Continuous improvement also requires you to consider the backbone of your compliance program, your written Code of Conduct, policies and procedures. Under Prong 9, in the Department of Justice’s Evaluation of Corporate Compliance Programs, it states, Evolving Updates – How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?
Moreover, under Prong 4, the Evaluation considers not only the design of your Code of Conduct but its accessibility with a variety of questions and factors. These include what was considered for your Code of Conduct, how the Code improvement was implemented, whether the gatekeepers were consulted and most importantly whether they bought into the entire process. Finally, is your Code accessible to all employees.
I thought about this updating in the context of your best practices compliance program. The cornerstone of any such compliance program is recognized to be your Code of Conduct. But a Code of Conduct should not be a static document. It needs to evaluated and updated as circumstances warrant. Yet such updating should not be performed in an ad hoc manner. As intoned in the 2012vFCPA Guidance, your compliance program should be thoughtful and well considered. In “Six steps for revising your company’s Code of Conduct”, Anne Marie Logarta and Ruth Ward discussed how you should think through the updating of your Code of Conduct.
- When was the last time your Code of Conduct was released or revised?
- Have there been changes to your company’s internal policies since the last revision?
- Have there been changes to relevant laws relating to a topic covered in your company’s Code of Conduct?
- Are any of the guidelines outdated?
- Is there a budget to update your Code?
After evaluating these initial issues, the authors suggest that you should benchmark your current Code of Conduct against others companies in your industry. If you decide to move forward the authors have a six-point guide that should assist you in making your revision process successful.
- Get buy-in from decision makers at the highest level of the company
Your company’s highest level must give the mandate for a revision to a Code of Conduct. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort. Whoever gives the mandate, this person should be “consulted at every major step of the Code review process if it involves a change in the direction of key policies.”
- Establish a core revision committee
A cross-functional working group should head up your effort to revise your Code of Conduct. They suggest that this group include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally there should be functions within the company represented such as finance and accounting, IT, marketing and sales.
From this large group, Code of Conduct topics can be assigned for initial drafting to functions based on “relevancy or necessity”. These different functions would also solicit feedback from their functional peers and deliver a final, proposed draft to the Drafting Committee. It is incumbent you create a “timeline at the outset of the revision is critical and hold the function representatives accountable for meeting their deliverables.”
- Conduct a thorough technology assessment
The backbone of the revision process is how your company captures, collaborates and preserves “all of the comments, notes, edits and decisions during the entire project.” Technology such as SharePoint or Google Cloud can be of great assistance to accomplish this process even if you are required to train team members on their use.
In addition to this use of technology in drafting your Code of Conduct revision, you should determine if your Code of Conduct will be available in hard copy, online or both. If it will be available online, you should assess “the best application to launch your Code and whether it includes a certification process”. Lastly, there must be a distribution plan, particularly if the Code will only be available in hard copy.
- Determine translations and localizations
You must translate your Code of Conduct into appropriate local languages. This is particularly important if your Code is pre-2012, when the FCPA Guidance came out and made clear that translation into local languages was a minimum of a best practices compliance program. The key is that “your employees have the same understanding of the company’s Code-no matter the language.” The Evaluation also makes this requirement for accessibility mandatory.
- Develop a plan to communicate the Code of Conduct
A roll-out is always critical because it “is important that the revised Code is communicated in a manner that encourages employees to review and use the Code on an ongoing basis.” Your company should use the full panoply of tools available to it to publicize your revised Code of Conduct. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide meeting where the new or revised Code is rolled out across the company all in one day. Recent pronouncements from the Department of Justice (DOJ) have suggested that testing the knowledge of employees on the Code is becoming more important. However, the bottom-line, as with all thing compliance-related, is Document, Document and Document. However you deliver the new or revised Code of Conduct, you must document that each employee receives it and understands it.
- Stay on Target
If you set realistic expectations you should be able to stay on deadline and stay within your budget. They state, “You want to set aside enough time so that you won’t feel rushed or in a hurry to get it done.” They also reiterate that to keep a close watch on your budget so that you do not exceed it.
If you are a compliance practitioner, I urge you to look at your company’s Code of Conduct, policies and procedures. If your Code is pre-2012, you need to update sooner rather than later and consider what the FCPA Guidance says about a best practices Code of Conduct. With the new information presented by the DOJ you need to consider how you can measure how well your employees are retaining it as well. It is far better to review and update if appropriate than wait for a massive Foreign Corrupt Practices Act (FCPA) investigation to go through the process.
Three Key Takeaways
- Continuous improvement includes your Code of Conduct.
- When was the last time you assessed and updated your Code of Conduct.
- Who, what, how are important issues of continuous improvement for your Code of Conduct.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at www.affiliatedmonitors.com.