Date: January 28, 2013 Lcatin: Frdham University Law Schl The Basics Rlling Out Yur Crprate Cmpliance Prgram Carle Basri Adjunct Prfessr Frdham University Law Schl Cell: 917-822-2447 Email: cbasri@yah.cm CBasri 2013 1
New Reasns T Implement a Cmpliance Prgram: Federal Sentencing Guidelines, revised as f Nv. 1, 2004, requiring a culture f ethics and a best practice gaps analysis t supprt the underlining structure f the crprate cmpliance prgram. Justice Department guidance n the prsecutrial decisins in the Hlder, Thmpsn, McNulty and, Filip Memrandum which states that in determining whether t charge a crpratin fr the criminal miscnduct f its emplyees, prsecutrs shuld cnsider, the existence and adequacy f the crpratin s cmpliance prgram. NY Stck Exchange Rule 303A.10 requiring NYSE-listed cmpanies t adpt cdes f business cnduct and ethics fr directrs, fficers, and emplyees which cdes are t be psted publicly. Further, waivers f the cde fr directrs r executives must be prmptly disclsed t sharehlders. NASDAQ Rule 4350 requires NASDAQ listed cmpanies t adpt a cde f cnduct fr directrs, fficers and emplyees which cdes are t be psted publicly. Further, waivers f the cde must be disclsed n a Frm 8-k within five days. Large settlements with gvernment against cmpanies withut effective cmpliance prgrams such as Siemens. Caremark Decisin (Del.ch.1996), persnal liability fr directrs fr versight f cmpliance. Gvernment Impsed Crprate Integrity Agreements 2
WAKE UP CALL FOR CORPORATE COMPLIANCE An effective crprate cmpliance prgram can: Help insulate a cmpany, and its fficers and emplyees, frm criminal and civil fines Prtect its bard f directrs frm persnal liability Create a culture f gd citizen crpratin (5% gd, 5% nt, 90% fllw) A prly cnstructed prgram can: Serve a radmap fr prsecutrs Damage mrale (emplyees view cde f cnduct as merely lip service by executives) Encurage fraud and unethical cnduct t cntinue 3
Revised Nv. 1 2004 U.S. Federal Sentencing Guidelines: Prmtes Culture f Ethics Includes Part C: Risk Assessment Part C plus Seven Elements Creates an Effective Crprate Cmpliance Prgram. 4
Part C- Risk Assessment (Best Practices-Gaps Analysis) Antitrust/ Cmpetitin Cnflicts f Interest Privacy & Data Prtectin Emplyment Envirnmental Exprt Cntrls False and Deceptive Advertising Freign Crrupt Practices Act UK Bribery Act Fraudulent Financial Reprting Gifts and Gratuities Gvernment Cntracting Insider Trading Intellectual Prperty Lbbying, Plitical Cntributins and ther plitical activities New Business Alliances Prcurement f Gds/Services Recrds Management Prtectin Security/Wiretapping Privacy f Cmmunicatins Sexual Harassment Scial Netwrking Subcntractrs and Cntract Labr Tax Wrkplace Safety US Patrit Act Anti-Mney Laundering Act 5
Seven Elements f An Effective Crprate Cmpliance Prgram are as fllws: 1. Standards and prcedures t prevent and detect criminal cnduct; 2. Bard must be knwledgeable abut and versee prgram; tp management must ensure effectiveness f prgram; specific individual(s) within high level persnnel must have respnsibility fr prgram; 3. Reasnable effrts nt t include within substantial authrity persnnel individuals wh rganizatin knew r shuld knwn have engaged in illegal activities r cnduct incnsistent with effective prgram; 4. Cmmunicate standards and prcedures by training directrs, emplyees and, as apprpriate, agents, and by ther means; 5. Mnitr and audit t detect criminal cnduct; evaluate prgram peridically; have and publicize a system fr reprting suspected vilatins and seeking guidance; 6. Prmte and cnsistently enfrce thrugh apprpriate incentives t perfrm in accrdance with the prgram and apprpriate discipline; and 7. After criminal cnduct is detected, take reasnable steps t respnd apprpriately and prevent further similar criminal cnduct, including necessary mdificatins t prgram. 6
