1-2 Corporate Compliance Practice Guide 2.03. Corporate Compliance Practice Guide



Similar documents
Compliance and Ethics Program

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

U.S. CORPORATE ETHICS AND COMPLIANCE POLICY

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

EADS-NA Code of Ethics

Sempra Energy Corporate Compliance and Ethics Plan This page is managed by the Director of Business Conduct (Last revised on )

Corporate Compliance and Ethics Program Effective as adopted on February 21, 2012

Establishing An Effective Corporate Compliance Program Joan Feldman, Esq. Vincenzo Carannante, Esq. William Roberts, Esq.

UNIVERSITY COMPLIANCE PLAN

US Sentencing Commission Compliance Recommendations Page 1 of 5

Summary. ViiV Healthcare Compliance Program U.S. Operations

EMERSON ELECTRIC CO. Employee Handbook for the Emerson Business Ethics Program

MNsure Compliance Program Strategic Plan. December 17, 2014

Our Vendor Code of Conduct

CORPORATE COMPLIANCE PROGRAM

Helix Energy Solutions Group, Inc. Code of Business Conduct and Ethics

Johnson Electric Group Code of Ethics and Business Conduct

MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S Revised

Asterias Biotherapeutics, Inc. Code Of Business Conduct And Ethics. March 10, 2013

SUCAMPO PHARMA AMERICAS, LLC COMPREHENSIVE COMPLIANCE PROGRAM

MEDICAID COMPLIANCE POLICY

CIVEO CORPORATION CORPORATE CODE OF BUSINESS CONDUCT AND ETHICS. Effective as of May 5, 2014

Administrative Policy and Procedure Manual. Code of Conduct Effective Date: 1/2005 Scope: Organizationwide Page 1 of 9

a. employees Company; or

CORNERSTONE THERAPEUTICS INC. SECOND AMENDED AND RESTATED CODE OF BUSINESS CONDUCT AND ETHICS

Destiny Media Technology s Code of Conduct

POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW

Fraud-Related Compliance

COMPLIANCE: THE NEW INTERNATIONAL LAW

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015

Evergreen Solar, Inc. Code of Business Conduct and Ethics

Approved by the Audit and Compliance Committee of the Providence Health & Services Board of Directors

PHI Air Medical, L.L.C. Compliance Plan

ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

Aligning Compliance Program Priorities with Business Objectives

The University of Texas Health Science Center at Houston Institutional Healthcare Billing Compliance Plan JANUARY 14, 2013

NextEra Energy Supplier Code of Conduct

SUBJECT: BUSINESS ETHICS AND REGULATORY COMPLIANCE PROGRAM & PLAN (BERCPP)

We will pursue our business with honor, fairness, and respect for the individual and. the public at large ever mindful that there

IMAX CORPORATION PROTOCOL FOR REPORTING SUSPECTED VIOLATIONS OF THE IMAX CODE OF ETHICS. (Whistle Blower Program)

WMACCA Small Law Department Initiative. Scaling a Compliance Program To Your Organization And Small Law Department

INSTITUTIONAL COMPLIANCE PLAN

Creating and Maintaining an Effective Ethics and Business Conduct Program

company policy number 0001 LEGAL AND ETHICAL CONDUCT

Code of Business Conduct

To date, U.S. federal courts have imposed monitors for violations of competition laws in two matters:

Message from the Co-Chairmen and Chief Executive Officers

Standards of. Conduct. Important Phone Number for Reporting Violations

Foreign Corrupt Practices Act Policy August 19, 2015

UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014

TITLE: Scripps Compliance Program

The Compliance and Ethics Essentials Toolkit

Policy-Standard heading. Fraud and Corruption Policy

Puerto Rican Family Institute, Inc.

Fraud Risk Management Procedures

VANDA PHARMACEUTICALS INC.

DIGITAL RIVER, INC. FOREIGN CORRUPT PRACTICES ACT AND ANTI-BRIBERY POLICY. (Adopted by resolution of the Board of Directors on December 1, 2011)

TEMPLE UNIVERSITY HEALTH SYSTEM CORPORATE COMPLIANCE PROGRAM TABLE OF CONTENTS PAGE A LETTER FROM THE CHAIR OF THE BOARD...2

CODE OF CONDUCT And CORPORATE COMPLIANCE PLAN SUMMARY

Integrity. Providence Integrity and Compliance Program Description

ASAE s Job Task Analysis Strategic Level Competencies

CODE OF ETHICS AND BUSINESS CONDUCT

1. Compliance with Laws, Rules and Regulations

PC CONNECTION, INC. CODE OF BUSINESS CONDUCT AND ETHICS

NewLead Holdings Ltd. Code of Ethics

This policy applies to UNTHSC employees, volunteers, contractors and agents.

