My colleague, Stephen Martin, speaks about the need to have 1-3-5 year plans developed and readily available to upgrade and update your compliance program. He believes that such plans can be useful for several reasons. Initially these plans will be your road map for implementation going forward. Additionally, he believes that such a plan may well be persuasive evidence to a prosecutor or regulator who may be reviewing your Foreign Corrupt Practices Act (FCPA) compliance program. Indeed, this concept is often remarked upon by Lanny Breuer, Assistant Attorney General, for the Criminal Division of the US Department of Justice (DOJ). Last year at Compliance Week 2010, Breuer ended his speech by noting that a compliance program should be “dynamic, not static.” The question becomes how to create such a plan?
In his book, “Achieving 100% Compliance of Policies and Procedures”, author Stephen Page discusses ‘Creating a Review and Communication Control Plan.’ In this section he sets forth several steps for the compliance professional to use in reviewing, creating and implementing updated compliance procedures. A review plan should be created to enable policies and procedures to “remain an integral party of the daily work lives of the target audience.” Page breaks down the process into three main categories: (1) General Review; (2) Ongoing Communications; and (3) Training Campaign.
I. General Review
In this category the compliance practitioner should keep track of “external and internal events which may cause change to business process, policies and procedures.” He lists two examples of these which are new laws applicable to your business organization and internal event driven changes within a company. Such internal changes could be a company reorganization or major acquisition. This type of review appears to be similar to the DOJ advocacy of ongoing risk assessments. In several Deferred Prosecution Agreements (DPAs) announced this year, the DOJ listed several different areas to review, including:
- Interaction with types and levels of Governments;
- Industrial Sector of Operations;
- Involvement with Joint Ventures;
- Licenses and Permits in Business Operations;
- Degree of Government Oversight; and
- Customs and Immigration.
II. Ongoing Communications
In this category Page suggests that communications of the overall policies and procedures should not be a single event but continuous and ongoing. In other words, do not simply post your new policy on your company’s business policy website and let it sit there for years. You should make the announcement of policy implementation more public and such communication should be followed up. Page gives several examples of how policies can be communicated.
- Via company-wide email;
- Posters placed through the physically facilities;
- Strategic placement of information on company bulletin boards;
- In company meetings; and
- In newsletters.
III. Training Campaign
This category reflects Page’s belief that ongoing training is a key component of an effective compliance program. He recognizes that training is constrained by budgetary realities. However there are various formats and media that can be used for training. These include in small workshop groups, presentations at company-wide conferences, smaller departmental meetings, internal webcasts/video casts and training DVDs.
The author concludes by noting that a review plan “is a great tool” for the compliance analyst as it provides a method for the ongoing evaluation of policies and sets forth a manner to communicate and train on any changes which are implemented. More than simply staying current, we believe this approach will help provide the dynamics that Lanny Breuer talks about. Lastly, such a review plan can also guide the compliance practitioner in creating an ongoing game for compliance program upgrade and update that Stephen Martin advocates.
Interested in hearing more great insight from Stephen Martin and some words from myself on the current FCPA compliance program best practices. Join us at the following stops this week on the World Check FCPA Tour.
Wednesday, May 19 from 8-10 AM PDT at the Renaissance Meadowlands Hotel, in Rutherford, NJ. For information and registration details click here.
Thursday, May 20 from 8-10 AM PDT at Mayflower Renaissance Washington, DC, in Washington, DC. For information and registration details click here.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2011