160. Mimizing Vulnerabilities to Government Investigations
Compliance Mitigation dot com
\xa0
For reasons expressed throughout these modules, every business leader should consider possible steps to lessen potential exposure to a government investigation. Three suggestions follow:
- Show a commitment \u201cto doing good\u201d in all communications.
- Document processes that show a commitment to operating the business with principled, transparent policies that are easily defensible.
- Train all team members to understand the corporate culture, and also the reasons behind every policy in place.
These three components would go a long way toward protecting businesses and individuals.
\xa0
Government Officials:
In 1991, the U.S. Sentencing Commission (USSC) amended its guidelines. The amendments incentivized business owners to act in compliance with regulations and the law. Those changes opened opportunities for prosecutors to grant leniency, non-prosecution agreements, or deferred-prosecution agreements to businesses that put \u201ceffective compliance programs\u201d in place.
Theoretically, if business leaders designed effective compliance programs, their efforts would show a good-faith effort toward corporate responsibility. By building a record demonstrating that they want all team members to act appropriately, leaders reduce risk levels. Although no one can eliminate the possibility of a government investigation, good records will serve as an excellent defense mechanism.
As we\u2019ve stated throughout, although business leaders can control personal decisions, they cannot observe decisions that other people on their team make. For those reasons, leaders should add training on the personal costs that can accompany an investigation or a prosecution for white-collar crime.
Agencies within the Department of Justice now incentivize businesses to make bigger investments in compliance. Guidance from 2019 advises federal prosecutors to consider the following questions when evaluating corporate compliance programs:
\xa0
- Is the program well designed?
- Is the program being implemented effectively?
- Does the compliance program work in practice?
\xa0
In 2020, the DOJ emphasized another two key points with its publication of: Evaluation of Corporate Compliance Programs (2020 Guidance):
\xa0
First:
Corporate compliance programs, to be deemed genuine and effective by the DOJ, must be examined, tested, and updated on a continual basis, including (and perhaps especially) during a government investigation.
\xa0
Compliance efforts should integrate current data analytics, capabilities wherever possible. If deficiencies are found, then changes should be made, and the 2020 Guidance makes clear that DOJ expects regular review of compliance efforts.
\xa0
Second:
The quality of a company\u2019s compliance program continues to be a major factor in deciding on the appropriate resolution of a government investigation. The 2020 Guidance makes clear a program\u2019s effectiveness will be considered at the close of an investigation as well as when the underlying company conduct occurred.
\xa0
Consequently, under DOJ policy, the strength of a company\u2019s past and present compliance efforts will ordinarily have an effect on the terms of a resolution, including the often quite important matter of whether a monitor is required (and the scope of a monitorship).
\xa0
The DOJ\u2019s guidance can help business leaders make decisions to lessen exposure to investigations.
Effective compliance programs will not only show people what they should do, it will help those people understand what they should not do. In addition, they may also profile the consequences that follow for bad behavior.
If a company invests the time to show a person how to make the right decisions, and it requires the people to acknowledge that they understand corporate policy, the business protects itself. Good compliance programs will encourage both corporate accountability, and personal accountability. If there is a breach of policy, the company should create a record and demonstrate the steps that it has taken to make things right.
Two questions that investigators may ask include:
\xa0
- Has the company ever terminated or otherwise disciplined anyone for the type of misconduct at issue?
- Have the disciplinary actions and incentives been fairly and consistently applied across the organization?
\xa0
To demonstrate individual accountability, the company will record disciplinary measures taken against people charged with violations of compliance policies. If a company shows that it pays more than lip service to compliance, it may lessen exposure to a government investigation.
Compliance programs serve as an insurance policy. Although business leaders may strive to do the right thing every time, rogue employees can expose the business to risks. The compliance program may influence the lens through which prosecutors view the company. That said, some metrics show that the mere existence of a compliance program doesn\u2019t show commitment to compliance. Solely requiring employees to sign forms showing that they\u2019re familiar with the corporate polices won\u2019t move the needle if a pattern of fraud is uncovered.