Steve Todare A MESSAGE FROM OUR PRESIDENT

Code of Conduct and Ethics Effective December 17, 2014 Page 1 of 14. Code of Conduct and Ethics

Fiscal Policies and Procedures Fraud, Waste & Abuse

Minimizing Your Risks Under the Dodd-Frank Whistleblower Provisions

ELEPHANT TALK COMMUNICATIONS CORP. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

EDUCATION ABOUT FALSE CLAIMS RECOVERY

MOREHOUSE COLLEGE. Standards of Conduct Guide

This chapter examines an essential element of a

UMDNJ COMPLIANCE PLAN

Prepared by: The Office of Corporate Compliance & HIPAA Administration

BAPTIST HEALTH CORPORATE COMPLIANCE PLAN

CORPORATE GOVERNANCE

Five-Year Strategic Plan

CUBIC ENERGY, INC. Code of Business Conduct and Ethics

Supplier Integrity Guide

THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE

Third Party Code of. Business Conduct and Ethics

HIGHMARK INC. THIRD PARTY CODE OF BUSINESS CONDUCT

Fraud Waste and Abuse Training First Tier, Downstream and Related Entities. ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009

Federal Bureau of Investigation s Integrity and Compliance Program

TENET HEALTHCARE CORPORATION S QUALITY, COMPLIANCE AND ETHICS PROGRAM CHARTER. Updated May 7, 2014

Sample Healthcare Compliance Program

COMPLIANCE POLICY MANUAL

Corporate Compliance and Ethics

CHARTER FOR THE THE REGULATORY, COMPLIANCE & GOVERNMENT AFFAIRS COMMITTEE CHARTER THE BOARD OF DIRECTORS

Title: False Claims Act & Whistleblower Protection Information and Education

Health Management Annual Compliance Training

Code of Ethics and Corporate Compliance Program

Transcription:

1-2 Corporate Compliance Practice Guide 2.03 Corporate Compliance Practice Guide Copyright 2009, Matthew Bender & Company, Inc., a member of the LexisNexis Group. Chapter 2 Creating a Basic Compliance Program PART III: STRATEGY FOR CREATING AN EFFECTIVE COMPLIANCE PROGRAM AUTHOR: Zhenghui ''Leon'' Li GENERAL EDITOR: Carole Basri 1-2 Corporate Compliance Practice Guide 2.03 2.03 Strategic Analysis of the Components There are seven elements necessary for the creation of an effective corporate compliance program coupled with a risk assessment (or best practices/gaps analysis). The elements are based on the U.S. Sentencing Guidelines for Organizations (''Sentencing Guidelines''), as amended on November 1, 2004. See United States Sentencing Guidelines Manual 8B2.1 (2005). Moreover, an effective compliance program must ensure that the organization ''exercise due diligence to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.'' See United States Sentencing Guidelines Manual 8B2.1(a) (2005). The U.S. Sentencing Guidelines provide the framework for the design and implementation of the corporate compliance program. Its cornerstone is the risk assessment or best practices/gaps analysis. This analysis includes looking at the history of the corporation for vulnerabilities as well as best practices and gaps within the corporation to assess its risks and strengths. This is the underlying basis for considering the seven steps of an effective compliance program. The seven elements described in the U.S. Sentencing Guidelines for an effective compliance program are as follows: [1] The First Element: Standards, Procedures, and Processes for a Corporate Compliance Program

The standards, procedures, and processes for an effective compliance program should be drafted by the compliance/ethics office. This can be done in consultation with the legal department and risk management department, and, if appropriate, the human resources, finance, and information technology departments. The compliance/ethics office may also be assisted by the ethics committee if one is created. Critical to this first element of the compliance program is alignment of the standards, procedures and processes. [a] Written Policies and Procedures Examples of the types of written policies and procedures include the following documents: mission statement; a letter from the CEO/President on the importance of compliance; code of conduct/ethics; employee handbook; statement of policies addressing specific risk areas; and corporate compliance program guidelines. All of these documents provide standards and procedures to guide the officers, directors and employees in performing their respective responsibilities. [b] Alignment Further, the policies and procedures, set forth above, must be aligned with each other and, in particular, with the mission statement, code of conduct/ethics, standard policies, employee handbook, and corporate compliance program guidelines. Alignment is critical to the integrity of the compliance program. If the mission statement is inconsistent with the spirit and tone of the code of conduct/ethics, the program could lack a coherent message. Further, is the code of conduct/ethics merely the spirit of the program, or does it include the letter of the law? This is a strategic decision to be made at the outset of the program. For example, General Electric (''GE'') actually provides a two-part code of conduct/ethics entitled the ''Spirit'' and the ''Letter of the Law.'' The ''Spirit'' is a short version of the code of conduct/ethics, applicable to all employees globally, regardless of country or industry. The ''Letter of the Law'' is customized to the

