Sarah Lawson, the General Counsel of the U.K.’s Serious Fraud Office (“SFO”), recently emphasized that corporate compliance functions must be well resourced and that the SFO expects such programs should be insulated from routine cost-cutting pressures. This expectation parallels the U.S. Department of Justice (“DOJ”)’s long-standing focus on corporate compliance programs and its own recent focus on ensuring that compliance functions are provided with sufficient resources. Lawson’s statement reminds companies that when regulators – in both the U.K. and the U.S. – make prosecutorial and enforcement decisions, they place great weight on ensuring that compliance programs are effective and supported by senior executives.
In a speech at the TRACE London Forum on October 24, Lawson recognized that compliance departments are sometimes viewed as simply a drain on corporate profits and decried the “daily pressure” on compliance departments to justify their value to their companies. Compliance programs save companies money by reducing the risk that financial crimes will be committed, Lawson explained. For this reason, Lawson noted that compliance teams should be insulated from the business pressures that drive other components within their companies.
Should something ever go wrong, both the SFO and DOJ consider the effectiveness of companies’ compliance programs when deciding whether to bring criminal or civil charges against the company. For example, the SFO considers the effectiveness of companies’ compliance programs when deciding whether to resolve corporate investigations through Deferred Prosecution Agreements (“DPAs”), Lawson said, adding that SFO investigators are being trained on corporate compliance to further this end.
Lawson’s speech aligns with DOJ’s continued emphasis on corporate compliance programs. In April 2019, DOJ’s Criminal Division issued new guidance instructing prosecutors on how to evaluate compliance programs when making prosecutorial decisions in corporate criminal cases. Assistant Attorney General Brian Benczkowski said in a press release announcing the guidance that compliance programs “play a critical role in preventing misconduct, facilitating investigations, and informing fair resolutions” of corporate enforcement actions.
As V&E noted in May 2019, DOJ’s guidance illustrates how resource allocation factors into prosecutors’ evaluation of both the design and implementation of corporate compliance programs. DOJ’s guidance directs prosecutors to consider the sufficiency of personnel and resources available to companies’ compliance functions, including the seniority of compliance personnel, the adequacy of the staff available for the compliance function, and the autonomy of the compliance function.1 The guidance acknowledges “the size, structure, and risk profile of the particular company” determine what degree of support is appropriate for any given company, noting that larger companies may require more formalized compliance programs than smaller companies.2
Because there is no such thing as a one-size-fits-all compliance program, the resources needed to implement an effective compliance program vary from business to business. For companies with dedicated compliance departments, it may be appropriate to equip their compliance teams with relatively senior personnel who are insulated from the incentives that drive the companies’ business functions. Smaller companies whose compliance functions are assigned to employees as additional duties need to ensure that those personnel are given adequate time to devote to their compliance responsibilities, and that they are actually fulfilling those compliance duties. When compliance functions are handled by non-lawyers, companies should ensure that their compliance personnel have ample access to legal counsel, whether from in-house lawyers or dedicated outside compliance counsel.
Regardless of size or profitability, it is important that companies design compliance programs tailored to their individual risks and business operations. As Lawson’s speech and DOJ’s guidance show, simply possessing a compliance program is not enough. To receive the benefit of such a program, senior executives need to support that compliance program, including by allocating sufficient resources to compliance and insulating compliance functions from ordinary business pressures that might hinder their ability to operate. Compliance programs need to be seen as business enhancers, not just as cost drains.