It is interesting that the most significant advances in compliance program requirements have been developed in the context of criminal prosecutions.  Maybe it is because the stakes are so high and the government’s leverage is at its zenith.

The US Sentencing Guidelines’ definition of an “effective compliance program” led to a sea-change in corporate compliance.  The FCPA Guidance is an equally transformative document. 

FCPA enforcement has led the global effort to rid the world of corruption.  At the same time, FCPA enforcement has had a dramatic impact on corporate compliance programs, and the FCPA Guidance is another milestone in that effort.

The FCPA Guidance contains the most fulsome description of government expectations for corporate compliance programs.  The FCPA Guidance sets out important compliance principles and even expands on the US Sentencing Guidelines.  I will examine these specific elements in the second part of this article.

At the outset, the FCPA Guidance discussion on compliance is aimed at proponents of a compliance defense.  DOJ and SEC have set out clear incentives and positive commitments to reward companies which design and implement effective compliance programs.  They went as far as they could without announcing a compliance defense. 

In doing so, the FCPA Guidance gives new life and support to compliance professionals in a corporate organization.  DOJ and the SEC have affirmed the importance of a corporate compliance program, recognizing that they do not expect “perfection,” but a “good faith” design, implementation and program enforcement. 

Most importantly, the FCPA Guidance state’s that “[i]n appropriate circumstances, DOJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation.”

That is a very important statement.  If there ever was an incentive for a company to design and implement a robust compliance program, DOJ and SEC have “promised” they will reward such a program, even when a violation has (or violations have) occurred. 

Tom Fox likes to cite direct questions to frame an issue.  DOJ and SEC have followed Tom’s formula for evaluating a compliance program:

Is the company’s compliance program well designed?

Is it being applied in good faith?

Does it work?

Every company should conduct its own self-assessment using these three questions.  If a company continues to rely on a paper program, or a checklist program, without meaningful review and candid assessment, the company deserves what it ultimately gets. 

Companies no longer have any excuses.  It is either comply or suffer the consequences.