In recent days the Department of Justice and the Securities and Exchange Commission have issued strong messages reemphasizing the importance of effective corporate compliance programs.

Assistant Attorney General Leslie R. Caldwell, speaking at the 10th Annual Compliance week conference in Washington, DC last week, stressed the necessity for companies to design compliance programs “that don’t just look good on paper, but actually work.”  Caldwell warned that although a risk-based approach to compliance may be appropriate, companies “often misdirect their focus to the wrong type of risk,” resulting in reactive, rather than proactive, compliance programs.  An effective compliance program, Caldwell says, is “tailored to the unique needs, risk and structure” of the company and focuses on the company as a whole, rather than just those lines of business subject to regulation. 

Caldwell set out several hallmarks for effective compliance programs, including:

  • “Strong, explicit and visible support” for compliance policies by senior leaders
  • Clear, written policies and procedures that are periodically reviewed to account for “evolving risks and circumstances” as well as other messages about compliance conveyed to employees “through in-person meetings, emails, telephone calls, [and] incentive/bonuses
  • Adequately funded compliance teams and sufficient resources for investigating and documenting allegations of violations
  • A system for confidential internal reporting of compliance violations and
  • A company expectation that its business partners are compliant.

Caldwell noted that both the adequacy of a corporate compliance program and company cooperation in government investigations are factors that are considered when the DOJ decides which prosecutorial action, if any, it will take.  “Corporate accountability through a strong, tailored compliance program and through internal investigations should be the standard for your companies,” she said.  Caldwell recommended that companies study NPA and DPA agreements to assess their own compliance and exposures.

On the heels of Caldwell’s speech, on May 20, BHP Billiton (BHPB), an Australia-based global resources company and leading producer of major commodities, agreed to a US$25 million settlement with the SEC to settle Foreign Corrupt Practices Act charges.  According to the SEC, BHPB failed to prevent the risk of bribery when it paid for hospitality packages for 60 government officials attending the 2008 Beijing Olympics.  The packages cost roughly US$12,000 to US$16,000 each and included luxury hotel accommodations, event tickets and sightseeing.

Recognizing that inviting government officials could potentially violate anti-corruption laws and the company’s code of conduct,  BHPB had relied on its existing compliance model, as well as an Olympic-specific internal approval process, to address the risk.  As part of this process, BHPB developed a hospitality application to be completed for any individuals invited.  However, the SEC found that, as implemented, these compliance measures were ineffective.  The SEC found that the company did not require independent legal or compliance review of hospitality applications; the company ethics panel did not review the appropriateness of individual hospitality applications; hospitality applications were incorrect and/or incomplete; employees received no training on how to fill out the hospitality forms; and there was no process for revising applications.  The SEC concluded that, as a result, “a number of government officials who were directly involved with, or in a position to influence” pending matters were invited.  Simply put, the SEC found that BHPB had a compliance program, just not the right program.

In addition to the US25 million settlement, BHPB has taken a number of additional steps.  It has reorganized its compliance structure to include a discrete compliance group within its legal department and has reviewed its existing anti-corruption compliance program and financial and auditing controls.  While the SEC did not appoint a monitor, BHPB will report to the SEC multiple times over a one-year period on its FCPA and anti-corruption compliance program to assess its operation.  These enhancements, made in the context of the settlement, provide further insight into the SEC’s view of an effective compliance program and are consistent with the recommendations set forth in the 2012 DOJ-SEC FCPA Resource Guide.

The full text of Caldwell’s Compliance Week speech is available on the DOJ website here.  

The full text of the BHPB Cease-and-Desist Order is available on the SEC website here