Introduction

A robust compliance program within a corporation is a critical component of business operations.  It is responsible for detecting, preventing, remedying, and monitoring misconduct.  Maintaining an effective compliance program serves as ample evidence that the corporation is in full compliance with the law and intends to follow it.  A compliance program imposes anti-corruption standards that identifies, prevents, detects, and corrects risks.  Its objective is to promote an organizational culture that promotes anti-corruption and encourages the internal reporting of misconduct for prompt resolution.  It can also protect a corporation’s reputation through its strong anti-corruption and anti-bribery stance and emphasis on ethics.

Compliance programs are a top legal priority for corporations, as the DOJ, FBI, federal prosecutors and other federal agencies often take them into account when making charging decisions and negotiating pleas.  An effective program can therefore lead to leniency in the prosecutor’s decision to proceed against the corporation or individual or can result in reduced prison sentences and penalties.

In this article, we explain ten keys to a successful corporate compliance program.

The Ten Keys

1. There must be a “tone at the top” corporate culture whereby management, the board of directors, and executives assert strong leadership.  It is incumbent upon those charged with responsibility in a corporation to practice what they preach and lead by words and action.  Merely adopting a compliance program and making it available for personnel are insufficient.  Instead, there must be active participation and a clear commitment by upper management, the board, and executive officers.  These individuals should make an effort to act ethically, promote the company’s values and code of conduct, and encourage open and honest communication.  This is an important best practices approach because it helps the corporation limit the potential for bribery, corruption, kickbacks, and other misconduct.

2. The corporation’s code of ethics must be a strong component of the compliance program and easily accessible to all personnel.  The corporation’s code of ethics should set forth a clear and concise commitment against corruption, bribery, and misconduct.  It should emphasize upper management’s commitment to the law and to full compliance.  The purpose of the code of ethics is to delineate the law, proper internal procedures, reporting obligations, and ethical behavior—all of which reinforces the corporation’s position on compliance.  This can sometimes be accomplished through the use of examples of permissible versus impermissible behavior.

3. The compliance program should emphasize an open communication and corporate culture as an intricate part of all business operations.  Similar to the corporation’s optimal stance on the code of ethics, it should also promote an easily accessible corporate culture and commitment to the compliance program.  All company personnel should be advised on the importance of following its compliance program, including the necessity of having such a program and following its provisions.  To further achieve this goal, corporations should utilize periodic audits of its compliance program as well as annual certifications by independent compliance officers. 

4. All personnel within the corporation should receive annual, mandatory compliance training, the training of which should be updated and revised as needed.  Training sessions should be specific to the personnel’s role in the corporation.  For instance, the training for upper management should be different than the training sessions that target compliance officers.  Also, individuals who regularly deal with foreign parties or are intricately involved with conducting foreign transactions should receive more training that emphasizes anti-corruption and compliance with the Foreign Corrupt Practices Act (“FCPA”)—which prohibits individuals and companies from bribing foreign officials to obtain or retain business and requires that companies maintain adequate books, records, and internal controls.  The nature and content of the training should also be updated according to changes in the corporation’s regulatory environment, laws, business environment, third party relationships, and size.

5. The compliance program should include a clear approach of evaluating, assessing, and responding to risks in all business transactions.  Risk assessment procedures are a critical component of an effective compliance program.  These procedures should be hand-tailored to the nature of the business and specific to the types of transactions that the business encounters.  They should also consider the factors presented in the DOJ’s June 2020 memo on the "Evaluation of Corporate Compliance Programs."  Further, transactions that are more likely to involve higher risk—such as mergers and acquisitions, transactions with foreign parties, or third party transactions—should involve a more extensive risk assessment.  The corporation’s risk assessment procedures should be updated based on internal, legal, regulatory, and compliance changes.

6. The corporation should employ consistent and effective due diligence procedures before, during, and after major transactions or business changes.  Significant contractual arrangements, takeovers, M&As, foreign party transactions, etc. all represent the more “high-risk” transactions that should undergo a more rigorous due diligence process.  This process should be undertaken before the transaction is consummated, during finalization, and afterwards by extensive monitoring and documentation.  If the corporation identifies any red flags during its due diligence analysis, these red flags should be documented, analyzed, and promptly remedied.

7. An effective compliance program includes not only appropriate disciplinary measures for individuals violating its provisions but also incentive measures for individuals that promote and follow the compliance program.  It is equally important to reward those who encourage and promote full observance to the compliance program as it is to discipline individuals engaging in misconduct.  The corporation should explain in detail the disciplinary actions to be taken if an individual violates the compliance program, code of ethics, or otherwise engages in misconduct.  It should also make clear that personnel could receive incentives for compliance.  As a part of this approach, the corporation should emphasize that the internal reporting of suspected violations or instances of misconduct is encouraged.  The system of reporting these suspicions—the corporation’s whistleblower program—should be anonymous and free from retaliation.

8. The compliance program should devote significant time to checking the corporation’s internal controls.  Internal controls are designed to detect and prevent discrepancies in business transactions, inconsistencies in payments, or other suspicious accounting activity.  It is vital that the corporation’s internal controls are properly designed and functioning at all times, as this is a core component of an effective compliance program.

9. The corporation should utilize detailed and comprehensive recordkeeping and documentation procedures as a part of its compliance program.  The compliance program should require the timely recording and documentation of all relevant information regarding the business and internal operations of the corporation—especially the sensitive and high-risk transactions.  This is critical because, if an investigation arises, such reporting and documentation serves as an extra layer of evidence that the corporation was in full compliance with the law.

10. The compliance program should be continuously monitored and periodically evaluated and updated, as needed.  An effective compliance program is dependent upon regularly revising and updating its provisions.  The regulatory landscape, laws and regulations, transactions, and size of a corporation are constantly changing, thus demanding a periodic evaluation.  An effective compliance program must always take these changes into account in order to stay abreast of new laws and regulations.  As a result, all personnel should be informed of the updates as a part of their annual training.

Conclusion

A compliance program is paramount for the successful operation and internal maintenance of a corporation.  It helps identify, remediate, and monitor the corporation for suspicious conduct or irregularity.  Having a successful and effective compliance program that is designed appropriately and works in practice demonstrates a good faith effort to be in full compliance with the law.  It can impact prosecutor’s decision to initiate charges against the corporation or individual and can lead to leniency and reduced sentences and/or penalties.  Therefore, adopting these ten keys to a successful corporate compliance program can guard against the risk of a federal investigation and prosecution.

It is critical to receive comprehensive corporate compliance advice and representation from an experienced attorney.  An attorney can advise your business on whether it has an effective compliance program, how to improve its provisions, and how to respond to federal investigations.