Monday, February 1, 2010

Compliance officer alert: mitigating corporate culpability for criminal wrongdoing

Corporate compliance officers don’t need a crystal ball to figure out that the enforcement environment under the Obama administration is getting more serious. But as to white collar crime, the outlook may be improving for corporations with effective compliance and ethics programs in place – or at the very least, there is now a little more guidance on how to mitigate corporate culpability for criminal conduct.

On January 21, the US Sentencing Commission (USSC) published its proposed amendments to the sentencing guidelines, policy statements and commentary, including proposed changes related to sentencing of organizations (75 FR 3525). The USSC also made a request for comment that should be on every corporate compliance officer’s radar – whether the three-point reduction in culpability score awarded for effective compliance programs should be permitted even when high-level personnel are involved in the commission of a criminal offense.

This very desirable credit at sentencing would be awarded only if:

  1. The responsible compliance personnel have direct reporting authority to the board of directors level (e.g., a board audit committee);

  2. The compliance program successfully detected the offense before discovery, or a reasonable likelihood of discovery, outside of the organization; and

  3. The organization promptly reported the offense to the appropriate authorities.

The contemplated change is designed to encourage reporting to the board by responsible compliance personnel. Obviously such a structure would permit compliance officers to bypass high-level offenders who would otherwise be motivated to conceal, rather than reveal and remedy, the wrongdoing. For corporations that are serious about implementing effective compliance programs, this can’t be a bad idea.

And it permits the court to reduce fines and penalties against a corporation even when its officers are involved in criminal conduct – that’s good for the corporation, and perhaps more importantly, it’s good for the real owners, who are its shareholders.

Document retention policies. As to the seven minimum requirements under §8B2.1(b) of the guidelines, a proposed amendment expands the application note for the second requirement, which is directed to high-level knowledge and responsibility for effective programs (§8B2.1(b)(2)). The amendment clarifies that “high-level personnel and substantial authority personnel should be aware of the organization’s document retention policies and conform any such policy to meet the goals of an effective compliance program under the guidelines and to reduce the risk of liability under the law.”

A similar proposed amendment applies to employees. The application note for §8B2.1(c), which requires that an organization periodically access the risk of criminal conduct and take appropriate steps to reduce the risk identified, adds an assessment of ethics and compliance functions, and the example that “all employees should be aware of the organization’s document retention policies and conform any such policy to meet the goals of an effective compliance program under the guidelines and to reduce the risk of liability under the law.”

Both of these proposed amendments would add another compliance hoop to jump through, but arguably, it makes good business sense that corporations have document retention policies that are effective and understood and implemented by both employees and upper management.

When criminal conduct is discovered. An application note would also be added for the seventh minimum requirement of effective corporate compliance and ethics programs (§8B2.1(b)(7)), which sets forth the reasonable steps that should be taken after criminal conduct is detected:

First, the organization should respond appropriately to the criminal conduct. In the event the criminal conduct has an identifiable victim or victims the organization should take reasonable steps to provide restitution and otherwise remedy the harm resulting from the criminal conduct. Other appropriate responses may include self-reporting, cooperation with authorities, and other forms of remediation. Second, to prevent further similar criminal conduct, the organization should assess the compliance and ethics program and make modifications necessary to ensure the program is more effective. The organization may take the additional step of retaining an independent monitor to ensure adequate assessment and implementation of the modifications.

This is where the rubber meets the road – will the corporation become part of the problem or part of the solution? Arguably, good business sense dictates remediation of the harm – as to self-reporting, that may be harder to sell.

The USSC is accepting comments through March 22, 2010 on its proposed amendments and issue for comment. Will the proposed amendments and the issue for comment become final? That remains to be seen.

In the meantime, forward-looking corporate compliance officers should contemplate changes to corporate compliance and ethics policies based on the USSC’s proposed amendments. Considering that one of the principles under the sentencing guidelines permits a federal court to divest an organization of all its assets when it has operated primarily for a criminal purpose or by criminal means, there’s a lot at stake. It’s true that such a sentence is rarely imposed, but culpability plays a key role in sentencing – erring on the side of policies that mitigate any culpability just makes good business sense.

No comments:

Post a Comment