Code of Conduct, Compliance Policies and Procedures-Part IV

This is the fourth and final installment of my series on the the importance of a Code of Conduct and anti-corruption compliance policies and procedures in your compliance program and how you should go about drafting or updating Code of Conduct and anti-corruption compliance policies and procedures. On Tuesday, I reviewed the underlying legal and statutory basis for the documents as a foundation of your overall anti-corruption regime. In subsequent posts, I looked at how to go about drafting your Code of Conduct and anti-corruption compliance policies and procedures. Today, I will end the series on how to keep all of the above vibrant and dynamic through a discussion of how to assess, review and revise them and your Code of Conduct on a timely basis.

Simply having a Code of Conduct, together with policies and procedures is not enough. As articulated by former Assistant Attorney General, for the Criminal Division of the US Department of Justice, Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” In an article in the SCCE Magazine, entitled “Six steps for revising your company’s Code of Conduct”, authors Anne Marie Logarta and Ruth Ward suggest considering the following issues before you take on an update of your Code of Conduct.

• When was the last time your Code of Conduct was released or revised?
• Have there been changes to your company’s internal policies since the last revision?
• Have there been changes to relevant laws relating to a topic covered in your company’s Code of Conduct?
• Are any of the guidelines outdated?
• Is there a budget to create/revise a Code?

After considering these issues, the authors suggest that you should benchmark your current Code of Conduct against others companies in your industry. I would also add that your standards, policies and procedures should be reviewed and updated in the same manner. If you decide to move forward the authors have a six-point guide which they believe will assist you in making your revision process successful, which I have used as a basis to include revisions to your compliance policies and procedures.

1. Get buy-in from decision makers at the highest level of the company 

The authors believe that your company’s highest level must give the mandate for a revision to a Code of Conduct and compliance polices and procedures. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort. Whoever gives the mandate, this person should be “consulted at every major step of the Code review process if it involves a change in the direction of key policies.”

2. Establish a core revision committee 

You should have a cross-functional working group would be ideal to head up your effort to revise your Code of Conduct and compliance polices and procedures. This group should include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally there should be functions within the company represented such as finance and accounting, IT, marketing and sales.

From this large group, the topics can be assigned for initial drafting to functions based on “relevancy or necessity”. These different functions would also solicit feedback from their functional peers and deliver a final, proposed draft to the Drafting Committee. The authors emphasize that creation of a “timeline at the outset of the revision is critical and hold the function representatives accountable for meeting their deliverables.”

3. Conduct a thorough technology assessment 

The cornerstone of the revision process is how your company captures, collaborates and preserves “all of the comments, notes, edits and decisions during the entire project.” They believe that technology such as SharePoint or Google Cloud can be of great assistance to accomplish this process even if you are required to train team members on their use.

In addition to this use of technology in drafting your Code of Conduct and compliance polices and procedures revisions, you should determine if they will be available in hard copy, online or both. If it will be available online, you should assess “the best application to launch your Code and whether it includes a certification process”. Lastly, there must be a distribution plan, particularly if the Code and compliance polices and procedures will only be available in hard copy.

4. Determine translations and localizations 

The authors emphasize, “If your company does business internationally, then this step is vital to ensure you have one Code, no matter the language.” They do note that if you decide to translate your Code of Conduct be sure and hire someone who is an “approved company translation subject matter expert.” Here I would simply say to contact Jay Rosen at Merrill Brink, as those guys are the one of the top Language Service Providers and know what they are doing when it comes to translations. The key is that “your employees have the same understanding of the company’s Code-no matter the language.” 

5. Develop a plan to communicate the Code of Conduct 

A rollout is always critical because it “is important that the new or revised Code is communicated in a manner that encourages employees to review and use the Code on an ongoing basis.” Your company should use the full panoply of tools available to it to publicize your new or revised Code of Conduct and compliance polices and procedures. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide Code of Conduct and compliance polices and procedures meeting where the new or revised documents are rolled out across the company all in one day. But remember, with all thing compliance; the three most important aspects are ‘Document, Document and Document’. However you deliver the new or revised Code of Conduct, you must document that each employee receives it.