specific code of conduct/ethics needs of a particular country and industry. Again, as the GE example illustrates, alignment is critical in determining how different written policies and procedures such as the code of conduct/ethics should be constructed for a particular corporation. Moreover, alignment is important not only in looking at the mission statement coupled with the code of conduct/ethics, but also as it relates to the other standard policies, employee handbook, and corporate compliance guidelines. Warning: For example, if the phrase ''sexual harassment and discrimination'' is used in the code of conduct/ethics, is it explained using the same terminology in the human resources policies and employee handbook concerning ''sexual harassment and discrimination''? Additionally, do the corporate compliance guidelines including, for example, how hotline inquires are handled on ''sexual harassment and discrimination'' issues, all aligned in terminology and procedures? Trap: If alignment does not occur, this could create confusion for employees as to what is ''sexual harassment and discrimination.'' Warning: Further, the corporation will have difficulty in disciplining, firing and prosecuting employees for such misconduct. Finally, the corporation will have difficulty in defending itself if there are inconsistent statements as to what constitutes ''sexual harassment and discrimination.''

Alignment is critical to training employees as well as auditing and monitoring the success or the lack thereof of the compliance program. [c] Internal Controls Internal controls, based on risk assessment, should be conducted in areas including, but not limited to, the following: Anti Money-Laundering; Attorney-Client Privilege; Advertising/Marketing; Antitrust/Competition; Corporate Governance; Corporate Social Responsibility; Customs; Conflicts of Interest; ediscovery; E-mails; Employment; Environmental; ERISA; Executive Compensation; Export Controls; False and Deceptive Advertising; Foreign Corrupt Practices Act/Anti-bribery; Fraudulent Financial Reporting; Gifts and Gratuities; Government contracting (FAR); Immigration/Migration; Insider Trading/Securities; Intellectual Property; Lobbying, Political Contributions and other political activities; New Business ''Alliances''; Procurement of Goods/Services; Records Management; Protection Security/Wiretapping; Privacy, Data and Information Security; Sexual Harassment; Subcontractors and Contract Labor; Tax; and Workplace Safety. Further, industryspecific areas should be included based on the particular product line and/or services offered by the company. For example, a pharmaceutical company needs to be aware of U.S. Food and Drug Administration (''FDA'') requirements. Please note that chapters specific to practice area and by industry are provided as part of this treatise. [2] The Second Element: Responsible Individuals (Chief Compliance Officer and Compliance Officers, the General Counsel, Board of Directors and Top Management of the Corporation) to Oversee and Manage the Compliance Program The Board of Directors should be knowledgeable about corporate compliance and oversee the compliance office. This requires regular semi-annual, quarterly and/or monthly reports on the activities of the compliance office to the Board of Directors and/or the Audit Committee of the Board of Directors. Such reports should be provided by the compliance office or through the legal department. In some cases, reporting is through the finance department. There are different advantages to each of these reporting choices, and the particular dynamics of the corporations should be

considered. The CEO/President of the corporation should provide leadership for the compliance program. This includes launching the compliance program with the message from the CEO/President. This leadership at the top sets the tone for the compliance program and is an essential element of creating a culture of compliance within the corporation. Further, top management must ensure the effectiveness of the compliance office by providing necessary personnel and funding. Top management should take a leadership role in fostering the compliance program by supporting the program in their daily activities. Finally, ''specific high-level personnel,'' which usually consists of the compliance officers in the compliance office, should be designated with the responsibility for the day-to-day operation of the compliance program. The chief compliance officer is critical to the success of the compliance program. For the compliance effort to succeed, the chief compliance officer should be afforded access to the CEO/President and the Board of Directors, as well as sufficient funding and staff. A chief compliance officer should be appointed to coordinate the activities of individual compliance ''officers'' at subsidiaries. Finally, it is vital that the chief compliance officer and all other compliance officers be known for their integrity and high ethical standards. The compliance officer's responsibilities include: overseeing and monitoring the implementation of the compliance program; reporting on a regular basis to the CEO/President and the Board of Directors/Audit Committee; periodically revising the program in light of new developments; developing, coordinating and participating in a multifaceted educational and training program that focuses on the elements of the compliance program; assisting the financial management in coordinating internal compliance reviews; monitoring high legal risk activities of the company; independently investigating and acting on matters related to compliance, including the flexibility to design and coordinate internal investigations; developing policies and programs that encourage managers and employees to report suspected fraud and other improprieties without fear of retaliation. These activities are only a few of the responsibilities of an effective compliance officer. [3] The Third Element: Exclusion of Certain Persons from the Corporate Compliance Function Under this element of the Sentencing Guidelines, the General Counsel and the Director of Human Resources should undertake reasonable efforts not to include in the compliance function any personnel of questionable integrity. This entails background checks on all employees involved in the administration and coordination of corporate compliance. In particular, the background of the chief compliance officer should be carefully investigated before his or her appointment. Background checks are essential to maintain the integrity of compliance office and its personnel.

