Simply having a Code of Conduct, together with compliance policies and procedures is not enough. As articulated by former Assistant Attorney General Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” The 2012 FCPA Guidance stated, “When assessing a compliance program, DOJ and SEC will review whether the company Guiding Principles of Enforcement has taken steps to make certain that the Code of Conduct remains current and effective and whether a company has periodically reviewed and updated its code.”
After considering these issues, you should benchmark your current policies and procedures against other companies in your industry. If you decide to move forward, I suggest a process which can be fully documented as a basis to include revisions to your compliance policies and procedures. These points are a useful guide to not only thinking through how to determine if your policies and procedures need updating, but also practical steps on how to tackle the problem. If it has been more than five years since the last updates, you should begin the process now. It is far better to review and update if appropriate than wait for a massive FCPA investigation to go through the process.
Three key takeaways:
- If you have not revised your compliance policies and procedures in the past five years, you should do so now.
- Set a timeline and budget and stick to it in the compliance policy and procedure revision process.
- Document your process of revision to demonstrate more complete operationalization of your compliance program.