Top 20 Questions to Ensure Your Compliance Program Helps You Minimize Corporate Criminal Risks
Insights
3.23.23
Among the most critical developments companies and their counsel should understand in 2023 is that federal officials will now scrutinize the overall state of your compliance program when they consider potential criminal resolutions for companies and their executives. Gone are the days – if they ever existed – when you could approach compliance with a simple spreadsheet or other “check the box” strategy. Instead, the Department of Justice and Securities and Exchange Commission reminded employers at the March ABA National Institute on White Collar Crime that they will likely take a broader view of things as they unveiled their updated Evaluation of Corporate Compliance Programs. Federal officials reminded employers they will consider whether you have an effective plan for identifying issues, responding to them, and measuring implementation of ongoing improvement initiatives when investigating allegations of corporate wrongdoing, discussing potential resolutions, or considering corporate criminal charges. Here are the top 20 questions you should consider asking yourself now – because the federal government may consider your answers when it really matters.
Identifying Issues and Your Culture of Reporting
- What information are you reviewing to determine if your company has “hot spots” – and have you developed policies to address those risks?
- Are you considering how you are seeking and obtaining information and feedback from your employees at all levels of the company?
- Are you measuring the culture around reporting?
- Is your Board and top leadership engaged and supportive of the compliance culture?
- If surveys of any sort are being used, are you paying attention to phrasing, language, and who is asking employees to complete them?
- Are the results of surveys used to improve the compliance initiatives on an on-going basis?
- Are you measuring how safe people feel reporting issues?
Responding to Issues
- Does your company have a program in place to initiate an in-house and/or outside counsel-led investigation immediately upon discovery of a potential issue?
- Relatedly, are the in-house investigators well trained on compliance issues and investigation techniques or does your team know how to contact outside counsel?
- Is there an awareness across human resources, accounting, government relations, the board, etc. of the importance of immediately responding to reports, innuendo, or other indicia of compliance issues?
- Are your compliance functions adequately resourced and sufficiently independent to raise concerns directly with top management?
Continuous Monitoring
- Is your company measuring how many reports are anonymous and how many are not?
- Does your company track substantiated vs. unsubstantiated allegations and categorize each by topic?
- Is your company measuring how effective your reporting mechanisms are? For example, if there is a hotline but no one is using it, is your company adjusting? Did you pivot, try something new, or develop “compliance ambassadors,” for example?
- Is your company tracking an investigation from start to finish and maintaining adequate records of all investigations, findings, and corrective measures? How long do your investigations into alleged wrongdoing take?
- How consistently are your disciplinary or improvement measures being applied?
- How is compliance incentivized – and how are failures being addressed?
- Are your policy manuals, codes of conduct, and compliance training too boring to be effective? Or is there an effort by your company to engage your team members in a way that will make the compliance initiatives and importance stick?
- Does your company take the viewpoints of non-lawyers, non-corporate employees, and front-line workers seriously and incorporate them in ongoing training?
- Are you providing targeted training for employees managing high risk areas and is training modified to address emerging risks?
Compliance is Not One-Size-Fits-All
While there is no one-size fits all approach to compliance, a healthy compliance program will have crossover between and among areas of potential concern. Compliance measures related to workplace safety may well apply to trade and labor issues, for example. Compliance measures to address and prevent potential insider trading issues may give you a boost when it comes to accounting, exports, sanctions, and FCPA areas.
The bottom line is that the government is going to look for – and indeed, expect – a robust compliance program that is not stagnant, stalled, or otherwise pro-forma. The DOJ’s updated Evaluation of Corporate Compliance Programs, meant to be a tool for white-collar criminal prosecutors, makes that very clear. What that actually means, and what this new guidance translates to on the ground, will vary depending on the company. Importantly, however, the government may well credit continuous attention to compliance, rolling improvements across layers of your company, and a sustainable compliance program designed to adapt based on actual feedback.
Conclusion
Even if your compliance program is not perfect, doing nothing carries greater risk than implementing a plan to tackle the tough compliance issues, proactively look for red flags, respond to them, and circle back. Consider it a compliance program continuous loop of sorts. Take some reassurance in the fact that an actual healthy – or on-its-way-to-being healthy – program, will garner some goodwill and credit when it matters.
If you have questions regarding best practices for ensuring proper compliance programs, please reach out to your Fisher Phillips attorney, the author of this Insight, or any attorney in our Corporate Compliance and Governance Practice Group. Make sure you are subscribed to Fisher Phillips’ Insight System to get the most up-to-date information on this and other related topics directly to your inbox.
Related People
-
- Raymond W. Perez
- Of Counsel
-
- Marie Tedesco Scott
- Partner