6.   Stay on Target 

The authors end by noting that if you set realistic expectations you should be able to stay on deadline and stay within your budget. They state that “You want to set aside enough time so that you won’t feel rushed or in a hurry to get it done.” They also reiterate that to keep a close watch on your budget so that you do not exceed it.

These points are a useful guide to not only thinking through how to determine if your Code of Conduct, and compliance policies and procedure needs updating, but also practical steps on how to tackle the problem. If it has been more than five years since it was last updated, you should begin the process that the authors have laid out. It is far better to review and update if appropriate than wait for a massive FCPA investigation to go through the process.

There are numerous reasons to put some serious work into your Code of Conduct, policies and procedure. They are certainly a first line of defense when the government comes knocking. The FCPA Guidance makes clear that “Whether a company has policies and procedures that outline responsibilities for compliance within the company, detail proper internal controls, auditing practices, and documentation policies, and set forth disciplinary procedures will also be considered by DOJ and SEC.” And by considered, I think it is clear that this means the regulators will take a strong view against a company that does not have well thought out and articulated policies, procedures or Code of Conduct; all of which are systematically reviewed and updated. Moreover, as Allen emphasized, “having policies written out and signed by employees provides what some consider the most vital layer of communication.” Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the ‘Document, Document and Document’ mantra applies just as strongly to this area of anti-corruption compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Code of Conduct, Compliance Policies and Procedures-Part I

For the remainder of this week, I will have a four-part episode on your Code of Conduct and anti-corruption compliance policies and procedures. In today’s post I will review the underlying legal and statutory basis for the documents as a foundation of your overall anti-corruption regime. In subsequent posts, I will review how to go about drafting your Code of Conduct and anti-corruption compliance policies and procedures and how to assess, review and revise them on a timely basis.

The cornerstone of a US Foreign Corrupt Practice Act (FCPA) compliance program is its written protocols. This includes a Code of Conduct, policies and procedures. These requirements have long been memorialized in the US Federal Sentencing Guidelines (FSG), which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements the Department of Justice (DOJ) has crafted its minimum best practices compliance program, which is now attached to every Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA). These requirements were incorporated into the 2012 FCPA Guidance. The FSG assumes that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct? The starting point, as per the FSG, reads as follows:

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws. 

In the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) state, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

In each DPA and NPA over the past 36 months the DOJ has said the following as item No. 1 for a minimum best practices compliance program.

1. Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy shall be memorialized in a written compliance code. 

Stephen Martin and Paul McNulty, partners in the law firm of Baker and McKenzie, developed one of the best formulations that I have seen of these requirements in their Five Elements of an Effective Compliance Program. In this formulation, they posit that your Code of Conduct, policies and procedures should be grouped under the general classification of ‘Standards and Procedure’. They articulate that every company has three levels of standards and controls. First, every company should have a Code of Conduct, which should, most generally express its ethical principles. But simply having a Code of Conduct is not enough. So a second step mandates that very company should have standards and policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. From the base of a Code of Conduct and standards and policies, every company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper.

In an article in the Society for Corporate Compliance and Ethics (SCCE) Complete Compliance and Ethics Manual, 2^nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “should demonstrate a complete ethical attitude and your organization’s “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” Your Code of Conduct must be aimed at all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.” This would also include all “management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.”

There are several purposes identified by the authors which should be communicated in your Code of Conduct. Of course the overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating what is required of them, to provide a process for proper decision-making and then to require that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your FCPA compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands the Code. For employees, it is important that a representative of the Compliance Department, or other qualified trainer, explains the standards set forth in your Code of Conduct and answers any questions that an employee may have. Your company’s employees need to attest in writing that they have received, read, and understood the Code of Conduct and this attestation must be retained and updated as appropriate.

