More than simply having a Code of Conduct, compliance policies and procedures are required. As former Assistant Attorney General Lanny Breuer articulated, “Your compliance program is a living entity; it should be constantly evolving.” The 2012 FCPA Guidance stated, “When assessing a compliance program, DOJ and SEC will review whether the company’s Guiding Principles of Enforcement have taken steps to ensure that the Code of Conduct remains current and effective and whether a company has periodically reviewed and updated its code.”
After considering these issues, you should benchmark your current policies and procedures against those of other companies in your industry. If you decide to move forward, I suggest a process that can be fully documented to include revisions to your compliance policies and procedures. These points are a useful guide to not only thinking through how to determine if your policies and procedures need updating but also taking practical steps to tackle the problem. You should begin the process now if it has been more than five years since the last update. It is far better to review and update if appropriate than wait for a massive FCPA investigation to go through the process.
Three key takeaways:
- You should do so now if you have not revised your compliance policies and procedures in the past five years.
- Set a timeline and budget and stick to it in the compliance policy and procedure revision process.
- Document your process of revision to demonstrate a more complete operationalization of your compliance program.
Check out The Compliance Handbook, 4th edition, here for more information.