In 2012, the prosecutors brought criminal charges against Garth Peterson, a trader at Morgan Stanley. Documents noted that Peterson had gone through seven compliance-training sessions and 35 related reminders on bribery. Despite that training, he pleaded guilty to bribery charges. Compliance initiatives had little influence on Peterson, because he viewed them as pro forma, something he needed to do in order to keep his job.
If a business doesn\u2019t create a compliance program with robust follow-through, it may be ineffective and dubious from the perspective a government investigator. Prosecutors will not give credit for compliance programs that fail to inspire appropriate conduct.
A company protects itself when it comes up with innovative ways to help people within the organization embrace the principles of compliance\u2014but also understand the consequences for non-compliance.
\xa0
\xa0
Designing A Compliance Program:
\xa0
Compliance is not a \u201cone-size-fits-all\u201d proposition. Leaders within a company should:
- Document the reasons behind the compliance training.
- Show the tools, tactics, and resources they\u2019ve implemented to train.
- Create accountability logs to show people that have gone through the training, encouraging them to self-report what they\u2019ve learned from the program.
\xa0
If the program doesn\u2019t work, the leader should show what adjustments he or she has made.
Federal and state regulations, as well as industry standards, evolve constantly. For this reason, leaders should conduct regular assessments to minimize the risks associated with noncompliance.
\xa0
Risk factors: \xa0
- What inherent risks exist in the company\u2019s market?
- What efforts does the company leadership make to stay aware of the market?
- In what ways does the company solicit third-party expertise?
\xa0
Objectives:
- What purpose does each module within a compliance program serve?
- In what ways do members of the team understand the objectives of a corporate compliance program?
\xa0
Departmental Responsibilities: \xa0
\xa0
- In what ways does the company delegate responsibility for compliance programs?
- In what ways does the company measure excellence in delivering compliance training?
- How does the company record employee buy-in of the training?
- What do team members or stakeholders understand about reporting metrics?
\xa0
\xa0\xa0
Training:\xa0
\xa0
- What level of commitment does the company make to training?
- What efforts does the company make to update the training?
- In what ways can employees independently participate in computer-based training?
- How does the company measure employee engagement?
\xa0
\xa0\xa0
Corresponding Policies:
\xa0
Like every individual has a personality, every organization has an identity. Different businesses will need a compliance program that matches the business\u2019s identity. Some organizations may require a policy that scrutinizes new hires more than others. For example, a business that controls financial information for consumers may require criminal-background checks on all new hires, while a company that specializes in landscaping may not.
A compliance program should show a commitment to transparency. All policies should harmonize with the behavior of officials at the highest level. In this era of cloud-based computing, leaders may make use of computer-based training, encouraging members of the team to review lessons remotely. If employees have feedback, mechanisms should exist for them to provide feedback in a manner that will not undermine their position\u2014provided they offer the feedback in a good-faith effort to promote compliance.
\xa0
\xa0
Summary:
In summary, the best way to minimize vulnerabilities to government investigations is to create a good compliance program that is consistent with the corporate culture. Document every practice within the company. Show the reasons behind the ways that the company makes decisions. Train team members on how to work within the framework of the corporate culture. Leaders may want to review guidance from the Department of Justice, and question whether the compliance programs they\u2019ve put in place measure up.
A good tactic may include bringing in a neutral third party who has that credentials to ask the questions that investigators will ask. Create a program that will allow leaders of the organization to respond honestly, with their dignity intact. When making a decision on whether to bring charges against a company, government attorneys will ask:
\xa0
- Is the program well designed?
- Is the program being implemented effectively?
- Does the compliance program work in practice?
\xa0
If a company leader can respond to those questions as quickly as he can answer the questions regarding corporate profitability, the leader will have done everything possible to minimize vulnerabilities to a government investigation. In our era of big government, that doesn\u2019t mean a government investigation will not begin. It only means that a company is in as good a position as possible. No one can change past behavior. But we all can work toward minimizing risks in the future.