First Element Written Plicies, Prcedures and Internal Cntrls fr Risk Areas include the fllwing: Standards f Cnduct Internal Cntrls Missin statement Letter frm CEO Cde f Cnduct r Cde f Ethics Emplyee handbk Crprate Cmpliance Prgram Guidelines Alignment f Cde f Cnduct, Plices and Prcedures, and Internal Cntrls 7
Secnd Element Bard must versee the cmpliance prgram. Tp management shuld take a leadership rle in fstering the cmpliance prgram. Designate specific High-Level Persnnel t versee cmpliance such as a cmpliance fficer. A cmpliance fficer is critical t the success f the cmpliance prgram. A chief cmpliance fficer shuld be appinted t crdinate the activities f individual cmpliance fficers at subsidiaries. The cmpliance fficer shuld have the fllwing: Direct access t CEO and Bard f Directrs, and Sufficient funding and staff The cmpliance fficer s respnsibilities include: Overseeing and mnitring the implementatin f the cmpliance prgram; Reprting n a regular basis t the CEO and cmpliance cmmittee; Peridically revising the prgram in light f new develpments; Develping, crdinating and participating in a multifaceted educatinal and training prgram that fcuses n the elements f the cmpliance prgram; Assisting the financial management in crdinating internal cmpliance reviews and mnitring activities; Independently investigating and acting n matters related t cmpliance, including the flexibility t design and crdinate internal investigatins; develping plicies and prgrams that encurage managers and emplyees t reprt suspected fraud and ther imprprieties withut fear f retaliatin. 8
Third Element Reasnable effrts nt t include in the cmpliance rganizatin persnnel f questinable integrity Crdinating backgrund checks n emplyees invlved in cmpliance administratin and crdinatin 9
Furth Element Effective cmmunicatin f Standards and Prcedures Training shuld include the fllwing areas: cde f cnduct; emplyment issues; cmpetitin issues; using e-mail, vicemail, newsletters, memranda, etc., t aid cmmunicatins; and ther tpics as necessary. Training shuld be at the time f hiring as well as regularly scheduled at least nce r twice a year as necessary. 10
Fifth Element Develping effective methds f mnitring, auditing reprting, and publicizing the system. Creating an annymus htline and prtecting whistle blwers; and Setting up a regular auditing and mnitring schedule including n-site visits and spt checks. Publicize results f the cmpliance prgram. 11
Sixth Element Cnsistent enfrcement thrugh crrective actins and incentives Written plicy n disciplinary standards; Create incentives system; and Disseminatin f standards t new and existing emplyees. 12
Seventh Element Take reasnable steps t respnd t detected criminal ffenses Detecting criminal vilatins; Cnducting internal investigatins; and Reprting criminal vilatins; and Updating the Crprate Cmpliance Prgram 13
Crprate Cmpliance Prgram Rll Out Phase I Phase II Phase III Phase IV Phase V High Level Cmpliance Assessment Develp an Overall Crprate Cmpliance Blueprint Evaluate and Develp Plicies in Substantive Areas Cmmunicatin, Training and Implementatin Cntinual Refining f the Prgram, Self-Assessment, Mnitring and Reprting High Level Review Interview Best Practices and Gaps analysis/ Risk Assessment Wrk Plan Senir Management Meeting Cde f Cnduct Crprate Cmpliance Prgram Guidelines Alignment f Cde f Cnduct; Plicies and Prcedures, Internal Cntrls and Emplyee Handbk Antitrust Scial Netwrking and Privacy Dcument Management Emplyment Envirnmental Intrduce Cde f Cnduct and Prgram Onging Cmmunicatin Plan Training Plan Training Material/n Intranet Training Schedule fr Train the Trainer and Internet Training Internal Cntrls Internal Audit Incentive System Internal Investigatin Prtcls Publicize reprting results Freign Crrupt Practices Intellectual Prperty Insider Trading Other Risk Areas 14
