At the risk on the front end of sounding self serving as an ethics speaker and trainer, the reality is – interest in ethics training and compliance programs – is increasing and I’m not so sure it is solely for reasons of the common good. Ethics, by their nature, are hard to define as they are not objective in nature. However, ethics training and compliance programs effectively implemented in a company serve as an excellent defense when there is a breach of ethics by an employee.
New guidelines have been issued that raises the stakes and clarifies the role of ethics training and compliance. The Sentencing Commission has introduced four new requirements for the receipt of the compliance and ethics program credit:
(1) those with operational responsibility of the compliance and ethics program must report directly to the governing authority or its subgroup, such as an audit committee of the board of directors;
The question I often face in my ethics and compliance work is – short of a Chief Ethics Officer – who has the operational responsibility for compliance and ethics training? More times that not, this role is combined with HR in smaller operations. Yet, the combination of that role creates reporting problems. It’s clear that, in order for the program to work, whomever is charged with the operation of the program must have direct access to those whose roles are deemed independent enough to take ethics issues seriously.
(2) the compliance and ethics program must detect the offense before its discovery outside the organization or before such discovery was reasonably likely;
As the requirements provide – the program must be effective in detection. More times that not, as I evaluate ethics programs of client companies, I find that detection is given “lip service”. Honestly, most program in ineffective on that front. Having a program is not enough, rather, the detection factor is a critical component. In many cases the most effective way to evaluate detection is to test the system for failures. Breaches in the system – detected early on – can be corrected so this component of the ethics defense can be utilized.
(3) the organization must promptly report the offense to the proper governmental authorities; and
I am not an attorney, but often I find that organizations weigh the legality of the ethics or misconduct breach with the PR implications of a potentially public disclosure. Organizations are finding the reality of reporting a practical necessity and, now, a needed part of an effective program.
(4) no person with operational responsibility in the compliance program participated in, condoned, or was willfully ignorant of the offense. If these requirements are met, corporations may receive credit for their compliance and ethics program.
Furthermore, the Sentencing Commission has clarified the definition of an effective compliance and ethics program for the purposes of the culpability score reduction. The Commission elaborates upon the previous requirement of the Guidelines that, after criminal conduct has been detected, the organization must take reasonable steps to respond appropriately and to prevent similar criminal conduct in the future. Specifically, newly added language to the Guidelines clarifies that an appropriate response to criminal conduct is to remedy the conduct’s harm through, for example, restitution to victims, and that the organization must assess its compliance program, potentially with the assistance of an outside professional advisor.
Most companies now need the services of an independent professional adviser in order to evaluate their current program, test the effectiveness there of and help craft any solutions to weaknesses found therein. Again, at the risk of sounding self-serving, regardless of whom you select, it is important evaluate and potentially shore up ethics and compliance programs.
These recent changes appear to shift the inquiry from an organization’s high-level personnel to the effectiveness of its compliance and ethics program. The changes also clarify the reasonable steps that an organization must take to respond appropriately to criminal conduct and to prevent similar criminal conduct in the future. Organizations may, therefore, choose to tailor their approach to their compliance and ethics programs based on these modifications, unless Congress prevents the changes from taking effect on November 1, 2010.
Whether the changes take effect on November 2010 or not, the guidance provided for Corporate Governance is valid and worth action.