Legal Q&A: Changing Compliance Expectations

How should companies respond to the government’s increased emphasis on compliance?


Facebook Share Icon LinkedIn Share Icon Twitter Share Icon Share by EMail icon Print Icon

Q. How should companies respond to the government’s increased emphasis on compliance?

A. The federal government has made clear that its expectations for effective business ethics and compliance programs have changed. A 2014 speech by senior Justice Department official Brent Snyder, “Compliance is a Culture, Not Just a Policy,” emphasized compliance programs must be proactive, which means regular monitoring and auditing for at-risk activities. Assistant Attorney General Leslie Caldwell’s November 2015 remarks to the Securities Industry and Financial Markets Association Compliance and Legal Society reinforced the high priority the Justice Department places on compliance, including the decision to implement this policy change via the recent appointment of a full-time “compliance counsel expert” that reports to the head of the Fraud Section. This consulting expert, Hui Chen, previously served as global head for anti-bribery and corruption at Standard Chartered Bank. The Justice Department is reportedly adding several prosecutors dedicated to Foreign Corrupt Practices Act investigations. Further, the U.S. Attorney Manual provisions regarding corporate liability specify consideration of corporate compliance programs in all potential prosecutions.

This raises important questions for companies: Are our current policies and practices doing the job? How can we evaluate that? If we need to make changes, what do we need to do, and how should we do it? Every company should position itself to show that its compliance program works, with documentation of how it was accomplished. Companies that do not ask these questions will be subject to increasing risk. With compliance, particularly antitrust and foreign corrupt practices, failure to implement and maintain an effective compliance program can mean millions of dollars in fines and a host of negative collateral consequences that may be highly disruptive to the company. Collateral consequences may include civil claims, debarment from government-related work and outside compliance monitoring, among other things. Conversely, the United States Sentencing Guidelines expressly provide that an effective compliance and ethics program that includes “monitoring and auditing to detect criminal conduct” can support a significant reduction in fines [USSG 8B2.1(b)(5) and 8C2.5(f)].

Maintaining an effective and current compliance program can significantly limit the impact of investigations. Be sure you have a risk assessment tailored to your company’s business, policies and procedures designed to address the company’s risk profile and a management strategy to help the company implement a meaningful compliance program.

One of the key features of an effective compliance program is periodic reassessment of the company’s risk profile and program. It is helpful to have an independent and objective view of a company’s risks and advice on how to limit those risks. This can be accomplished by hiring a consulting company or a law firm that has expertise in this area. The consultant/law firm often conducts such reviews on a fixed-fee basis to control costs.  Compliance counseling includes:

  • A risk assessment that targets the areas of greatest risk for a company's business, whether that means geographical areas that have historical challenges, particular lines of business, accounting practices and business relationships that may create regulatory risk;
  • An evaluation of upper and middle management’s role in administering and supporting business ethics and compliance—evaluating the “tone from the top” regarding attitudes and resources dedicated to compliance;
  • A review of the company’s policies and practices, such as written policies, procedures and training materials; reporting avenues for compliance challenges such as anonymous hotlines or published whistleblower policies; internal handling of compliance challenges, including stated disciplinary consequences for compliance program violations; how the company addresses relationships with business partners, affiliates and subsidiaries who may be beyond the company’s full control regarding compliance; contacts with competitors that can lead to antitrust compliance issues; and recommendations for improvements to the program.

You should select a firm that has expertise in your particular industry. For example, any company with government contracts also routinely faces regulatory requirements from the Federal Acquisition Regulations (FAR). The consultant/law firm should have the skill and expertise to advise on FAR compliance. Health care regulations often require annual audits and training.

If your company must comply with Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act and/or Affordable Health Care-related mandates, select a consultant/law firm with expertise in these areas.

Your compliance program is a living document. Treat it as such. Be sure to give it regular checkups to ensure a healthy and safe company.  

Andrew M. Friedman from Butzel Long contributed to this article. Contact him at friedmana@butzel.com.


Originally published in the April 2016 issue.