Yesterday, on November 1, 2010, the proposed changes in the US Sentencing Guidelines became effective. This post will highlight the changes and what they may import for the FCPA compliance professional. The US Sentencing Guidelines are used in the sentencing of organizations and serve as the de facto blueprint for corporate ethics and compliance programs. The changes, which were approved at an April meeting of the US Sentencing Commission and were formally submitted to Congress by May 1, became effective yesterday. These proposed changes followed public hearings and public comment period which ended in March. The most significant changes in the Sentencing Guidelines are as follows.
1. Direct Report. The amendment changed the reporting structure in corporations where the Chief Compliance Officer (CCO) reports to the General Counsel (GC) rather than a committee on the Board of Directors. The change reads “the individual…with operational responsibility for the compliance and ethics program…have direct reporting obligations to the governing authority or any appropriate subgroup… (e.g. an audit committee or the board of directors)”. If a company has the CCO reporting to the GC, who then reports to the Board, such structure may not qualify as an effective compliance and ethics program under the amended Sentencing Guidelines. The better practice would now appear to be that the CCO should be a direct report to the Board or appropriate subcommittee of the Board such as compliance or audit.
2. Discovery of Problem Inside the Organization Rather Than Outside. This amendment encourages a company to have a hotline and other mechanisms to detect any compliance and ethics violations internally. While most companies have a Code of Conduct, with attendant implementation policies and procedures in place, training thereon and a hotline; many companies have yet to implement any type of self-audit program to measure Foreign Corrupt Practices Act (FCPA) compliance program performance. This encourages companies to not only monitor its internal self reporting to actively test the information available to it through a system such as continuous controls monitoring.
3. Promptly Report. This amendment inserts specific language regarding the “prompt” reporting of any violation of a compliance and ethics program. While no definition of the word “prompt” is provided, the revisions to the Commentary note that an organization will be “allowed a reasonable time to conduct and internal investigation” and that no reporting is required if “… the organization reasonably concluded…that no offense has been committed”. Nevertheless this language reiterates what many former Department of Justice (DOJ) employees tell industry representative at conferences and events regarding the FCPA. It is always preferable to report a violation to the US government rather than the US government finding out and coming to you.
4. No Person With Operational Responsibility Condoned or Was Willfully Ignorant. This proposed amendment is aimed at those personnel within a company’s compliance and ethics organization. While operational responsibility could be defined to mean only those who might report to the Board, this commentator would suggest the better approach is to include all company personnel with direct reporting responsibility in the compliance and ethics group. The definition of “willfully ignorant” has not changed from the current version of the Sentencing Guidelines, which is provided in Application Note 3 of Commentary to §8A1.2 (Application Instructions-Organizations). The definition reads in full “An individual was “willfully ignorant of the offense” if the individual did not investigate the possible occurrence of unlawful conduct despite knowledge of circumstances that would lead a reasonable person to investigate whether unlawful conduct had occurred”.
All companies subject to the Foreign Corrupt Practices Act should review their compliance policies and procedures to ascertain if they are in compliance with these changes. With the upcoming effective date of the UK Bribery Act on April 1, 2011, companies should have a comprehensive review of their compliance program to determine if any changes need to be made.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at firstname.lastname@example.org.