Standards Set by Federal Sentencing Guidelines
Federal sentencing guidelines penalize organizations found guilty of breaches of fiduciary duty or violations of law constituting felonies or Class A misdemeanors, yet provide for significant reductions in penalties for organizations that maintain compliance programs to detect and correct such breaches of duty or violation of law. According to “An Overview of the Organizational Guidelines” by the Deputy General Counsel of the United States Sentencing Commission (USSC Overview):
While organizations cannot be imprisoned, they can be fined, sentenced to probation for up to five years, ordered to make restitution and issue public notices of conviction to their victim and exposed to applicable forfeiture statutes. Data collected by the Sentencing Commission reflects that organizations are sentenced for a wide range of crimes. The most commonly occurring offenses (in order of decreasing frequency) are fraud [which includes breach of fiduciary duty], environmental waste discharge, tax offenses antitrust offenses, and food and drug violations.
The organizational sentencing guidelines apply to for-profit corporations, partnerships, limited liability companies, labor unions, pension funds, trusts, nonprofit organizations and governmental units. According to the USSC Overview, “Guidelines are designed to further two key purposes of sentencing: ‘just punishment’ and ‘deterrence’. Under the ‘just punishment’ model, the punishment corresponds to the degree of blameworthiness of the offender, while under the ‘deterrence’ model, incentives are offered for organizations to detect and prevent crime.”
An organization can be subject to criminal liability whenever an owner, director, officer, employee or other agent or representative of the organization commits an act within the apparent scope of his or her employment, even if the agent or representative acted directly contrary to company policy and instructions. An entire organization, despite its best efforts to prevent wrongdoing in its ranks, can still be held criminally liable for the illegal actions of any of its agents or representatives. However, the degree of liability can be mitigated if the organization had an effective compliance program in place at the time of the breach of fiduciary duty or violation of law. According to the USSC overview, an “effective compliance program” contains standards and procedures reasonably capable of reducing the prospect of breaches of fiduciary duty or violations of law through:
- Oversight by high-level personnel
- Due care in delegating substantial discretionary authority
- Effective communication to all levels of employees
- Reasonable steps to achieve compliance, which include systems for monitoring, auditing and reporting suspected wrongdoing without fear of reprisal
- Consistent enforcement of compliance standards, including disciplinary mechanisms
- Reasonable steps to respond to and prevent further similar offenses upon detection of a violation
Accordingly, the American Bar Association’s Corporate Directors Guidebook, 5th Ed. (ABA Guidebook), provides that “directors should periodically satisfy themselves that an appropriate process is in place to encourage attention to legal compliance issues and claims against the corporation and the timely reporting of significant legal or other compliance matters to the board or an appropriate board committee.”
According to the ABA Guidebook, organizations “should have formal written policies designed to promote compliance with law and corporate policy, which should be periodically monitored for effectiveness, particularly if the corporation operates in an industry subject to laws and regulations that demand special compliance procedures and monitoring." Although public companies initially assigned compliance oversight to the audit committee, the trend has been to form a separate compliance or legal affairs committee because of the burdens already on the audit committee.
The seven key elements of an effective compliance program according the Sentencing Commission and Office of Inspector General are:
- Designation of a Board-Level Compliance Committee and a Compliance Officer as an Executive Officer. Doing so satisfies the most important requirements of the USSC Overview: oversight by high-level personnel. Following the trend of public companies, we recommend that the board-level compliance committee be a committee separate from the audit committee and composed of persons with background or experience to evaluate legal and compliance matters. As discussed below, the compliance committee should report matters that may affect financial reporting to the audit committee and material matters to the board as a whole. The compliance officer should be an executive officer with reporting responsibilities to the CEO, general counsel (either inside or outside) and the compliance committee.
- Written Charters Policies and Procedures. Policies should be developed that address: written charters of the compliance committee; reporting channels, authority and responsibilities of the compliance officer (including when to report to the compliance committee directly, when to report to the general counsel and when to report to the CEO); whistle-blowing procedures and protections; standards of conduct; and written policies and procedures that promote the organization’s commitment to compliance and address specific risk areas of the organization
- Conducting Effective Training and Education. Regular, effective education and training programs should be developed and implemented for all employees, especially programs on identifying compliance violations internally and whistle-blowing procedures.
- Effective Lines of Communication. A process should be developed, such as a hotline to receive complaints and the adoption of procedures to protect the anonymity of complainants and protect whistle-blowers from retaliation. We recommend that whistle-blowing procedures be handled by the compliance officer or general counsel and if an appropriate response is not received from either of them then referred to the compliance committee.
- Enforcing Standards through Well-Publicized Disciplinary Guidelines. A system should be in place to respond to allegations of improper/illegal activities and enforce appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or federal health care program requirements.
- Auditing and Monitoring. Audits and/or other evaluation techniques should be used to monitor compliance and assist in the reduction of identified problem areas. The compliance committee, compliance officer, CEO, CFO and general counsel should each have a direct reporting responsibility to the audit committee to report any matter that may affect financial reporting.
- Responding to Detected Offenses and Developing Corrective Action Initiatives. Systemic problems should be investigated and policies addressing the non-employment or retention of sanctioned individuals be developed. We recommend the general counsel or special outside counsel oversee this.