In February 2017, the U.S. Department of Justice (DOJ) Fraud Section published its latest guidance on corporate compliance programs with the release of the very useful document titled “Evaluation of Corporate Compliance Programs.”
While many legal and compliance scholars have rightly stated that this latest publication isn’t anything radically different than prior authoritative guidance issued by the DOJ and other organizations such as the U.S. Sentencing Commission and the Organization for Economic Co-operation and Development (OECD), what jumps out is the reframing of the well-worn expression “tone at the top” with the arguably much scarier “conduct at the top.” Some may question what the difference is or may call the issue one of semantics, but no one has ever gone to prison for setting the wrong organizational tone. Conduct, on the other hand, is at the center of our system of criminal justice.
“Evaluation of Corporate Compliance Programs” includes 117 “sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program.” Many of the questions are designed to examine the level of involvement by the board of directors and senior leadership in compliance-related decision-making, oversight of the compliance function, and the resourcing and support of the compliance team and associated frameworks. Some of the questions delve into the culpability of corporate executives and board members, including, “How high up in the company do investigative findings go?”
It’s important to note that this latest guidance is intended to demystify how the DOJ evaluates corporate compliance programs when meeting with corporate executives and their counsel from companies under investigation. As a result, some of the questions are oriented toward the investigation itself. However, much of the material is of great utility to companies that are not under investigation but are interested in the process the government employs to evaluate compliance programs.
Following is a sampling of those questions that illustrate the degree to which the DOJ is examining senior management and the board of directors while evaluating a corporate compliance program.
- Conduct at the top – How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior?
- Shared commitment – What specific actions have senior leaders and other stakeholders taken to demonstrate their commitment to compliance, including their remediation efforts?
- Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
- Stature – How does the compliance function compare with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources and access to key decision-makers? What has been the turnover rate for compliance and relevant control function personnel? What role has compliance played in the company’s strategic and operational decisions?
- Autonomy – Have the compliance and relevant control functions had direct reporting lines to anyone on the board of directors? How often do they meet with the board of directors? Are members of senior management present for these meetings?
- Properly scoped investigation by qualified personnel – How has the company ensured that investigations have been properly scoped and were independent, objective, appropriately conducted and properly documented?
- Response to investigations – Has the company’s investigation been used to identify root causes, system vulnerabilities and accountability lapses, including among supervisory managers and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go?
- Accountability – What disciplinary actions did the company take in response to the misconduct, and when did they occur? Were managers held accountable for misconduct that occurred under their supervision? Did the company’s response consider disciplinary actions for supervisors’ failure in oversight? What is the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the type(s) of conduct at issue? Has the company ever terminated or otherwise disciplined anyone (reduced or eliminated bonuses, issued a warning letter, etc.) for the type of misconduct at issue?
While the above is just a sampling, it conveys a picture of what the DOJ is looking for.
These questions make it quite clear that the DOJ has become much more sophisticated in its evaluation of corporate compliance programs since the appointment of Hui Chen, compliance counsel, early last year. In addition, the shift from “tone at the top” to “conduct at the top,” the many questions about the board’s and senior management’s oversight of the corporate compliance program and potential culpability in the underlying conduct, the DOJ’s renewal of the FCPA Pilot Program, and the fact that the compliance counsel has had her contract extended all signal that the DOJ will continue to press the issues of individual accountability outlined in the Yates memo and the FCPA Pilot Program.
Perhaps most important, the DOJ has once again reminded us that boards and senior executives need to do substantially more than a once-a-year “flyover” of their corporate compliance programs if they expect the DOJ to conclude that their program meets the government’s definition of “effective.” Boards need to be well-versed in all elements of the corporate compliance program, regularly interact with compliance and legal personnel, and receive timely briefings on the program and the personnel responsible for its stewardship and operationalization. Directors and senior executives must understand that any compliance failures are something that they may have to answer to.
There is still a place for tone at the top. The board and senior leadership must set the right tone in their communications across the company and outwardly. But tone needs to be paired with persistent actions on the part of the board and senior leadership signaling that ethics and compliance are a top priority and that the company is committed to doing business the right way and is prepared to back up its words with actions, including walking away from business and relationships that are not in alignment with the company’s organizational ethos. That is how tone at the top becomes conduct at the top.