Companies have to demand a new focus from their CEOs, senior executives and legal compliance team in response to the new DOJ and regulatory initiatives.  These steps are not just suggestions nor items that can be prioritized based on resources.  Instead, these are essential and basic requirements that will inevitably result in significant benefits across the company. 

Step 1: Define, Embed and Monitor Corporate Culture

Everyone has jumped on the corporate culture bandwagon.  Corporate boards and senior management, however, have done very little when it comes to truly developing, implementing and monitoring a company’s culture.  For some, the task has involved defining a culture simply as “we do the right thing.”  That is a cop-out and much more is needed.

Business organizations need to make a deeper commitment and need to do so now.  There are numerous indications that organizations have embraced a higher purpose that incorporates culture as an important objective – the Business Roundtable redefined the purpose of a corporation, and the ESG movement has incorporated corporate culture as a valuable priority.

To address this important priority, organizations need to take two critical steps – to define and embed its corporate culture throughout the organization, from top to bottom, and then build a system to monitor and respond to culture deficiencies.  This is where the rubber meets the road, and corporations need to focus.  Unfortunately, few companies, if any, know how to do these tasks and ethics and compliance professionals have to lead, in partnership with senior management, to ensure that these tasks are completed and done so relatively quickly.

Step 2: Update and Revise Risk Assessment

In the current economic and operational environment, companies are quickly realizing that ongoing risk management requires nimble risk monitoring, assessment and prioritization.  Companies have started to increase their focus on cyber-security risks in response to evolving threats, such as ransomware and other technology developments.  While these risks continue to change, the Justice Department’s renewed embrace of aggressive enforcement with heightened focus on international trade demands a serious commitment to compliance controls, use of technology, and risk monitoring.  Immature trade compliance programs are a recipe for disaster and companies have to respond to this serious risk.

A robust risk assessment and monitoring program with direction from a senior-level Risk Management Committee is an essential step.  Senior management’s commitment has to be confirmed through a structural commitment to a risk oversight committee.  This is an essential tool that corporate boards need to mandate, resource, and establish as soon as possible.

Step 3: Review and Re-Design Executive Compensations Program

The Justice Department’s new compliance compensation mandate has far-reaching implications across a company.  Internal stakeholders, along with ethics, legal and compliance, have to address this issue.  The SEC already has mandated a claw back program for any corporate restatement of earnings.  The Justice Department’s mandate for compliance compensation systems has broader implications and requires careful coordination with human resource and business leaders.  This is an essential task that requires attention – companies cannot rely on existing claw back program without subjecting their programs to a compliance-focused review in accordance with Justice Department’s pilot program.

Step 4: Shore Up Sanctions and Export Control Compliance Program

Unfortunately, companies continue to rely on immature or basic sanctions and export control compliance programs.  Trade compliance officers are the unsung heroes of every corporate compliance program.  They faced unprecedented challenges in response to the global sanctions implemented in response to Russia’s invasion of Ukraine. 

The Justice Department and the Departments of Treasury and Commerce are all gearing up for unprecedented enforcement against companies.  The government is demanding much more than just simple compliance measures – screening, follow up and go-no go decision.  Instead, the government has communicated a strong message – robust compliance programs are mandatory, and those that fail to do so will be prosecuted. 

As noted above, the Justice Department is preparing to focus sanctions and export control enforcement.  A renewed review of sanctions and export controls programs requires the following actions: (1) elimination of trade compliance silos from overall corporate ethics and compliance programs; (2) implementation of internal trade controls to ensure escalation, review and proper diligence of all counterparties and customers; (3) improvement of internal technology and due diligence procedures to include enhanced due diligence, end-user certificates, and additional  investigation to uncover beneficial owners in higher risk counterparties and customers; and (4) robust annual training programs to meet mandated training requirements.

Step 5: Educate and Train Board (and Senior Management) on How to Conduct Oversight and Monitoring of Ethics and Compliance Program

Almost all corporate board members are unfamiliar with the essential elements of an ethics and compliance program.  As a result, corporate boards lack the basic knowledge on how to monitor and oversee the operation and effectiveness of an ethics and compliance program.  This fundamental gap in corporate governance has to be eliminated.

Fortunately, there are a number of solutions to this basic problem. 

First, companies should seek out board members who have prior ethics and compliance program experience and expertise.  There is no question that a company with a single board member possessing such expertise will perform better in the ethics and compliance space.  The inevitable result will be improved effectiveness of a corporate ethics and compliance program and increased probability of sustainable, positive financial performance. 

Second, the Chief Compliance Officer should schedule a training session with the board to explain what information needs to be reported, how often, and the significance of the information to the board (or relevant supervising committee).  Corporate board members will quickly understand why CCOs report information, the significance of the information and the need to follow up on important issues.  It is essential that corporate board members have such training and senior management has to support this effort (and participate in a separate training program on the same topic for compliance oversight and monitoring).

Boards need to recognize that the costs, in both time and money, to develop an adequate program are a true investment in the success of their companies.  Boards who continue to look for near-term cost-savings from a compliance and ethics program are going to fall off the pin they are dancing upon, and may find themselves a whole lot poorer.