The cornerstone of any best practices compliance program is written protocols. This includes a code of conduct policies and procedures. These elements have long been memorialized in the U.S. sentencing guidelines. The Department of Justice’s Opinion Releases regarding compliance programs, the 2012 FCPA Guidance, 2017 Evaluation of Corporate Compliance Programs and 2017 FCPA Corporate Enforcement Policy.
There are three levels of standards and controls code of conduct standards and policies and procedures. Every company should have a code of conduct which expresses its ethical principles. But a code of conduct is not enough. In the 2012 FCPA Guidance, the DOJ and Securities and Exchange Commission stated, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf. Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.
The Department of Justice has presented us with several questions you can ask around your policies and procedures and your code of conduct. For instance, what has been the company’s process for designing and implementing the code of conduct and policies and procedures. Other questions include, who has been involved in the design of the code of conduct and policies and procedures have the business units been consulted prior to rolling them out. Another area of inquiry is whether the company has implemented policies and procedures which called out the illegal conduct; has the company assessed what are the policies and procedures have been effectively implemented. Any area for consideration is whether the corporate functions with ownership over the policies and procedures been held accountable for their implementation and oversight. Finally, are they accessible to company employees. How is the company communicated the policies and procedures relevant to bribery and anticorruption compliance programs and how is the company evaluated the usefulness of these policies procedures and code of conduct. These are just some of the questions we will explore throughout the month of December.
We are going to consider the basis for your code of conduct and written standards through a deep dive into the code of conduct, the structure, form design and training on the code of conduct of course with operationalization. The same consideration will be given to policies and procedures; revising policies and procedure. We will conclude with a deep dive into policies that the Department of Justice has mandated you have. This will include gifts travel entertainment charitable donations political contributions internal controls facilitation payments and extortion payments third parties and we’re going to have one on cyber security because that’s become such an incredibly important topic.
At the end of this month you will have a very detailed grounding on better written standards for your compliance program. You will be able to utilize the information presented to implement a more effective compliance program for your organization.
Three Key Takeaways
- The cornerstone of any best practices compliance program is written protocols.
- Written standards work to prevent, detect and remediate.
- What are the specific written protocols you should have in your compliance program.
This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on compliance training. Look for dates of one of the top compliance related training going forward.