Compliance & Ethics Professional Vol. 7 / No. 6 12 / 2010 A - PDF document

Compliance & Ethics Professional Vol. 7 / No. 6 12 / 2010 A PUBLICATION OF THE SOCIETY OF CORPORATE COMPLIANCE AND ETHICS TOP STORIES INSIDE 4 Integrity earns trust 6 Travelers be aware: Common threats and tips to keep you secure 10 Slow road to export reform 12 What you don’t know about high performance 21 After the Misconduct: Restoring morale and a culture of compliance 28 Ten reasons your compliance program is outdated 30 The evolving role of the chief compliance and ethics officer: A survey by SCCE and HCCA 32 Compliance and the Dodd-Frank Era: The case for engaging Meet Paul J. McNulty employees Partner and Chair of Global Compliance, 42 Best Practices in anti- Baker and McKenzie, LLP corruption: The UK Bribery Act guidance

1. Prevention and Detection 2. Oversight Compliance in the Dodd-Frank Era: The case for engaging employees By Patricia J. Villareal; Henry Klehm, III; and Richard C. Rosalez When President Obama signed of corporate ethics and compliance preventing all criminal activity. Tie the Dodd-Frank Wall Street Reform programs as they determine sentences most comprehensive compliance pro- and Consumer Protection Act into for corporate criminal conduct. Of gram cannot stop an employee bent law in July 2010, he ushered in course, an efgective compliance pro- on committing a crime or violating sweeping reforms of fjnancial regu- gram should detect and prevent a industry regulations. Tius, a failure lation unseen since the New Deal. wide range of misconduct that may to prevent or detect an ofgense “does Although the Act is focused largely not always also constitute crimi- not necessarily mean that the pro- gram is not generally efgective.” 3 on increasing transparency and nal violations of law. Compliance oversight of the fjnancial services encompasses civil law liabilities, industry, some of the reforms reach industry-specifjc regulations, and The seven basic elements every business organization subject to individual corporate policies. Both Tie Guidelines set forth basic the federal securities laws. Although the SEC and DOJ have established requirements of any compliance and compliance and ethics programs are policies regarding enforcement deci- ethics program that “encourages ethi- a comparatively recent development, sions and sanctions that incentivize cal conduct and a commitment to compliance with the law.” 4 Tie seven corporations have relied on them to the implementation of an efgective conduct business ethically, to prevent ethics and compliance program, self- elements are: and detect violation of company poli- policing, self-reporting, remediation and cooperation. 2 Typically, the issue cies and applicable laws, to protect Businesses must establish the company’s reputation, and to of whether the program was efgective processes to prevent and detect mis- minimize burdensome and costly or not plays a major role in reaching conduct. Companies must take steps implications of non-compliance, a resolution with the authorities when such as monitoring, auditing, and including disruption of business and problems arise. testing to ensure that their employ- litigation. Tiis article reviews the ees do not engage in misdeeds as they well known components of efgective Building a culture of carry out their responsibilities. compliance programs, the key pro- compliance visions of the Dodd-Frank Act that Tie Sentencing Guidelines out- Tie board must know how the reach every public company, and line elements of efgective compliance program operates and oversee its some recommendations to enhance and ethics programs. In describing implementation and efgectiveness. the efgectiveness of compliance pro- those elements, the Guidelines artic- Tie Guidelines require a high-level grams in light of the Dodd-Frank ulate broad goals for programs. Tie employee or employees be assigned reforms. organization must “diligently prevent responsibility for the program, Virtually every model for an and detect criminal conduct and typically a chief compliance offjcer efgective corporate compliance pro- promote a corporate culture of ethi- (CCO) or Compliance Committee, gram starts at the same place: the cal conduct and legal compliance.” and that the CCO or committee US Federal Sentencing Guidelines. 1 The programs must be “reason- report to the board or a board com- Federal courts use the Guidelines ably designed, implemented, and mittee. Tie responsible party must when evaluating the efgectiveness enforced.” Tie Guidelines recognize have “adequate resources, appropriate of the design and implementation that any program will be incapable of 32 COMPLIANCE & ETHICS PROFESSIONAL DECEMBER 2010 www.corporatecompliance.org

