Five Basic Pillars of an Effective Compliance Program
Everyone in the compliance community likes to cite the required elements of an anti-corruption compliance program. The Justice Department and the SEC have described the required elements over and over again in Schedule C of their settlement papers. Forgive me for deviating a little bit from their script but I have a different take on the principles and the practical steps that are required to make a compliance program effective. I will outline what I like to call the five basic principles of an effective compliance program.
At the outset and before we get to the five principles, the most important overriding principle is that compliance is not a formal process but like anything it depends on people. At every step, inter-personal skills are a pre-requisite to success. In the absence of compliance people who know how to motivate employees and know how to relate to people, there is little chance that a paper compliance program will succeed. Personnel choices and human interactions define success.
Assuming that we have the interpersonal skills and staff to make a compliance program work, we need to build a compliance program with these five basic pillars for success:
1. Commitment. The company has to be committed to compliance and ethical conduct. The motivation for this is not to avoid enforcement but to promote ethical conduct as important to the business. Commitment subsumes tone-at-the-top and includes tone-in-the-middle and tone-at-the-bottom. It permeates the organization and is part of every aspect of the business.
2. Accountability. Company directors, officers and employees must be accountable for their actions and held responsible on equal terms. If a compliance program is perceived as dispensing uneven justice it will fail, morale will sink and the company’s compliance performance will falter. Tone at every level depends on equal treatment and commitment of everyone in the company.
3. Transparency. Companies complicate their compliance program when they engage in activities that are not transparent. Prosecutors use secrecy to establish actors’ criminal intent and then impute it to the company. Compliance works best when every action taken is transparent. Compliance decisions need to be considered and resolved in a transparent manner. Companies get into trouble when actors start to make decisions without proper internal review, and participation by all relevant players (audit, legal, management and compliance).
4. Documentation. Over and over, the compliance mantra is to document every action taken, every factor considered and the rationale behind every action. Transparency and documentation are the best defenses against alleged FCPA violations. These two factors combine to negate any inference of criminal intent. The government has to prove “corrupt intent” and documentation of a good faith reason to support a specific action is the best protection against any criminal or civil liability. Documentation has to be built into every compliance policy and program. It does not need to be elaborate but it needs to reflect the good faith consideration of legal issues and the basius for a decision to move forward on a particular matter (e.g. hiring of third-party agent, decision to give a gift to a foreign official).
5. Consistency. Companies worry about specific policies they adopt and implement. For example, what dollar amount should be set for a company to allow employees to pay for a gift, meal, entertainment to a foreign official without seeking approval? Companies wring their hands over questions like this. It is not as important as they think – what is more important is whatever amount is set, that they consistently apply the rule across the board. Whether approval is need for $50 or $500, the consistent application of the prospective rule is more important than the actual amount. This applies for other policies as well. Decide on a policy and apply it consistently across the board. The fact that a company has a policy and applies it uniformly is more important than the actual substance of the policy.
I am sure compliance professionals can come up with more but these are my basic five – if used as a foundation for compliance, and with the inert-personal commitment needed for every program, companies have a great start on an effective compliance program.
Michael, Outstanding advice and thank you for sharing your expertise.I am a relatively new but avid follower of your work,blogs ,and other informative writings.I greatly appreciate your knowledge and more so your altruistic manner in educating other members of the Bar in this highly specialized area of Business law/compliance and plan to implement your experiences into my practice.Best Regards, Raymond
Excellent article, describing 5 critical behaviors that all organizations need to have in order to ensure compliance with all legal and ethical requirements!.
I like the title, yet in the AntiMoneyLaundering field, the Patiot act established “4 Pillars” of Compliance (Compliance Officer, formal Compliance Program, Training and Independent Assessment), and I believe the British Bribery Act has similar requirements…
In my humble opinion, your five behaviors are much more than “compliance” issues: they are anti-fraud and anti-incompetence measures too, specially in public organizations.
Thank you for a great, concise article!