Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
DESIGNING A COMPLIANCE PROGRAM FOR THE
SMALL TO MEDIUM-SIZED PRIVATE COMPANY
Art Weiss, JD, CCEP
Chief Compliance & Ethics Officer
TAMKO Building Products, Inc.
September 16, 2008
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 2
WHY BOTHER?
• 1991: U.S. Sentencing Guidelines and subsequent
amendments provide that an effective compliance & ethics program may mitigate punishment by either
reducing the offender’s culpability score, or avoiding
prosecution altogether
• 1996: In re Caremark creates personal risk to Directors,
requires Board oversight
2
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
1991 MINIMUM REQUIREMENTS OF
AN EFFECTIVE COMPLIANCE AND ETHICS PROGRAM
UNDER §8B2.1 OF THE SENTENCING GUIDELINES
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 4
MINIMUM REQUIREMENTS
• Exercise due diligence and establish standards and procedures to
prevent and detect criminal conduct
• Promote an organizational culture that encourages ethical conduct
and a commitment to compliance with the law
• Top management must be knowledgeable about the compliance
program and exercise oversight
• Specific individual shall be given responsibility for program, report
periodically to high-levels, have adequate resources, appropriate
authority, and direct access to governing authority
• Use reasonable efforts to ensure this individual has not engaged in
illegal activities or conduct inconsistent with an effective program
• Communicate standards, procedures and other program aspects to
high-level personnel through training
3
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 5
MINIMUM REQUIREMENTS
• Make sure compliance program is followed, including monitoring
and auditing to detect criminal conduct
• Periodically evaluate the effectiveness of the program
• Periodically assess the risk of criminal conduct and take appropriate
steps to reduce the risk of such conduct
• Have and publicize a system allowing for confidential and
anonymous reporting of suspected violations without fear of
retaliation
• Promote and enforce program through appropriate incentives
• Upon discovery of criminal conduct, take appropriate disciplinary
and corrective steps
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 6
2003: THOMPSON MEMO
• U.S. Attorneys instructed not to overlook prosecution of
individuals
• Consider whether company has effective compliance
program
• Voluntary disclosure and self reporting
• May require waiver of attorney-client privilege
4
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
2004 AMMENDMENTS TO THE SENTENCING GUIDELINES
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 8
2004 AMENDMENTS TO THE SENTENCING GUIDELINES PROVIDE
GREATER DETAIL AND DEFINE EFFECTIVENESS…(sort of)
• Must go beyond just preventing and detecting violations
of law. Must promote an organizational culture that encourages ethical conduct and a commitment to
compliance with the law
• Require periodic training of a company’s governing
authority and upper management
• Must be “knowledgeable about the content and operation
of the compliance and ethics program”
5
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
THE McNULTY MEMO
(2006)
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 10
McNULTY MEMO
• “Waiver of attorney-client and work product
protections is not a prerequisite to a finding that a company has cooperated in the government’s
investigation.”
• “Prosecutors may only request waiver…when there is
a legitimate need for the privileged information to fulfill
their law enforcement obligations…need is not established by concluding it is merely desirable or
convenient to obtain privileged information.”
6
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 11
BUT! McNULTY HAS LEFT JUSTICE
• Does this still represent the philosophy of the
Department?
• What will the next Justice Department think?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 12
SO, DOES YOUR COMPLIANCE & ETHICS PROGRAM INCLUDE:
• Board commitment? – Does the Board have oversight
responsibility?
• Board buy-in and training? – Is the Board knowledgeable about the
compliance program?
• A Chief Compliance Officer with sufficient resources and access to
top management?
• Systems in place to prevent and detect violations of law?
• A Code of Ethics?
• Risk assessment and prioritization focusing on those that are the
most serious and most likely to occur?
7
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 13
HERE ARE SOME RECOMMENDATIONS:
• Personally educate your Board and upper management
• Train them on Harassment, Conflict of Interest, Antitrust and other
high risk areas
• Outline the employee training and compliance program
• Prepare an Annual Compliance Report
• Periodically evaluate the effectiveness of the compliance and ethics
program
• Promote the compliance program through performance incentives
• Perform periodic risk analysis
• Compliance Officer should report to high-level personnel, have
adequate authority and resources, and access to the Board
• System where employees may report or seek guidance regarding
suspected violations of law or ethics without fear of retaliation
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 14
RISK ASSESSMENT: DO IT AGAIN AND AGAIN
• Antitrust
• Environmental
• Financial Reporting
• Gifts and Conflicts of Interest
• Intellectual Property - Yours and Theirs
• Government Contracts
• Harassment
• Safety – OSHA, Drug-Free Workplace, and: Workplace
Violence, Ergonomics
8
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
PREVENTING AND DETECTING VIOLATIONS OF LAW IS
NO LONGER ENOUGH!
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 16
YOU MUST:
• Monitor and audit
• Periodically evaluate the effectiveness of the program
• Have and publicize an anonymous or confidential system
whereby employees may report improper conduct or
seek guidance
9
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 17
YOUR ORGANIZATIONAL CULTURE MUST ENCOURAGE ETHICAL
CONDUCT AND A COMMITMENT TO COMPLIANCE
• Board and senior management must be knowledgeable
about the content and operation of the compliance program
• Communicate standards and procedures, Code of Ethics
to the Board and senior management
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 18
IS YOUR PROGRAM ADEQUATE?
• Are you set up to follow government laws and regulations that affect your business?
• Do you benchmark your program against applicable industry practice?
• Is the Chief Compliance Officer truly independent?
10
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 19
IS THE WORD OUT?
• What do your employees think?
• Are you sincere or just paying lip service?
• Remember: No ‘check the box’ programs!
• Survey your employees
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 20
ASK THEM!
• Are they aware of your compliance program?
• Do they know what is expected of them?
• Do they believe that the rules on ethics, honesty and
adherence to the law apply at all levels?
• Has upper management communicated the need for
ethics, honesty and adherence to the law?
• Is yours an ethical culture?
• Do they know how to report suspected violations?
• Do they fear retaliation?
11
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 21
WHAT DO PROSECUTORS LOOK FOR?
• Does the Compliance Program address the company’s actual
risks?
• Do the rules apply to everyone from top to bottom?
• Is there a training program-Does it include all levels; including the Board?
• Is there a mechanism for employees to report suspected illegal/unethical conduct?
• Are protections in place to protect against retaliation?
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 22
IS YOUR PROGRAM EFFECTIVE?
• What is the “Tone at the Top”?
• Prove It!
• Do the documents support it?
• Not just a “check the box” program
• Demonstrable through data
• Employee understanding
12
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977
THE “KISS OF DEATH”
“Recurrence of similar misconduct creates doubt
regarding whether the organization took reasonable
steps to meet the requirements of this guideline.”
Commentary 2(D), Sentencing Guidelines, Chapter 8-Part B
www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 24
SOME TIPS…
• Have a “Rule of Basic Honesty”
• Employee training and testing: Prove results!
• Data Collection and analysis
• Annual Compliance Report to the CEO and Board
• Regular one-on-one with the CEO