Effective Compliance Programs
Recently, the Securities and Exchange Commission levied $16 million in penalties against Goodyear Tire and Rubber Company under the Foreign Corrupt Practices Act in consequence of bribes paid by Goodyear's subsidiary companies in Angola and Kenya between 2007 and 2011. In addition to the matter of its subsidiaries’ payment of bribes (and then booking those bribes as legitimate business expenses), the SEC faulted Goodyear (the parent company) for not having a Compliance Program adequate to prevent the illegal payments by its subsidiaries.
Goodyear’s troubles highlight the importance of every company, regardless of size, having a robust Compliance Program that ensures compliance with the many varied and complex legal obligations companies now face. In the current business environment, it is simply not a responsible business practice to attempt “to fly below the radar.” Here is a short summary of five essential elements of a serviceable Compliance Program.
The first essential element of an effective Compliance Program is that it is based on sound risk assessment. In such an assessment, a company conducts a thorough, thoughtful review of areas of potential concern that it faces in its operations. It then prioritizes those risks and allocates resources necessary to address each adequately, from the highest risk to lowest. In Goodyear’s case, such an assessment obviously should have included, at minimum, training in accounting practices, as well as avoidance of practices that are prohibited in overseas business. Thus, the necessary risk assessment involves (1) identification of the risks, (2) their respective causes, (3) the probability of occurrence of a given risk, and (4) the extent of resources necessary to mitigate them.
A second element of an effective Compliance Program is consistent, regular, real-time measurement of program results, together with a flexibility and commitment to make real-time adjustment based on those measurements. It is an undeniable fact of business operations that “what is measured most often is improved.” Measurement will reveal real-time need for adjustment in the Program. Facts (and assumptions) underlying any good Program can (and will) change. Thus an effective Compliance Program requires periodic adjustment, to reflect changed circumstances. This process creates a culture of “compliance-as-you-work” in the company. Static Compliance Programs simply are ineffective.
A third element is to engage with the U.S. Sentencing Guidelines when drafting the Program. Those Guidelines provide the elements of an effective program, such as training, leadership, policies, risk assessments, investigations, monitoring of program effectiveness, and internal audits. If the Program tracks the Guidelines’ articulated factors closely, that fact will add persuasiveness to a program and its application, should program effectiveness ever become important.
Fourth, a Compliance Program should be written in plain English. It should be straightforward and relatively simple. It should not be a primer on the law, or filled with “lawyer jargon!” Objectively, it should inform company employees clearly of the steps to be taken (or conduct to be avoided), and (succinctly) the reasons why.
Finally, leadership is critically important. Company management at the highest levels must visibly support and direct the Compliance Program. Everyone should understand fully that the Compliance Program is not a responsibility delegated to a Compliance Officer. Plan execution is the responsibility of every employee in every business unit. This is because it is the business units that execute the Program. The Compliance Officer monitors Program execution. This is central, and a factor that requires regular emphasis and support throughout the company, from top to bottom. Very much like quality in a post-Deming business environment, the success of any robust Compliance Program is the responsibility of everyone in the company, from the most humble position to the most exalted. Even the best Compliance Program is only as good as its execution. Thus, leadership, especially leading by example, is a key factor in any effective Compliance Program.
The attorneys at Butzel Long are expert in development and operation of effective company Compliance Programs.