The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed your Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

OCEG Illustrated Series: Managing Corruption Risks

How do you move off dead center? That was a question posed by my colleague Mary Jones in a recent guest blog post. She gave several concrete steps in answer to her own question. This question was further explored in the January issue of the Compliance Week magazine which began a six-part “Anti-Corruption Illustrated” series by Carol Switzer, President of the Open Compliance and Ethics Group (OCEG). OCEG is an organization which “develops standards and guidance to help organizations achieve Principled Performance”; that is, “the reliable achievement of objectives while addressing uncertainty and acting with integrity.” OCEG’s Illustrated Series is a teaching method developed to visually represent how to set up processes and procedures in various areas and disciplines. This Anti-Corruption Illustrated Series is a very useful tool for the compliance practitioner to use in explaining the components of an effective compliance program.

In the first article of her series, Switzer shares her views on how anti-corruption programs enable business agility. In addition to her own thoughts, Switzer moderated and reported on a roundtable discussion of compliance experts who shared their views on managing corruption risks. These experts included Steven Kuzma, Global Leader in Corporate Compliance at Ernst & Young, Jay Martin, Chief Compliance Officer at Baker Hughes, Mike Rost, Vice President at Thompson Reuters GRC and Jim Slavin, Senior Director at SAI Global.

1. Assess the Risk – In this step you identify corruption risk factors that your company may face. These can be based upon several different factors including the nature and location of your company’s business activities; your company’s third party relationships; and your company’s methods for obtaining and retaining business. You should evaluate and then rank these risks based upon your company’s risk appetite and be prepared to respond to internal or external forces that might change this risk assessment.
2. Develop the Program – You should develop “a comprehensive and balanced anti-corruption program that corresponds to the risks identified in the assessment process.” This should include written policies, procedures and internal controls for all levels within your organization. You will need to obtain Board of Directors and senior management endorsement of your strategies and communication of this support.
3. Define and Implement Policies – In this step you should consider the written policies which map to the applicable regulations, obligations and business processes that you have created. Ownership of these requirements within the business is critical to their success and there should be communication to key stakeholders including “staff, third parties, auditors and customers.”
4. Build and Operate Controls – Nest you will need to establish “procedures and controls to prevent, detect, correct, and mitigate the risks” which you have identified and ranked. There needs to be ownership established to monitor these controls with regular documentation, continued assessment and testing of these controls.
5. Train and Educate – You must develop and deliver training to “raise stakeholder awareness and competence regarding anti-corruption goals, policies, procedures and [internal] controls.” This should include identification of “role-specific programs with desired outcomes” with delivery methods to get your message across to the various target audiences.
6. Monitor and Evaluate– Here OCEG suggests a five step process to track and assess policies and controls for effectiveness.
   1. Screen – Monitor vendor, partner and customer records against trusted data sources for red flags.
   2. Identify – Establish helplines and other open channels for reporting of issues and asking questions by employees and appropriate third parties.
   3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
   4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
   5. Audit – Finally, your company should have regular internal audit reviews and inspections of your company’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.
   6. Review, Realign and Report – This step requires you to “take timely corrective and disciplinary action for violation” of your company’s program. Your program should be regularly evaluated and aligned with any new or additional corruption risks which are found. Both the Board of Directors and senior management must be informed through regular reporting. Finally, there should be a professional external review on no less than a two year basis to determine your program’s overall sufficiency.

Switzer’s article and report on the roundtable discussion are very useful tools for the compliance practitioner. Her article includes a removable copy of the OCEG Illustrated Series on managing corruption risk. I heartily recommend it to you.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Banning Beer in the Clubhouse? How to Sustain a Culture of Trust and Integrity

Continuing our sports theme this week, I was interested in my friend, Jay Rosen’s former hometown team, the Boston Red Sox move to ban alcohol from the clubhouse. I found fascinating the commentary on this move, which seemed to me to break down into two categories: (1) Pro-supporting new manager Bobby Valentine, it was a good move and needed to instill some much needed discipline in the clubhouse, which had been lost under prior manager Terry Francona; and (2) Anti-dumb and useless PR move-supporting the prior manager Terry Francona, who broke the Curse of the Bambino by leading Boston to its first two World Series wins in 86 years. We should note that Valentine did not ban Buffalo wings from the clubhouse, which were also listed as evidence by the Red Sox front office as lack of clubhouse discipline.

