Yes, Compliance Programs Still Matter
On September 29, 2014, we asked: “Does a Compliance Program Matter to U.S. Antitrust Enforcers?” After concluding that compliance programs still provide tangible benefits, we offered five factors that companies should consider as they develop their own programs.
In the weeks that followed our post, officials from the Criminal Division of the Department of Justice also emphasized the importance of compliance programs. On October 1, Assistant Attorney General Leslie R. Caldwell spoke at an ethics and compliance conference; less than a week later, on October 7, Principal Deputy Assistant Attorney General Marshal L. Miller also provided guidance. Their remarks identify ten hallmarks of effective compliance programs, which we have grouped into four main categories:
1. Make Compliance A Priority
a. High-level commitment. As we explained on September 29, the “culture of compliance starts at the top” and senior executives must support compliance efforts.
b. Oversight and funding. It is not enough for senior executives to be committed to the policy—they have to actually oversee the implementation of the program. Assigned executives should also have the ability to report directly to independent monitoring bodies, such as the Board of Directors or internal auditors, in order to maintain some independence from management. And, of course, compliance programs need funding and resources to succeed.
c. Internal reporting. A company should have an effective system for confidential, internal reporting of violations.
2. Communicate Clearly
a. Written policies. Compliance policies must be clearly articulated and must be visible throughout the corporation.
b. Training and guidance. Employees must be trained on the policies themselves and what to do when an issue arises. Special attention should be given to overseas offices and subsidiaries, which may not be as familiar with the requirements of U.S. law.
3. Enforce Existing Policies
a. Investigation. A company should take potential violations seriously by investigating and responding to potential violations.
b. Enforcement and discipline. Compliance with the program should be incentivized; violations should be disciplined. Caldwell stressed that responses to violations should be even-handed: “Too often, we see situations where low level employees who may have implemented the bad conduct are fired, but their boss, who saw what they were doing and did nothing . . . is left in place.” Senior managers should also be held responsible for improper conduct. In addition, it is no excuse that illegal activity is rampant throughout an entire industry—compliance programs should be followed even when competitors engage in misconduct.
c. Relationships with third-parties. Where companies have extensive relationships with third-parties, they should also stress the importance of compliance to their business partners.
4. Continue Efforts to Improve
a. Periodic reviews. Developing an initial policy is not the end of the road. Compliance programs must be periodically reviewed and revised over time, especially as companies grow or business lines develop.
b. Monitoring and testing. Be aware of changes in law, business practices, and technology and reevaluate whether compliance programs should be updated over time.