Phase I Cnducting a High Level Cmpliance Risk Assessment During Phase I, yu shuld: Frm a cmmittee; Interview key fficers and emplyees; Prepare a reprt n Risk Assessment, including Best Practices and Gaps; and Present the reprt n Risk Assessment, including Best Practices and Gaps. The Cmmittee shuld be cmpsed f at least the fllwing: CEO r President General Cunsel CFO Internal Audit Directr The Cmmittee shuld reprt t the Audit Cmmittee f the Bard f Directrs r directly t the Bard f Directrs Interview key fficers and emplyees f the cmpany and all subsidiaries including the fllwing: President, Business Develpment/Sales Marketing, General Cunsel/Outside Cunsel, Chief Financial Officer, Human Resurces Directr, Envirnmental Health and Safety, if any, Cmpliance Officer, if any, and Other key fficers and emplyees, as necessary 15
Based n the interviews, prepare a reprt n Risk Assessment, including Best Practices and Areas f Deficiency (gaps) based n the fllwing questins: What are yur key risk areas? What are the standards and prcedures that yu nw have in place in these risk areas? What are the areas yu have successfully limited risk and hw? What areas culd yu imprve in the cst t limit risk and hw? What is happening in such key areas as antitrust, envirnmental, emplyment, intellectual prperty and insider trading? Describe the cmpany culture tward crprate cmpliance and limiting risk. Present the reprt n Risk Assessment, including Best Practices and Gaps: The reprt shuld prvide a risk assessment fr relevant areas f law. The reprt shuld be presented t senir management and the Bard f Directrs. The reprt shuld be presented t the fficers f all subsidiaries wh were interviewed. Buy-in n the reprt shuld be encuraged. Create a Wrkplan which includes a timetable and an actin plan. 16
Phase II Develp an Overall Cmpliance Blue Print During Phase II, yu shuld: Lk at ther Cdes f Cnduct; Use the Cmmittee and Fcus Grups t develp a Cde f Cnduct; Custmize the Cde f Cnduct t the Cmpany culture; Custmize the Cde f Cnduct s it is suitable fr all emplyees; Make sure the Cde f Cnduct is user friendly and attractively packaged; Create a Missin Statement and letter frm the CEO t accmpany the Cde f Cnduct; and Create Cmpliance Prgram Guidelines. 17
Phase III Evaluate and Develp Plicies and Prcedures in Substantive Areas During Phase III, yu shuld: Inventry plicies and prcedures already in place (e.g., internal cntrls fr antitrust/cmpetitin, sexual harassment plicy, envirnmental plicy, etc.); Align, Cde f Cnduct, Plicy and Prcedures, Internal Cntrls and Emplyee Handbk; and Develp Plicies and Prcedures where Gaps exist as indicated frm the reprt n Best Practices and Gaps and brrw best practices, where necessary frm ther subsidiaries r utside the rganizatin (see trade assciatins, industry practice grups, law firms, cnsultants, seminars, such as Practicing Law Institute (PLI) and the Assciatin f Crprate Cunsel 18
Phase IV Cmmunicatin, Training and Implementatin During Phase IV, yu shuld: Intrduce Cde f Cnduct and Prgram; Onging Cmmunicatins Plan; Training Plan; Training Plan fr Fraud Preventin; Training Materials/n the Intranet; and Training Schedule. 19
Phase V Cntinual Refinement, Self-assessment, Mnitring and Reprting During Phase V, yu shuld have: Management Cntrls; Internal Audit System; Internal Cntrls; Incentive System; Internal Investigatin Prtcls, and Publicize Reprting Results An Effective Crprate Cmpliance Prgram is an early warning system fr risk cntrl thrugh the fllwing: Risk assessment prcess; Mnitring; Reprting (i.e., htline); and Training sessins 20
Make Yur Cmpliance Rllut Memrable Mements (tmbstnes, plastic cubes, pst-it ntes); Screen savers; Calendars; Intranet sites; and Frmal annuncements and invitatins t cmpliance event. Remember This is a marketing campaign! Yur prduct is a Cmpliance Prgram! Yur audience is yur emplyees! 21