Wifredo A Ferrer(left) and Michael E. Hantman(right) of Holland & Knight.

Historically, many companies failed to create and implement anti-corruption, anti-money laundering, and sexual harassment compliance and training programs. Their reasons were manifold. A sampling of objections we’ve heard over time are below:

  • “We’re so busy that we can’t take time away from making money to address this.”
  • “We’ve had no problems in the past, so there’s no urgent need to make the effort.”
  • “If we ever have trouble, we’ll do it then.”
  • “The money we spend on implementing a program isn’t worth it—no amount of training can assure submission by corrupt employees.”
  • “Our people know the right way to do business.”

Fortunately, these attitudes are waning as companies understand a stark reality: a compliance and training program is synonymous with an insurance policy. No one expects your company offices to catch fire and burn down, but you pay the insurance premiums just in case. As case decisions show, not having a good compliance program can cost millions or shutter the business entirely. Just ask the U.S. company fined over $90 million last year for not maintaining an effective anti-money-laundering compliance program.

It is obviously true that no program can ensure 100 percent employee obedience. But when someone goes rogue (our years of experience shows it’s “when,” not “if”), law enforcement authorities are far less likely to charge the corporation or company executives with crimes if the company tried to ensure employees knew the rules of the road and worked hard to be a good corporate citizen.

Who Needs a Policy?

Virtually every type of company needs one. Proper, up-to-date corporate governance is more important than ever in today’s environment of heightened law enforcement and regulatory scrutiny.

The Department of Justice has grown more sophisticated in recent years, partly by hiring attorneys who served inside corporate compliance departments, and has come to recognize that one size doesn’t fit all. In other words, the government doesn’t expect a startup to have a program as all-encompassing and vigorous as that of a Fortune 100 conglomerate.

But the government does expect your company to have a policy tailored to your business model that is cost-effective, up-to-date, and robust, requiring a modest but important time commitment.

Why is Compliance and Training Important?

Whenever improprieties or ethical lapses are found, the government always asks two questions: what steps did the company take to prevent the misconduct before it occurred, and what did the company do once it learned of the problems? If the answer to the first question is “few if any,” the prosecutors won’t be sympathetic or open-minded to your situation. Prosecutors have great discretion and only so many hours in the day. As such, they prioritize punishing the indifferent over those who tried hard—sometimes in vain—to follow best practices.

Related to this, the U.S. Sentencing Guidelines provide that an organization must have standards of conduct and internal controls reasonably capable of reducing the likelihood of criminal and other improper conduct (Section 8B2.1(b)(1)). When a problem arises, the potential fine in some cases can be reduced by up to 95 percent if an organization can demonstrate an effective compliance program.

In addition, it is foolish to expect employees, third-party consultants, executives, and board members to figure out on their own what they can and can’t do. Many laws and regulations are complex and not obvious or intuitive. In some industries, the regulations are ever-changing. If you don’t provide your personnel with clear rules and procedures, you’ll end up with everyone conducting business a little bit differently, and some running afoul of laws and regulations. Your company will often be liable for this illegality if it benefited the company and you failed to train employees on the right way to conduct themselves.

What Are the New Trends?

International law enforcement cooperation has skyrocketed in recent years. The number of cross-border investigations by law enforcement and regulatory agencies is at all-time highs.  This necessarily means that a larger percentage of companies are investigated today than in decades past.

And late last year, Deputy Attorney General Rod Rosenstein announced a revised Foreign Corrupt Practices Act (FCPA) corporate enforcement policy. The policy provides that the Department of Justice will decline to prosecute if a company: self-discloses wrongful conduct, fully cooperates with law enforcement, disgorges, and implements timely and appropriate remediation (aggravating circumstances can overcome this presumption). Importantly, the new policy also details how the government evaluates an appropriate compliance program, which varies depending on the size and resources of a business. And in March 2018, it was announced that the FCPA policy will be used to evaluate cases in other areas of white-collar enforcement beyond the FCPA. In essence, a company needs a good compliance program if it wants to enjoy the benefits of DOJ’s new policy.

What Does the Government Want to See?

The list of what the government wants to see in a compliance and training program isn’t as long as you’d think. They want to see a “culture of compliance” implemented, emphasized and followed by top company executives who provide sufficient resources to encourage conformity. They want to see training for key personnel, including: employees in high-risk areas, third party consultants, and sales and business development teams. They want to see vigorous internal controls and interdiction screening software along with reasonable and continued due diligence on customers, clients and counter-parties. And they want periodic risk assessments consisting of audits of your program that measure results.

Training and compliance programs are a necessity in today’s day and age. It is very hard to claim your company follows all rules and regulations if your workforce and executives haven’t been educated and trained. The bottom line—a small investment up front in compliance and training can prevent potentially huge costs in the future or, in some instances, losing the entire enterprise.

Wifredo A. Ferrer, former U.S. Attorney for the Southern District of Florida, is currently chair of Holland & Knight’s global compliance and investigations team based in the firm’s Miami office. 

Michael E. Hantman, a former assistant attorney general, is a Miami partner at the firm who focuses primarily on white-collar criminal defense, internal corporate investigations, and compliance counseling. Both are members of the firm’s national white collar defense and investigations team and may be reached at wifredo.ferrer@hklaw.com and michael.hantman@hklaw.com.