategic objectives and create important benefits for the stakeholders who have the most impact on the success of your business? Will multiple stakeholders actively support your compliance initiative? Will your investment in this compliance initiative create greater value for a wide variety of stakeholders, more “than would simply writing a check to a more economical innovator?” Finally, your compliance initiative should “test specific hypotheses and mitigate adverse side effects before scaling up the project.”
Do the Right Thing
Setting financial targets is one way of goal setting. However, as the authors note, “Agile helps flip that approach, focusing first on creating value for stakeholders and then on earning adequate profits in the process. Instead of asking, How can we improve profitability without damaging customer and employee satisfaction? they ask, How can we enrich the lives” of various stakeholder’s and employees?
In the 2020 Update to the Evaluation of Corporate Compliance Programs, the Department of Justice (DOJ) made clear that CCOs and the corporate compliance functions were the holders of institutional justice and institutional fairness in a company. In other words, you already have the obligation. Therefore, doing the right thing for both employees and other stakeholders is not something new for compliance professionals.
Prioritize Collaboration
If there is one thing compliance must do it is collaborate. Compliance generally does not have a hammer it can bring down but must lead through influence and working with others. Moreover, engagement with a wide variety of stakeholders in your company is a much better way to get something down as those stakeholders involved will be invested in the outcome if the are involved in its creation.
In the world of agile, the authors report, “A central reason for the success of agile ways of working is that they prioritize teamwork over individual performance. Research by the Standish Group, which has studied the success of IT projects since 1994, shows that agile teams improve software innovation by more than 60%, on average, and by 100% when the innovation is large and complex. Two-thirds of agile teams across a wide range of business functions report better cross-functional alignment, and 60% register higher team morale, according to the State of Agile Report by Digital.ai, a company focused on digital transformations.”
The bottom line is that by embracing these agile concepts, a CCO has a much better chance of implementing innovative change in their compliance program.