7. Remediation 6. Enforcement 3. Qualifjed compliance offjcers 4. Training systems 5. Evaluation and reporting authority, and direct access” to the that fear is real or not. Corporations they can make their program more board. should feature hotline information efgetive and implement the necessary prominently in company literature, modifjcations. Tie compliance program must websites, and the work place. Infor- include measures to exclude individu- mation about the hotline should The whistleblower provisions als of questionable integrity from doing emphasize the availability of anonym- Tie Dodd-Frank Act’s most sig- business for – or sometimes with – the ity and the prohibition of retaliation. nifjcant compliance-related reform company. Tiis requirement is practi- is the adoption of new whistleblower provisions. 6 The provisions were cally implemented through employee, Tie sixth basic requirement is agent, and business partner screening that the program be promoted and expressly designed to “motivate those to avoid individuals and entities with enforced consistently throughout with inside knowledge to come for- prior problems. the corporation. Tiis must include ward and assist the Government to appropriate discipline for engaging in identify and prosecute persons who Tie company must train employ- or failing to prevent or detect crimi- have violated the securities laws and ees, and periodically communicate nal conduct. It is essential to enforce recover money for victims of fjnancial fraud.” 7 Under the new provisions, the components of its compliance disciplinary standards uniformly, and ethics program to all levels of regardless of the revenue generat- the SEC must now pay bounties to the company. A corporation can ing contribution of the ofgending whistleblowers for “original informa- make a much stronger case for employee. Some programs also tion” relating to possible violations of having an efgective compliance pro- provide incentives for ethical and the federal securities laws that lead gram if employees, offjcers, agents, compliant behavior. to a successful federal injunctive and partners are regularly trained on action or administrative proceeding compliance standards. When problems are found, the brought by the SEC. Tie awards can organization must take reasonable range from 10% to 30% of all fjnes steps to respond appropriately to and penalties over one million dollars recovered in the enforcement action. 8 Tie Guidelines call upon com- the conduct and to prevent further panies to evaluate the efgectiveness of similar conduct, including modify- Tie whistleblower’s information their programs, and to maintain and ing the company’s compliance and must be “original,” meaning infor- publicize a reporting system for vio- ethics program. Recent amendments mation that (a) “is derived from the lations, a.k.a., a hotline for reporting to Guidelines application notes independent knowledge or analysis of issues and complaints. Tie com- state that a reasonable response may a whistleblower,” (b) “is not known pliance offjcer should periodically include remediation of any harm to the SEC from any other source,” report on the program’s efgectiveness resulting from the misconduct, as and (c) “is not exclusively derived to senior management and the board, well as self-reporting and cooperation from an allegation made in a judi- and at times, use independent profes- with authorities. cial or administrative hearing, in a sionals to audit and test compliance governmental report, hearing, audit processes and identify opportunities Ongoing assessment and or investigation, or from the news for improvement. improvement media.” Individuals convicted of a In this day and age, hotlines are Tie Guidelines also include fjnal criminal violation resulting from the preferred method of reporting instructions that companies must the conduct underlying the report to conduct or seeking compliance and periodically assess the risk of criminal the SEC cannot qualify as whistle- ethics advice. Tie hotline should conduct and take appropriate steps to blowers – but nearly everyone else allow for anonymity so that employ- design, implement, or modify each can. Individuals who are involved of the seven basic elements. 5 Compa- ees can use the system without fear in the conduct can report it and CONTINUED ON PAGE 34 of retaliation, regardless of whether nies should regularly examine how www.corporatecompliance.org DECEMBER 2010 COMPLIANCE & ETHICS PROFESSIONAL 33