DESIGNING A COMPLIANCE PROGRAM FOR THE SMALL TO MEDIUM-SIZED ... - SCCE … · 2014. 9. 3. · 1 Society of Corporate Compliance and Ethics 6500 Barrie Road, Suite 250, Minneapolis,

1

Society of Corporate Compliance and Ethics

6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States

www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977

DESIGNING A COMPLIANCE PROGRAM FOR THE

SMALL TO MEDIUM-SIZED PRIVATE COMPANY

Art Weiss, JD, CCEP

Chief Compliance & Ethics Officer

TAMKO Building Products, Inc.

September 16, 2008

www.corporatecompliance.org | +1 952 933 4977 or 888 277 4977 2

WHY BOTHER?

• 1991: U.S. Sentencing Guidelines and subsequent

amendments provide that an effective compliance & ethics program may mitigate punishment by either

reducing the offender’s culpability score, or avoiding

prosecution altogether

• 1996: In re Caremark creates personal risk to Directors,

requires Board oversight

2




1991 MINIMUM REQUIREMENTS OF

AN EFFECTIVE COMPLIANCE AND ETHICS PROGRAM

UNDER §8B2.1 OF THE SENTENCING GUIDELINES


MINIMUM REQUIREMENTS

• Exercise due diligence and establish standards and procedures to

prevent and detect criminal conduct

• Promote an organizational culture that encourages ethical conduct

and a commitment to compliance with the law

• Top management must be knowledgeable about the compliance

program and exercise oversight

• Specific individual shall be given responsibility for program, report

periodically to high-levels, have adequate resources, appropriate

authority, and direct access to governing authority

• Use reasonable efforts to ensure this individual has not engaged in

illegal activities or conduct inconsistent with an effective program

• Communicate standards, procedures and other program aspects to

high-level personnel through training

3


MINIMUM REQUIREMENTS

• Make sure compliance program is followed, including monitoring

and auditing to detect criminal conduct

• Periodically evaluate the effectiveness of the program

• Periodically assess the risk of criminal conduct and take appropriate

steps to reduce the risk of such conduct

• Have and publicize a system allowing for confidential and

anonymous reporting of suspected violations without fear of

retaliation

• Promote and enforce program through appropriate incentives

• Upon discovery of criminal conduct, take appropriate disciplinary

and corrective steps


2003: THOMPSON MEMO

• U.S. Attorneys instructed not to overlook prosecution of

individuals

• Consider whether company has effective compliance

program

• Voluntary disclosure and self reporting

• May require waiver of attorney-client privilege

4




2004 AMMENDMENTS TO THE SENTENCING GUIDELINES


2004 AMENDMENTS TO THE SENTENCING GUIDELINES PROVIDE

GREATER DETAIL AND DEFINE EFFECTIVENESS…(sort of)

• Must go beyond just preventing and detecting violations

of law. Must promote an organizational culture that encourages ethical conduct and a commitment to

compliance with the law

• Require periodic training of a company’s governing

authority and upper management

• Must be “knowledgeable about the content and operation

of the compliance and ethics program”

5




THE McNULTY MEMO

(2006)


McNULTY MEMO

• “Waiver of attorney-client and work product

protections is not a prerequisite to a finding that a company has cooperated in the government’s

investigation.”

• “Prosecutors may only request waiver…when there is

a legitimate need for the privileged information to fulfill

their law enforcement obligations…need is not established by concluding it is merely desirable or

convenient to obtain privileged information.”

6


BUT! McNULTY HAS LEFT JUSTICE

• Does this still represent the philosophy of the

Department?

• What will the next Justice Department think?


SO, DOES YOUR COMPLIANCE & ETHICS PROGRAM INCLUDE:

• Board commitment? – Does the Board have oversight

responsibility?

• Board buy-in and training? – Is the Board knowledgeable about the

compliance program?

• A Chief Compliance Officer with sufficient resources and access to

top management?

• Systems in place to prevent and detect violations of law?

• A Code of Ethics?

• Risk assessment and prioritization focusing on those that are the

most serious and most likely to occur?

7


HERE ARE SOME RECOMMENDATIONS:

• Personally educate your Board and upper management

• Train them on Harassment, Conflict of Interest, Antitrust and other

high risk areas

• Outline the employee training and compliance program

• Prepare an Annual Compliance Report

• Periodically evaluate the effectiveness of the compliance and ethics

program

• Promote the compliance program through performance incentives

• Perform periodic risk analysis

• Compliance Officer should report to high-level personnel, have

adequate authority and resources, and access to the Board

• System where employees may report or seek guidance regarding

suspected violations of law or ethics without fear of retaliation


RISK ASSESSMENT: DO IT AGAIN AND AGAIN

• Antitrust

• Environmental

• Financial Reporting

• Gifts and Conflicts of Interest

• Intellectual Property - Yours and Theirs

• Government Contracts

• Harassment

• Safety – OSHA, Drug-Free Workplace, and: Workplace

Violence, Ergonomics

8




PREVENTING AND DETECTING VIOLATIONS OF LAW IS

NO LONGER ENOUGH!


YOU MUST:

• Monitor and audit

• Periodically evaluate the effectiveness of the program

• Have and publicize an anonymous or confidential system

whereby employees may report improper conduct or

seek guidance

9


YOUR ORGANIZATIONAL CULTURE MUST ENCOURAGE ETHICAL

CONDUCT AND A COMMITMENT TO COMPLIANCE

• Board and senior management must be knowledgeable

about the content and operation of the compliance program

• Communicate standards and procedures, Code of Ethics

to the Board and senior management


IS YOUR PROGRAM ADEQUATE?

• Are you set up to follow government laws and regulations that affect your business?

• Do you benchmark your program against applicable industry practice?

• Is the Chief Compliance Officer truly independent?

10


IS THE WORD OUT?

• What do your employees think?

• Are you sincere or just paying lip service?

• Remember: No ‘check the box’ programs!

• Survey your employees


ASK THEM!

• Are they aware of your compliance program?

• Do they know what is expected of them?

• Do they believe that the rules on ethics, honesty and

adherence to the law apply at all levels?

• Has upper management communicated the need for

ethics, honesty and adherence to the law?

• Is yours an ethical culture?

• Do they know how to report suspected violations?

• Do they fear retaliation?

11


WHAT DO PROSECUTORS LOOK FOR?

• Does the Compliance Program address the company’s actual

risks?

• Do the rules apply to everyone from top to bottom?

• Is there a training program-Does it include all levels; including the Board?

• Is there a mechanism for employees to report suspected illegal/unethical conduct?

• Are protections in place to protect against retaliation?


IS YOUR PROGRAM EFFECTIVE?

• What is the “Tone at the Top”?

• Prove It!

• Do the documents support it?

• Not just a “check the box” program

• Demonstrable through data

• Employee understanding

12




THE “KISS OF DEATH”

“Recurrence of similar misconduct creates doubt

regarding whether the organization took reasonable

steps to meet the requirements of this guideline.”

Commentary 2(D), Sentencing Guidelines, Chapter 8-Part B


SOME TIPS…

• Have a “Rule of Basic Honesty”

• Employee training and testing: Prove results!

• Data Collection and analysis

• Annual Compliance Report to the CEO and Board

• Regular one-on-one with the CEO

Documents

DESIGNING A COMPLIANCE PROGRAM FOR THE SMALL TO MEDIUM-SIZED ... - SCCE … · 2014. 9. 3. · 1 Society of Corporate Compliance and Ethics 6500 Barrie Road, Suite 250, Minneapolis,