One of the areas which is universally listed as a component of a best practices compliance policy under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and OECD Good Practices is that of a written compliance code. However this is not an area that most compliance practitioners spend much time thinking about in the implementation, assessment or updating of their company’s compliance program. This article will discuss some suggestions to aid your efforts to create effective written compliance policies and procedures.
The following language for each of the above laws or policies sets out what is expected in the area of a written compliance policy and procedures:
- US Sentencing Guidelines-written standards and procedures to prevent and deter criminal conduct.
- UK Bribery Act-clear, practical and assessable written policies and procedures.
- OECD-written policy that clearly states that bribery is prohibited.
- Recent DPAs (IE, Panalpina Settlements)-clearly articulated and visible policy.
In his book entitled, “Achieving 100% Compliance of Policies and Procedures” author Stephen Page lists five key areas which he believes should be addressed in writing effective compliance policies and procedures. He believes that if a compliance practitioner follows these pointers in drafting and implementing compliance policies and procedures, the “highest degree of success” can be achieved. His five suggestions are as follows.
- Management Commitment- A Key to Success or Failure. While it is true that without top management commitment, any compliance program will not succeed. However Page defines this as more than simply “Tone at the Top”. Here Page suggests have at least one senior management be a sponsor of written policies and procedures. This not only demonstrates commitment but also provides the compliance practitioner a liaison to other senior managers.
- Importance of Writing “Effective” Policies and Procedures. Here Page focuses on the word “effective” and he defines this as “producing a decided, decisive, or desired effect.” He also suggests that the policies and procedures be well coordinated throughout and each written document should be “convincing, proficient and competent.”
- Plan of Action for Writing Effective Policies and Procedures. In his book, Page lists out a very detailed 40-step plan of action for writing effective. This 40-step plan is broken down into four general areas. They include: (1) research and analyze; (2) publish and communicate; (3) check and audit; and (4) report and improve. The delineation of the 40-step plan into these four phases allows the work to be segmented, if appropriate into a group project.
- Flow Chart. Page believes that by the use of a flow chart in the writing process, can show the author(s) where “fuzzy processes and procedures disrupt quality and productivity.” Such a technique allows the person or group involved in the drafting process to both “define the boundaries” of each policy and procedure and to assist in the final output.
- Writing Format. Page defines this term as providing “a structure for information collected during the research and analysis phase of writing.” He notes that any reader of policies and procedures is there to find information quickly and efficiently. The writing format should be clearly understood and obvious to the reader. Headings should direct the reader’s attention and the content should be clear and concise. Lastly, any changes or revisions made to policies and procedures should be clearly set out so it is communicated to the reader.
As noted above, written compliance policies and procedures is a key to any best practices compliance program. Stephen Page has provided thoughtful, yet concrete guidelines to assist the FCPA or Bribery Act compliance practitioner to create written policies and procedures which are understandable and accessible to your company’s employees. We commend his book to you as a valuable resource.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011
FCPA Compliance and Ethics Blog 