Tea Leaves from AAG Caldwell on An Effective Compliance Program
The government is on a public relation campaign. Department of Justice and SEC officials have been making the rounds and giving important speeches on criminal prosecutions, cooperation and voluntary disclosure and ethics and compliance program expectations.
In a recent speech (here), Criminal Division AAG Leslie Caldwell outlined a number of important issues relating to DOJ expectations of company ethics and compliance programs.
DOJ has promoted ethics and compliance programs, and the compliance profession, as the first line of defense against corporate misconduct. DOJ is single-handedly responsible for the additional resources and personnel dedicated to ethics and compliance programs.
As a result, DOJ officials have a responsibility to operate transparently and to communicate its expectations concerning ethics and compliance programs. The FCPA Guidance issued in 2012 is an extraordinary example of DOJ’s commitment to this important role.
Continuing in that tradition, AAG Caldwell provided some important insights in her recent speech.
First, AAG Caldwell emphasized the importance that a compliance program be tailored not just to legal risks but extend to aim to deter and prevent employee misconduct, whether or not the misconduct constitutes a violation of law. To this extent, companies need to focus on their code of conduct and enforcing code violations.
Second, companies need to reexamine their risk assessment process to ensure that it is focused on the appropriate risks. Too many companies are focusing their risk on the risk of a regulatory, civil or criminal enforcement action, rather than the risk of the underlying conduct itself. AAG Caldwell’s concern is significant because it reflects a company’s misunderstanding of its actual risks and the impact of a particular risk occurring. In particular, AAG Caldwell suggested that companies should examine different risks in different areas and types of operations.
Third, AAG Caldwell identified a number of specific concerns when reviewing the hallmarks of an effective ethics and compliance program.
- Corporate management must ensure that its senior leaders provide strong, explicit and visible support for corporate compliance policies.
- Communications and other messaging must reinforce and promote compliance policies through in-person meetings, emails, telephone calls, incentives/bonuses.
- Paper compliance policies, although comprehensive, will not by themselves demonstrate an effective compliance program.
- Compliance teams need adequate funding and access to necessary resources. And they must have “appropriate” stature within the company.
- A company should have an effective investigative process – with sufficient resources to investigate and document allegations fo violations.
- A company should periodically review its compliance program to keep current with evolving risks and circumstances.
- A company should implement mechanisms to enforce its policies and incentivizing compliance and disciplining violations.
- A company should “sensitize” its third parties to the company’s expectation of compliance and must take action if a partner demonstrates a lack of respect for laws and policies.
AAG Caldwell’s speech identifies trends in DOJ’s assessment and review of corporate compliance programs. A company’s program is an important part of the negotiations as to disposition of the company’s case – an effective compliance program can result in a declination even if the program did not prevent or identify the specific conduct at issue in the investigation. DOJ has made this principle clear in its FCPA Guidance, and AAG Caldwell reiterated this point in her speech.