The need for an effective compliance program to assist companies in preventing, detecting and, if necessary, promptly correcting issues before they become problems is nothing new. However, there is an increased focus by the government designed to induce employees to report suspected unlawful conduct by their employers to regulatory agencies. While this focus may benefit consumers and investors, it also raises the real possibility a company will first learn about an issue after an audit or enforcement action has already been commenced, and control of the situation is largely out of the company’s hands. This new era of external enforcement means that companies must place an even greater emphasis on their internal compliance programs. But where to start?
In order to create or revise a compliance program, it is important to remember the basic elements required for an effective compliance program. According to the United States Sentencing Commission Guidelines Manual, in order for an ethics and compliance program to be effective, the organization must, through its Compliance Program, “exercise due diligence to prevent and detect criminal conduct” and “otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” To accomplish these goals, every compliance program must contain seven key elements:
- Compliance standards and procedures reasonably capable of reducing the prospect of misconduct;
- Specific “High-level Personnel” assigned to oversee compliance;
- Care in delegation of authority;
- Effective communication of standards and procedures to all employees;
- Implementation of reasonable compliance measures, such as monitoring, auditing and reporting systems;
- Consistent enforcement through corrective actions; and
- All reasonable steps taken to respond appropriately after an offense has been detected.
These elements naturally leave companies a wide latitude in developing policies and mechanisms to address the particular needs of the company and industry. However, by addressing each of these elements, the company is increasing the likelihood it will learn of, and more importantly be able to address, potential issues before regulators come knocking.