Greenbaum, Rowe, Smith & Davis LLP Client Alert

Faced with a significant increase in penalties assessed by regulatory agencies around the world and the potential for imprisonment of top-ranking officials, the boards of directors and top management of most large international conglomerates have realized that an “effective compliance and ethics program,” including a Chief Compliance Officer reporting directly to the boardroom, is no longer just a “smart option” - it is a necessity.

The question is: Do small and medium-sized companies with operations primarily located within the United States share this need?

The prudent and proactive response is that regardless of size, all organizations with operations subject to regulation enforced by criminal sanctions should strongly consider developing a formal compliance program appropriate for its size and operation.

What is an “Effective Compliance and Ethics Program”?

The blueprint for an effective compliance and ethics program can be found in the sentencing guidelines for organizations adopted by the U.S. Sentencing Commission in 1991. These guidelines allow lenient treatment for organizations that have a program demonstrating diligence in preventing and detecting criminal behavior and promoting an organizational culture of ethical conduct and compliance with law.

The guidelines specify several criteria for such a program, including:

Although it originated in the U.S. Sentencing Commission guidelines, the concept of rewarding an effective compliance and ethics program has since been incorporated into many non-criminal regulatory programs, such as environmental protection, as well as the laws of other countries impacting U.S. companies, such as the United Kingdom’s Anti-Bribery Act.

Does One Size Fit All?

In a word, no.

Although the same degree of commitment to ethical conduct and compliance is required of companies of all sizes, the official commentary to the guidelines acknowledges that smaller organizations may meet that requirement with “less formality and fewer resources than would be expected of large organizations.” Even for a small organization, however, the program must be consciously designed. The small organization must realistically assess its risk of criminal and civil violations and confirm that its customized program addresses all program elements identified by the guidelines. The organization must also ensure that its program can be implemented effectively, sustained over time and proven to regulators in the event of enforcement.

There needs to be vigilance for new regulatory and other requirements as they emerge so that adjustments in the compliance program can be made, There must be a genuine, active commitment originating from the top. Some tasks can be delegated, but if top leadership does not show an interest, the program’s significance is seriously undermined.

Are the Benefits Tangible?

An effective compliance and ethics program helps recognize and manage civil and criminal compliance risks that could devastate the organization’s bottom line, if not the organization itself.

Even the best compliance program may be unable to assure compliance by all employees all the time. Misconduct by one individual can trigger civil or criminal enforcement against the entire organization. The existence and effectiveness of an organization’s compliance and ethics program, even if it fails to prevent a particular violation of law, is a major consideration taken into account by prosecutors and agencies when deciding whether to:

An effective compliance and ethics program is becoming the standard of care expected of an organization’s top officers and directors. Providing such a program puts the organization, its officers and directors in a better position to defend shareholder and other litigation arising out of a significant enforcement matter.

Of critical importance: Compliance after enforcement has been triggered is almost always more costly and with fewer options than when it has been addressed proactively.

What Types of Compliance Risks Can Be Managed by an Effective Compliance and Ethics Program?

According to data collected by the U.S. Sentencing Commission, the offenses for which organizations are most frequently sentenced occur in companies of all sizes. In order of decreasing frequency, they are:

Beyond this, each business will have its own unique blend of compliance risks:

The scope of an effective compliance and ethics program is risk-based. A greater degree of risk warrants a greater degree of effort to control it, and vice versa. For example, a local paving company is expected to comply with all applicable environmental requirements, but will not be expected to have the type of robust training and auditing programs likely to be required of a large chemical manufacturing concern.

Should Effective Compliance and Ethics Programs Address Liabilities Beyond Those Enforced by Criminal or Civil Sanctions?

The answer is yes. There are some ethics and policy compliance issues that can be as devastating to a company as criminal liability, and that can be effectively managed through a well-designed program.

Organizations that are dependent on their public reputation, such as charities, companies that do business with governmental entities, and major retail organizations, would benefit from a compliance and ethics program that addresses reputational risks just as it would address legal compliance risks. Sometimes companies may even have to choose between standing on their legal rights and addressing reputational harm. For instance, purchasing or selling goods manufactured in overseas sweatshops may comply with the law but may also damage a businesses reputation.

For additional information regarding the appropriateness, design and implementation of an effective compliance and ethics program or any related concerns, please contact Raymond M. Brown or Daniel Flynn, the authors of this Alert.