Thank you for sharing!

Your article was successfully shared with the contacts you provided.
A renewed emphasis on ethics and greater responsibilities for boards of directors are the highlights of recent changes to the U.S. Sentencing Commission’s Sentencing Guidelines for Organizational Defendants. When first enacted in 1991, the guidelines provided only vague suggestions of ways to measure a corporate compliance program. The 2004 guidelines add considerable detail. While some of these changes come from the goals of the Sarbanes-Oxley Act, the commission also reviewed information from other corporate compliance programs to develop the changes. The changes will take effect on Nov. 1, unless Congress acts to change them or change the date. Although the guidelines technically apply only when an organization is being sentenced after having been found guilty of violating a criminal law, they have affected corporate structure and behavior in a more general way. Through the years, the guidelines have become the standard by which a company’s overall corporate ethics and compliance programs are judged. At the 10-year anniversary of the original guidelines, the commission established an advisory group “to review the general effectiveness of [those] guidelines” and to “examin[e] the criteria for an effective program to ensure an organization’s compliance with the law.” The advisory group analyzed data regarding the operation of the guidelines and submitted very specific recommendations on changing the guidelines, which the commission accepted. Two main themes will affect further compliance programs. One theme is ethics: The goal of the guidelines has been to go beyond simple prevention and detection of criminal conduct to the “promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” Second, the 2004 changes continue the trend of focusing attention on a corporation’s board of directors, extending directors’ responsibility more directly into the operation of the company’s compliance and ethics program. These developments will contribute to the continued maturation of such programs. They also present some challenges and opportunities for in-house counsel, compliance professionals, and others who deal with corporate compliance and ethics. Some of the more significant specific provisions of the 2004 changes include new requirements that: • Boards of directors and executives take an active leadership role in the content and operation of their companies’ ethics and compliance programs. In practical terms, senior management and board members are now expected to understand the major risks of unlawful conduct facing their organization, the primary compliance program features aimed at counteracting those risks, and the types of compliance problems that the organization and others with similar operations have recently encountered. • The person ultimately responsible for compliance must be among the “high-level personnel” within the organization. The organization may allow lower-level personnel to manage the program day to day, but this must not hinder a corporation’s board of directors from directly receiving the necessary compliance information. • Companies must now periodically evaluate the overall “effectiveness” of their compliance and ethics programs. In addition, companies should have a “risk assessment to determine the scope and nature of risks of violations of law associated with an organization’s activities.” Those assessments should be used to create the compliance program and to fine-tune it in light of experience over time. • Corporate ethics and compliance training for employees � including senior management and the board � is now specifically required and must be “effective.” This training should be appropriate to these employees’ “respective roles and responsibilities.” This change has two purposes: to eliminate confusion as to whether training is compulsory and to strengthen its dissemination throughout an organization. • Large organizations “should encourage small organizations (especially those that have, or seek to have, a business relationship with the large organization) to implement effective compliance and ethics programs.” • Companies must have a system to allow employees, anonymously if they prefer, to report compliance and ethics violations. Such a system also must provide employees with a way to seek guidance on these issues. The 2004 changes will likely lead to more formal and institutionalized ethics and compliance programs, at least at larger organizations. Yet the 2004 changes will not work in isolation. The following are some of the impacts the changes will have: Director liability. Section 301 of Sarbanes-Oxley requires that the audit committee establish procedures for the confidential submission by employees of questionable accounting or auditing and the treatment of such complaints. This requirement, combined with the 2004 changes’ mandate that the “governing authority” of an organization (the board of directors) “be knowledgeable about the content and operation of the compliance and ethics program,” may make it increasingly difficult for a board of directors to avoid liability by showing that they attempted in good faith to ensure that an adequate corporate information-gathering and reporting system was in place. If a board has received information through the mechanism required by Sarbanes-Oxley and augmented by the 2004 changes, that board may be less able to plead ignorance. Some sort of duty to investigate probably comes from the existence of the information-gathering system. For that reason, simply setting up a system that permits the submission of such complaints or notices, without a reliable means of confirming or refuting the accuracy of those complaints or notices and then taking appropriate action, might create more liability than it satisfies. Employee training. The 2004 changes make employee training a mandatory element of an effective compliance program. What additional steps should an employer take, in conjunction with its employee training, to maximize the benefit that it receives from that training? To start, the organization should be sure that training leads to changes in behavior and that the lessons from that training result in attitudes that conform to the policy, at least in their manifestation. Merely adopting a policy against discrimination will not avoid liability, even for punitive damages, if that policy does not prevent the actions that it supposedly prohibits. In fact, if actions by managers contravene that policy, such a policy might make those actions knowingly reckless or malicious and strengthen the case for punitive damages. Instead, an employer must take additional steps to assure that its employees (especially managers) take that policy to heart in their day-to-day actions. Risk assessments. In the 2004 changes, the commission emphasized that “the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement or modify each requirement [in that guideline] to reduce the risk of criminal conduct identified through this process.” The organization should analyze “the nature and seriousness of . . . criminal conduct,” the “likelihood that certain criminal conduct may occur because of the nature of the organization’s business,” and the “history of the organization.” The risk assessment will also serve another important purpose. Risk assessments that identify the likely violations can help the organization develop training programs for preventing and detecting its most probable forms of unlawful conduct. What would a risk assessment entail? To understand how the behavior of its employees and agents might run afoul of the law and of its own policies and procedures, an organization must analyze what laws and regulations apply to its business and how those requirements can affect its day-to-day operations, whether by creating standards that it must meet or by prohibiting actions it otherwise might take. With that understanding, the firm can review its procedures, determine the points in its operations where problems might come up, and take action to create a program that anticipates the risks. Others’ compliance programs. In the 2004 changes, the commission sought to enlist larger organizations in its efforts to introduce ethics and compliance programs to smaller organizations. Interestingly, this suggestion seems to point to a trend. In its 2000 member survey, the Ethical Officers Association asked if the respondents’ companies formally evaluate their suppliers’ commitment to ethical practices. While only 17 percent of all respondents said that they do, 32 percent of those who worked for large organizations answered yes. Many companies have already adopted corporate social responsibility policies. McDonald’s Social Responsibility Report, for instance, says that McDonald’s has accepted, as an important element of its position in the business world, “a responsibility to be a good neighbor, employer, and steward of the environment, and a unique opportunity to be a leader and a catalyst for positive change.” As large businesses continue with this approach, they will extend the impact of the 2004 changes far beyond what those changes likely can achieve alone. It will mean that the guidelines will be implemented by all organizations, even by those that might otherwise have given little thought to the possibility of a court sentence. Steven A. Lauer is director of Integrity Research, the research arm of Integrity Interactive. He has long worked with leading corporate law departments on managing their legal service. Lauer is formerly assistant general counsel of the Prudential Insurance Co. He has also been an in-house counsel at three other real estate organizations, deputy editor and publisher of The Metropolitan Corporate Counsel, and a consultant and attorney in private practice. He is a faculty member of the Law Partnering Institute and a member of Law Partnering Advocates.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.