I thought about those questions in the context of a presentation made that the SCCE Utilities and Energy Conference here in Houston this week. In a presentation by Duane Woods, Senior Vice President of Waste Management, entitled “Sustaining a Culture of Trust and Integrity in Challenging Times”, he talked about the efforts of Waste Management to build and sustain a culture of trust and integrity throughout the organization.

Policies and Procedures

He began with Policies and Procedures, which he described as follows: Policies are used to set the rules of conduct and the desired behavior for employees; Procedures serve to provide a detailed set of uniform processes for employees to follow and they support compliance with the policies. He said that Waste Management tries to use these tools through four disciplines:

1. Regulatory – Those required by law, such as Sarbanes-Oxley;
2. Performance – The financial performance of the company;
3. Customer – They can provide guidance to the organization about customer relations particularly in the area of credit; and
4. Brand and Reputation – Letting employees know what the company brand stands for. Woods stated that this is usually set forth in a company’s Code of Conduct.

These are things that drive loyalty. Woods acknowledged that all companies make mistakes. However, his point was that the key was to rectify the error and then recover the relationship with the customer.

Metrics

Woods next turned to metrics as he believes that if you don’t measure it, you can’t manage it. Metrics are present to help measure and track the successful implementation of policies, procedures and performance. They can also be used to help govern and reward behavior and to help support a culture of compliance. Metrics are critical to defining required and desired behavior. However, even policies, procedures, systems and metrics will not sustain Compliance or Ethics if there is not the right culture of compliance within the organization. If metrics and incentives are poorly designed and implemented they will cause undesired behavior and help to make a confused culture. He also noted that even the “best compliance programs may not ensure right decisions in tough situations.” He emphasized the following points:

• Alignment – Metrics should align with Vital Business Functions and Values.
• Simplicity – Keep it simple. A common problem faced by managers is overloading of metrics.
• Good enough is perfect – Select metrics that are easy to track and easy to understand.
• Indicators – Use metrics as indicators. Key Performance Indicators (KPIs) are metrics. A KPI does not troubleshoot anything, but rather indicates something is amiss.
• Less is more – Use only a few good metrics as too many metrics, even if they are effective, can overwhelm a team.
• Metrics drive both good and bad behavior.  People do what you pay them to do, so choose carefully.

Character

Woods started off this section of his presentation by noting that Warren Buffett, when hiring people, looks for three things. “The first is personal integrity, the second is intelligence, and the third is a high energy level. But, if you don’t have the first, the other two will kill you.” Woods stated that he believes you should hire leaders with demonstrated character, who are capable of inspiring trust and confidence in others. It is more important that leaders be authentic, they must be sincere. Honesty and congruent behavior must be maintained in that you have consistent behavior. Of course respect for others and holding yourself accountable for your direct employees is paramount. Lastly, Woods noted that you should be constantly assessing character talent, are your employees living the values you want?

With these, Woods believes that you can build a culture of character in your organization and to do so starts with trust, which he believes comes from living the values and delivering the results. Trust works on several levels, these include: (1) Individual; (2) Relationship; (3) Market-customer base; (4) Community; and (5) Regulatory. With trust as the base, Woods next turned to building a culture of character within your organization. He emphasized these steps as:

• Set clear expectations.
• Train with focus on integrity, mission and values
• Coaching – The importance of role play circumstances for people.
• Mentor to reinforce behavior.
• Accountability for all employees.
• Engage your workforce – Survey to find out who the key influencers in the company are. Not necessarily the designated leaders.
• Communication – Here Woods emphasized that you should over communicate. The importance of using stories as teaching tools and lessons learned.

