A Neglected Compliance Task: Program Assessments
The secret of life is honesty and fair dealing. If you can fake that, you’ve got it made. – Groucho Marx
Sometimes compliance practitioners miss the forest from the trees. They can get lost in the details of their compliance programs, focusing on less significant details and ignoring more important tasks.
The FCPA Guidance, issued by the Justice Department and the SEC in November 2012, provides important instructions on the elements of an effective ethics and compliance program. Everyone should read the Guidance, and in particular the Section, Hallmarks of an Effective Anti-Corruption Compliance Program. The US Sentencing Guidelines provide a general outline of elements but is far less valuable as a compliance tool than the FCPA Guidance.
In its description of important hallmarks, the FCPA guidance identifies the importance of compliance program assessments. Unfortunately, in my experience, CCOs and companies often ignore the value of an assessment.
I admit that I have a vested interest in compliance program assessments since my firm often conducts them for clients. I have seen firsthand the real benefits of a compliance program assessment and the focus that it brings to a compliance program. An assessment provides important insights into how the company’s compliance program is operating. A CCO is often “running and gunning” so quickly that he or she has no time to take a deep breath and carefully inspect, assess and prioritize improvements.
Additionally, a compliance program assessment can give a CCO important insights into the gaps in the company’s existing program. Relying on this analysis, the CCO, along with the board, the CEO and the CCO can prioritize how to address compliance program deficiencies.
On an annual basis, CCOs need to conduct their own internal assessment. Every three years, a CCO should retain outside counsel or professionals to assess the progress made and identify gaps in the compliance program.
CCOs have to create reporting and measurement rules to collect data and assess how a compliance program is performing. A CCO can create such a framework without devoting substantial time or resources. For example, a spreadsheet of each element of an effective ethics and compliance program can be created and used to organize the assessment.
The spreadsheet can focus on the company’s culture and company-wide or region-specific culture surveys; third-party due diligence of agents and distributors; risky interactions between company sales staff and foreign governments; monitoring projects and results; audits; and other traditional measures such as training, certifications, and complaints.
Based on this analysis, a CCO can regularly report to senior management and the board how the company’s compliance program is performing. It is an important framework for analysis of a compliance program, and provides a CCO a ready vehicle by which to seek additional support and resources from the company’s management.
CCOs sometimes fear being truthful with senior management and the board about the company’s compliance program. I frequently characterize this as “happy talk.” CCOs have to avoid happy talk and promote an honest dialogue on ethics and compliance functions.
Whether a CCO falls victim to happy talk is usually established from the beginning of the CCOs relationship with the CEO and the board. If the CCO starts with an honest appraisal of the work needed to improve an ethics and compliance program, he or she is going to have an easier time building credibility through assessments and using such metrics to promote the importance of compliance.