Incident Data and Intra-Company Cooperation
The Justice Department “listens and learns” from companies and compliance practitioners. As part of every enforcement action, DOJ prosecutors review and assess compliance programs in accordance with the standards explained in its recent Evaluation of Corporate Compliance Programs issued on April 30, 2019.
DOJ prosecutors have seen it all when it comes to compliance. Prosecutors have observed compliance train wrecks – companies that have suffered control system failures, leading to large DOJ enforcement actions. Conversely, DOJ prosecutors know what an effective compliance program looks like and how they operate.
DOJ’s release of its compliance guidance reflects its experience and its knowledge on what works and what does not. If you read through the guidance carefully, there are a number of specific statements and recommendations that reflect careful scrutiny of an important issue.
One that stuck out to me was DOJ’s suggestion relating to a company’s confidential reporting and investigation program. In reviewing a company’s program, DOJ suggested that a chief compliance officer should have full access to all reporting and investigation information.
The message behind this mandate is clear – human resources has to provide full access to human resource incident, complaint and investigation data. DOJ addressed this specific issue because of a problem identified in reviewing corporate compliance programs – Human Resources was not sharing incident, complaint and investigation information with the compliance function.
I have written about the fact that Human Resource and Compliance officers are natural partners. They share a common perspective on proactive promotion of a company’s culture – if employees are unhappy, you can rest assured that compliance will have its hands full with minimizing misconduct and threats to the company.
When it comes to training, incentives, promoting a positive culture, identifying cultural problems and implementing innovative controls and monitoring functions, Human Resource and Compliance officers have developed innovative ideas, initiatives and tools.
One clear indicator of a weak corporate culture is when two natural partners like Human Resource and Compliance fail to cooperate and work together to address important issues. On occasion, I have heard about Human Resources refuses to share data with compliance because of the unique nature of employment issues and responsibilities. Such a narrow view of cooperation can be devastating to a corporate culture and a company’s profitability.
DOJ’s reference to this issue reflects its understanding that chief compliance officers need full access to information about a company’s operation. In other words, CCOs need to have line of sight across the organization so that the CCO understands the full scope of the company’s business.
DOJ’s message implicitly reflects its understanding that a CCO is a critical actor responsible for a company’s culture and ethics. A CCO is the natural leader for preserving and promoting the company’s ethical culture. To do so, a CCO needs access to all information across the organization. In this respect, DOJ recognizes that a CCO’s access to incident, reporting and investigation data is a critical part of assessing a company’s culture.