Your Compliance Program
The professionals at Compliance & Competition Consultants, LLC understand that you need to run a business, not operate a legal clinic. Our focus starts with your business, your people, and your style. We design compliance programs to fit the way you do business. Our aim is to make sure that every employee knows his or compliance obligations, as part of his or her job, and is educated, empowered, enthusiastic, and proud to be working for you.
The complete compliance program involves a risk assessment to identify and prioritize compliance risks for your company, creation of tools to address the risks (usually a combination of employee education and business controls), development of employee communication materials, such as a code of ethics and policies on specific subjects, development of training programs, alignment of risk areas to employee responsibilities, establishment of anonymous reporting systems, creation of incentives for compliance, and evaluation of compliance systems.
We can tailor a program to fit the size of your company, your industry, and your own corporate culture. We can assist in the choice of vendors for anonymous reporting systems (“hotlines”), computer-based training programs, records management systems, and management reporting tools. If you already have a system in place, our communications professionals can revise your current materials to be more user-friendly without starting from scratch. And we know how to build business policies and processes to accomplish your business objectives while remaining in compliance with all applicable laws.
When legal services are needed, we work with the law firm of Scharf Banks Marmor LLC, a boutique, women-owned law firm that focuses on corporate compliance and complex commercial litigation. Every attorney in the firm has significant experience in large law firms or major U.S. corporations. It provides sophisticated but practical legal services on an efficient and cost-effective basis to clients. More information is available at www.scharfbanks.com.
Why a Compliance Program?
Legal problems have a variety of consequences to an organization. Severe financial penalties may be imposed on the company or individuals. The company’s reputation will be damaged, and consumers or business partners may be reluctant to do business with it. It may be debarred from government contracts. Individuals in the company may face prison and disqualification from certain professions. The company may be subject to continuing supervision by the government which will restrict its ability to do business. And any allegation, even if ultimately proven to be unfounded, will hurt the company by consuming valuable management time and incurring legal fees which can be significant.
Companies implement compliance programs to reduce the risk of legal violations. The basic structure of a compliance program is simple: a company identifies its areas of risk, and implements systems to manage those risks. But the path to implement a compliance system can be complex. Specific legal requirements intertwine with more subjective concepts of corporate and individual ethics, integrity, and responsibility.
With sufficient resources, it is probably possible to eliminate virtually all compliance risk. But the purpose of a business enterprise is to conduct a profitable business, not to conduct a compliance program, and unduly restrictive compliance programs can also harm a business. The challenge is to implement a compliance program that reduces risk and is practical.
At the same time, the program needs to qualify as an “effective” compliance program under the Federal Sentencing Guidelines. If the compliance program meets these standards, the company may escape prosecution or receive a significant penalty reduction when an employee violates a federal law.
So, the challenge of a compliance officer is to implement a program that a) uses appropriate resources to address the less-than-trivial compliance risks facing the enterprise, b) does not interfere unnecessarily with the day-to-day conduct of the business, and c) still satisfies a prosecutor or judge that the company has implemented an “effective” compliance program. Bearing this in mind, there are certain foundational activities that every organization should undertake, as outlined below.
Reviewing the Elements of Your Compliance Program
A review of a compliance program would involve the activities outlined below. Detailed information about each activity is available by clicking on the title.
- Identification and prioritization of risks facing corporation (risk assessment).
- Test existing compliance program against requirements of Federal Sentencing Guidelines
- Maintaining a culture of compliance.
- Established standards and procedures to prevent and detect criminal conduct
- Knowledgeable and involved board of directors and senior management.
- Responsible senior management.
- Day-to-day operational responsibility with adequate resources.
- No managers who are likely to violate the law.
- Periodic communication about the compliance program.
- Monitoring and auditing to detect criminal conduct.
- Periodic evaluation of the program.
- Systems to anonymously report wrongdoing.
- Incentives and punishments to support the program.
- If there is a problem, reasonable steps to respond appropriately to prevent recurrence.
- Periodic risk assessments.
- Ability of compliance officer to report directly to the board.
- Compliance Program Creation/Enhancement
- Creation of company compliance policies to address key risk areas, with common look-and-feel, ease of understanding
- Creation/revision of general code of conduct
- Training and communication program designed to deliver compliance knowledge aligned to job responsibilities
- Development of business controls to reduce likelihood of violation
- Examination of current program against applicable published standards
- Records management systems: creation of employee-friendly company guidelines
- Creation of system to address third-party risks
- Creation/reinforcement of culture of compliance
- Evaluation and improvement of compliance system
- Analysis of reports, investigations
- Testing of business control systems
- Evaluation of training completion and effectiveness
- Benchmarking with peer group companies
- Implementation of employee survey to design/revise compliance program
- Employee perception of management, company commitment to compliance and ethics
- Employee satisfaction with compliance training, communication tools
- Review of compliance risk in non-wholly-owned operations (economic pressure exacerbates stresses between business partners)
- Creation of protocols for internal auditors to utilize to test delivery of compliance programs (e.g., training) and whether behaviors were consistent with compliance guidelines.
- Current Compliance Risk Areas
- FCPA& Financial Transactions
- Securities/Finance/Corporate Governance
- Will company disclosures regarding executive compensation, including repricing of underwater options violate SEC rules, or trigger private lawsuits?
- Training and communication regarding insider trading, accurate books and records, specific rules under new stimulus or bailout legislation
- Will the financial crisis impact current monetary structure (causing debt instruments to be in default)? Will business partners facing financial pressures become more aggressive in enforcing contract terms (e.g., prompt payment)?
- Are procedures in place to comply with new SEC regulations/ commentary on shareholder rights?
- Expected more aggressive SEC scrutiny/enforcement regarding financing vehicles, insider trading
- Compliance with Dodd-Frank whistleblower and conflict mineral rules
- Plant closures, layoffs, job elimination and local whistleblower risks
- Impact of federal bailout/stimulus laws, including medical benefits, executive compensation limitations
- Affordable Care Act requirements
- Government Contracting
- Establishment of compliance program mandated by FAR
- New mandatory reporting requirements when “credible evidence” received of possible violation
- Qui Tam/whistleblower actions
- Development of data privacy policies to address increased use of electronic communications (particularly social media), personal and legislative concern about privacy
- Risks to business due to government regulation, focused attacks by data thieves and continued carelessness of employees with unsecured data (e.g., lost laptops)
- Increasing regulation by states and foreign governments generates need for individual compliance programs based on location of facility