Unpacking the Justice Department’s Compliance Remediation Standards (Part I of II)
The Justice Department has a lot to be proud about when it comes to its FCPA enforcement program. In one area in particular – promoting effective ethics and compliance strategies – DOJ’s FCPA prosecutors have played a leadership role in promoting ethics and compliance programs.
When reviewing the history of compliance, most practitioners point to the impact of the Sentencing Guidelines as the most significant event. It is hard to argue with that since up to that point compliance programs received little to no attention. I would argue that the Sentencing Guidelines had more impact not because of the specific details and ideas contained in the Guidelines but the fact that the Guidelines addressed the compliance issue at all.
The initial impact of the Sentencing Guidelines was repeated in 2010 when the “ethics” amendments were added to the guideline to focus on ethics as an important component of every compliance program.
When it comes to substance, the FCPA enforcement program has done more to promote enhancement and refinement of how companies should design and implement effective ethics and compliance programs. I have often noted (and I repeat myself again) that the most important guidance for compliance is the Hallmarks of an Effective Compliance and Ethics Program contained in six pages of the FCPA Resource Guide issued in 2012. The Justice Department’s explanation of the elements of an effective program provided important instruction to companies and compliance practitioners on implementing a compliance program.
Four years later, in April 2016, the Justice Department advanced the compliance message yet again. In announcing the creation of the FCPA Pilot Program, the Justice Department outlined the requirements for timely and appropriate remediation in FCPA matters. The substance of this requirement reflected the influence of Hui Chen, DOJ’s Compliance Counsel, in developing standards for corporate compliance programs.
In defining the standard for assessing a corporate compliance program and the company’s remediation efforts, the Justice Department outlined a number of important factors, some of which were entirely new. While some of the elements are well known, a few of the requirements reflect growing consensus around certain trends. Let’s review the standards and I will try to highlight some of these important trends.
As an initial requirement, companies are required to implement an effective ethics and compliance program that reflects the size of the company and the resources of the organization. Some of the elements of an effective program are new and require some discussion.
As described in April 2016, the Justice Department noted that an effective compliance program requires:
- A culture of compliance;
- Dedication of sufficient resources to the compliance function;
- An independent compliance function;
- Tailoring of the compliance program to a risk assessment; and
- Auditing of the compliance program to ensure its effectiveness.
Before turning to the new elements, the Justice Department’s specific directive of an “independent compliance function” is not just limited to the “dotted line” to the company’s audit and compliance committee. In contemporaneous statements and speeches, the Justice Department envisions more to this requirement than the theoretical ability to report directly to the board committee. The Justice Department’s statements suggest that prosecutors will look behind the curtain to determine how much authority and independence the CCO possesses. A CCO that reports quarterly to the board, including an executive session, and sits on committees where he/she has a line of sight and contact with other important functions, is likely to satisfy the independence requirement, even if the CCO reports directly to the General Counsel.
DOJ officials went out of their way to emphasize that they were not mandating a CCO report to the CEO or to the board committee for day-to-day issues. They underscored the discretion that a company has to design the compliance function to maximize effectiveness while avoiding specific structural requirements. For all practical purposes, the determination is a case-by-case determination but in the absence of a direct reporting relationship between the CCO and the CEO, it is hard to imagine how the CCO will satisfy the independence requirement, except in relatively smaller organizations where the CCO and General Counsel have a unique and very positive working relationship.