Timing: Remember that background checks can only be performed at the time of hire or at the time of promotion or a salary increase. [4] The Fourth Element: Effective Communication of Compliance Standards and Procedures through Training The compliance office should take reasonable steps to communicate periodically, and, in a practical manner, its standards and procedures to directors, officers, and employees, by conducting effective training programs. Training should include, for example, the following areas: code of conduct/ethics; employment issues; antitrust and competition issues; information management, intellectual property, privacy issues, conflict of interests, and other relevant issues for the company. Such training programs should be tailored to the needs of particular segments of the company. For example, sales and marketing personnel should receive training in antitrust and competition, and senior officers and those travelling outside the U.S. should be trained on the Foreign Corrupt Practices Act (''FCPA'') and the OECD Anti-bribery Statutes. Warning: Further, training programs should include train-the-trainer programs where feasible, as well as internet-based training programs. While it may not be feasible for the compliance office to train everyone, a cascading training program featuring a small initial group from fifteen to twenty people taught by their immediate supervisor can be particularly effective in training on ethical issues encompassed in the code of conduct/ethics. Indeed, creating a culture of ethics is difficult without such highly effective train-the-trainer programs. Small training programs can also be particularly helpful, for example, in explaining the concept of attorney-client privilege and document management. Also, once the train-the-trainer program is completed, internet refreshers programs are extremely effective. The compliance office along with the human resources department should coordinate training to occur at the time of hiring as well as at regularly scheduled intervals at least once or twice a year. A corporate compliance

program cannot be effective without an adequate training program for all employees that is customized to the needs of the each employee. [5] The Fifth Element: Auditing, Monitoring and Reporting for the Compliance Program The compliance office should develop effective methods of auditing, monitoring and reporting. These activities encompass creating an anonymous hotline, publicizing the reporting system, protecting whistle blowers, setting up a regular auditing and monitoring schedule, providing for on-site visits and spot checks, publicize the results of the compliance program, and conducting exit interviews. Auditing, including spot auditing, and monitoring on all aspects of corporate compliance, with the assistance of the internal controls department and the finance department, should be performed at least quarterly and reported to the General Counsel and the Board of Directors/audit committee of the Board of Directors, on a quarterly basis. Timing: Further, the use of risk assessments for major areas of compliance risk, as a type of auditing and monitoring, should be conducted at regular yearly intervals. All employees should ideally be surveyed in such risk assessments. This is an excellent way to promote best practices within the company. Further, supporting such comprehensive and effective compliance risk assessment lends credibility to the auditing, monitoring and reporting function of the compliance program. Under this element of the U.S. Sentencing Guidelines, the compliance office should coordinate with the anonymous company-wide compliance hotline to flag problems concerning corporate compliance. This hotline can be done through adding prompts and changing prioritizations for follow-up on hotline communications. The hotline can be external, through one of the international hotline service providers or internal with a dedicated hotline unit established within the company in a segregated location. [6] The Sixth Element: Consistent Enforcement through Corrective Actions, Penalties and Incentives to Reinforce the Compliance Program

The compliance office should develop written policies on disciplinary standards and maintain an incentives system to encourage and promote the compliance program. These incentives and disciplinary standards should be disseminated to all new and existing employees. The policies should be incorporated in the employee handbook and adherence to compliance policies and procedures should be part of the annual review of an employee. [7] The Seventh Element: Continual Update and Renewal of the Compliance Program The compliance office should create a system to continually review and update the compliance guidelines. This will encourage best practices to be maintained in the training programs as well as in the auditing, monitoring, and reporting procedures. Further, the mission statement, policies and procedures, and internal controls should be reviewed and updated as necessary to meet the needs of the internal and external information flow, technological advances, and evolving legal requirements. Timing: At least every three years, but ideally every year, a complete risk assessment (best practices gaps analysis) should be performed by the compliance office to benchmark against comparable companies and ensure that the compliance program is conforming to best practices. This risk assessment is different from the compliance risk assessment surveying employees on compliance risks since it is conducted either by the compliance office or by an independent service provider.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information