Thank you for sharing!

Your article was successfully shared with the contacts you provided.
In May 1991, the U.S. Sentencing Commission released new guidelines for punishing businesses for criminal misconduct. Included in this historic announcement was a blueprint for how companies can prevent crimes such as corporate fraud, bribery, and collusion. Now referred to as “the seven elements of effective compliance,” this framework promulgates the underlying theory that if a business received a sentencing break for having a bona fide compliance program, it would encourage companies to take crime prevention seriously. On the 20th anniversary of these guidelines, can we say the Commission’s strategy worked? Yes and no. Proposing a specific list of compliance “must haves” to the corporate world gave birth to an entire industry focused on building and maintaining corporate compliance programs. In the past decade, as corporations have been hit with billions in criminal fines in enforcement actions around the world, companies have scrambled to implement protocols to prevent prosecution. Today, virtually all public companies (and the majority of private ones) have compliance programs. From this vantage point, the Commission’s strategy worked. But 20 years later, the Commission’s definition of “compliance” is no longer the ultimate guide; its seven-part definition of compliance, amended in 2004, is just one of several standards for measuring a company’s compliance efforts. The British Ministry of Justice, for example, recently released guidance for its new Bribery Act, which contains six core principles for “adequate procedures designed to prevent misconduct.” Companies that adopt such procedures will be excused from liability for bribes paid on their behalf. Last year, the Organization for Economic Cooperation and Development issued 13 “good practices” for avoiding corruption. Transparency International, a leading anticorruption organization, has nine “business principles for countering bribery.” Complicating the compliance landscape further, the U.S. Department of Justice’s anticorruption prosecutors often insert their own compliance program requirements into settlement agreements with companies they are prosecuting. In light of these recent developments, what’s a compliance-minded company to do? Where should it look when evaluating the effectiveness of its program? Should multinational corporations still measure their crime prevention efforts against the U.S. Sentencing Guidelines’ 20-year-old definition? The good news is that the newer compliance guidelines have a lot in common with the old ones. Despite the variety in length and language, they each touch upon five key issues a company’s compliance program must address to satisfy law enforcement requirements. Here’s a quick look at what’s required in each category: Leadership: A successful compliance program must have the full support of senior management. But today’s compliance standards require even more. Companies must also have high-ranking compliance officers with the authority and resources to manage the program day-to-day. Risk Assessment: In 1991, the Sentencing Commission did not identify risk assessment as one of the essential elements of a compliance program. Today, enforcement officials consider it a crucial component. What changed? The answer may be globalization. As multinationals grow more dependent on global supply chains, they must know the nature of business risks by region, industry, transaction, etc., to ensure that their compliance efforts are effective everywhere they operate. Standards and Controls: It would be hard to find a global company today that doesn’t have a code of business conduct. But enforcement authorities require much more detailed written policies and procedures. For example, companies can’t just state that their representatives are prohibited from paying bribes. They must have clear protocols for screening their partners, distributors, and local agents for criminal misconduct. Training and Communication: Webinars, video conferencing, and online testing have made it much easier for companies to train their officers, employees, and third parties on prohibited conduct. But enforcement officials want to know if the message has really gotten through. Thus, they often scrutinize company training for its audience, mode, and frequency. Live training is the preferred method for employees in higher-risk situations. Oversight: Two of the seven compliance elements in the U.S. Sentencing Guidelines call for monitoring, auditing, and responding quickly to allegations of misconduct. The U.K. government also identified monitoring and review as one of the six principles for adequate compliance with the 2010 Bribery Act. This reinforces the reality that companies are not only responsible for implementing compliance policies, but also for making sure that their workforces are actually complying. If history is any indication, we are sure to see new lists of compliance requirements in the future. So far, however, compliance programs that address these five categories will satisfy the wide variety of law-enforcement expectations. But this leads us to another important question: Does it really matter? The Justice Department requires its prosecutors to determine if companies have pre-existing compliance programs (i.e., compliance credit) when deciding whether to bring charges against them. I had the opportunity to affirm this policy when I issued revised guidance on corporate charging in 2006 [PDF]. But do prosecutors give compliance programs the appropriate weight during this process? And what criteria do they use to perform these evaluations? In my experience, compliance credit has a long way to go. Enforcement officials have been far more interested in rewarding cooperation, because any incriminating information provided to them helps them to make their cases. Compliance credit would potentially let companies walk away. However, the goal of reducing corporate misconduct will never be achieved through enforcement alone. Businesses would have greater incentive to self-police if they knew that such efforts could protect them from costly penalties. No one wants to let white-collar criminals off easy, but there’s a big difference between individual liability and punishing shareholders for the misdeeds of a few. That’s the important distinction the Sentencing Commission established 20 years ago in proposing reduced penalties for convicted companies that had compliance programs. In the spirit of this historic precedent, it’s time for prosecutors to give companies’ compliance efforts more serious consideration when deciding whether to charge them. Paul McNulty is the former U.S. Deputy Attorney General and author of the McNulty Memo, which identifies the factors federal prosecutors must consider when determining whether to charge a company with criminal misconduct. He now chairs the Global Corporate Compliance Steering Committee at Baker & McKenzie, a global law firm. Based in Washington, D.C., he can be reached at [email protected] .

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.