Woods concluded by listing the primary benefits that he sees from having the right culture at your company. They include that your organization will become more self-governing, with less need for management intervention in this area. There will be less employee misconduct and greater employee innovation. There will be not only be more customer loyalty but great employee satisfaction, and when a real crisis arises, the employee base should work together to resolve it.

So now on to question time: How about those Red Sox and their banning of beer in the clubhouse? Do you think that is evidence of a culture of compliance or should people, who are old enough to legally drink, be allowed to make that choice on their own? Does the move strengthen the Red Sox in any of their communities: themselves, their fans, the American League East Division or in the eyes of Major League Baseball? What about some of the benefits that Woods listed: will the Red Sox players be more productive or indeed even have greater employee satisfaction? Will the employees become more self-governing and impose discipline among themselves? What about those pesky Buffalo wings that were NOT banned; what role do they play in all of this? Alas, I do not have answers for the above, only questions, questions, and more questions…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

FCPA and Bribery Act Best Practices- Written Compliance Policies and Procedures

One of the areas which is universally listed as a component of a best practices compliance policy under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and OECD Good Practices is that of a written compliance code. However this is not an area that most compliance practitioners spend much time thinking about in the implementation, assessment or updating of their company’s compliance program. This article will discuss some suggestions to aid your efforts to create effective written compliance policies and procedures.

The following language for each of the above laws or policies sets out what is expected in the area of a written compliance policy and procedures:

• US Sentencing Guidelines-written standards and procedures to prevent and deter criminal conduct.
• UK Bribery Act-clear, practical and assessable written policies and procedures.
• OECD-written policy that clearly states that bribery is prohibited.
• Recent DPAs (IE, Panalpina Settlements)-clearly articulated and visible policy.

In his book entitled, “Achieving 100% Compliance of Policies and Procedures” author Stephen Page lists five key areas which he believes should be addressed in writing effective compliance policies and procedures. He believes that if a compliance practitioner follows these pointers in drafting and implementing compliance policies and procedures, the “highest degree of success” can be achieved. His five suggestions are as follows.

1. Management Commitment- A Key to Success or Failure. While it is true that without top management commitment, any compliance program will not succeed. However Page defines this as more than simply “Tone at the Top”. Here Page suggests have at least one senior management be a sponsor of written policies and procedures. This not only demonstrates commitment but also provides the compliance practitioner a liaison to other senior managers.
2. Importance of Writing “Effective” Policies and Procedures. Here Page focuses on the word “effective” and he defines this as “producing a decided, decisive, or desired effect.” He also suggests that the policies and procedures be well coordinated throughout and each written document should be “convincing, proficient and competent.”
3. Plan of Action for Writing Effective Policies and Procedures. In his book, Page lists out a very detailed 40-step plan of action for writing effective. This 40-step plan is broken down into four general areas. They include: (1) research and analyze; (2) publish and communicate; (3) check and audit; and (4) report and improve. The delineation of the 40-step plan into these four phases allows the work to be segmented, if appropriate into a group project.
4. Flow Chart. Page believes that by the use of a flow chart in the writing process, can show the author(s) where “fuzzy processes and procedures disrupt quality and productivity.” Such a technique allows the person or group involved in the drafting process to both “define the boundaries” of each policy and procedure and to assist in the final output.
5. Writing Format. Page defines this term as providing “a structure for information collected during the research and analysis phase of writing.” He notes that any reader of policies and procedures is there to find information quickly and efficiently. The writing format should be clearly understood and obvious to the reader. Headings should direct the reader’s attention and the content should be clear and concise. Lastly, any changes or revisions made to policies and procedures should be clearly set out so it is communicated to the reader.

As noted above, written compliance policies and procedures is a key to any best practices compliance program. Stephen Page has provided thoughtful, yet concrete guidelines to assist the FCPA or Bribery Act compliance practitioner to create written policies and procedures which are understandable and accessible to your company’s employees. We commend his book to you as a valuable resource.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011