The importance of DOJ’s hiring of Hui Chen as Compliance Counsel was recently confirmed by DOJ’s release of new compliance remediation standards for FCPA compliance programs. DOJ has, once again, raised the bar on FCPA compliance programs. Compliance practitioners have a real and significant voice on behalf of the compliance function inside the Justice Department.
In adopting a new pilot program for FCPA enforcement and guidance, DOJ specifically defined compliance remediation as a required factor for a company to be eligible for pilot program benefits, including a possible 50 percent reduction of the fine from the bottom of the range under the Sentencing Guidelines, no appointment of a compliance monitor, and possible declination of criminal charges.
DOJ has set additional and more specific requirements for timely and appropriate remediation of a compliance program. While these requirements apply only to companies seeking credit for disclosure and cooperation, history has demonstrated that once articulated by the government these standards have a way of quickly becoming minimum requirements and informing lists of best practices. For that reason, DOJ’s new articulation of compliance standards is an important event.
The new set of benchmarks and criteria for an effective compliance and ethics program include:
- Whether the company has established a culture of compliance, including an awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated.
This factor appears to incorporate several requirements, including tone-at-the-top, accessibility of clear and concise policies, dissemination of training and compliance messaging to ensure that the anti-corruption compliance requirements are known throughout the company.
- Whether the company dedicates sufficient resources to the compliance function.
This factor, which Hui Chen has articulated in a prior public forum, reflects DOJ’s increasing focus on a company’s allocation of resources to support the compliance function. DOJ’s focus on this issue requires companies to re-examine the nature and extent of its support for the compliance function, and the need to re-examine the overall operation and support of the compliance function.
- The quality and experience of the compliance personnel such that they can understand and identify the transactions identified as posing a potential risk.
This factor, which is relatively new, reflects DOJ’s concern that compliance officers lack adequate experience and knowledge in anti-corruption issues. It suggests that companies will now have to focus on the qualifications and specific experience in anti-corruption issues and related subject areas (e.g. fraud).
- The independence of the compliance function;
In a significant development, DOJ is now willing to examine the overall status of the compliance function within an organization. Without mandating reporting relationships within an organization, DOJ is identifying the manner in which the compliance function operates, meaning is it independent enough to exercise its responsibilities? This new issue raises important implications on a compliance function’s ability to exercise authority and its line-of-sight across the organization.
- Whether the company’s compliance program has performed an effective risk assessment and tailored the compliance program based on that assessment.
This factor is nothing new since it was identified in the Hallmarks of an Effective Compliance and Ethics Program in the FCPA Guidance issued by DOJ and the SEC in 2012.
- How a company’s compliance personnel are compensated and promoted compared to other employees.
This factor is a significant new issue for DOJ to identify, and reflects Hui Chen’s nuanced understanding of the compliance function and the way in which companies demonstrate commitment to the compliance function. A company’s commitment is reflected in the career path created for compliance professionals, promotion opportunities and overall compensation. DOJ has seen companies make real commitments in this area, such as in Wal-Mart’s case where compensation and elevation of compliance professionals was included as part of its remediation plan.
- The auditing of the compliance program to assure its effectiveness.
Again, this factor is nothing new, but reiterates DOJ’s focus on auditing of a compliance program as a means to ensure effective operation. This inquiry would likely extend into auditing efforts of third party intermediaries because of the high-risk nature of those relationships.
- The reporting structure of compliance personnel within the company.
While DOJ has refrained from mandating separation of the compliance and legal functions as a requirement for compliance programs, this factor along with number 4 above, independence of the compliance function, strong suggests that DOJ is supportive of a compliance function that is separately structured, with reporting to the CEO, and a dotted line to the board of directors. By adopting this specific factor, DOJ is now opening up inquiries into how the compliance function operates and its stature within the organization.
- Appropriate discipline of employees, including those identified by the corporation as responsible for the misconduct, and a system that provides for the possibility of disciplining others with oversight of the responsible individuals, and considers how compensation is affected by both disciplinary infractions and failure to supervise adequately; and
This factor contains a significant new requirement for internal investigation and disciplinary procedures. Companies now have to articulate and apply a policy to discipline supervisors and other officials who may not have direct involvement in corruption but who may have had supervisory responsibilities and failed to exercise those responsibilities by ignoring warning signs or failing to follow up adequately on issues.
- Any additional steps that demonstrate recognition of the seriousness of the corporation’s misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.
This factor allows companies to gain credit for enhanced compliance measures designed to responds to potential corruption risks.