In our last alert, we discussed the first three fundamental categories of an effective compliance program: (1) Risk Assessment; (2) Management Buy-in; and (3) Code of Conduct [see our previous alert for the full discussion on these categories]. The next four are just as crucial:
These core principles are the foundation of an effective compliance program in any size business. The ways in which the principles are implemented, however, will vary depending on the context of the business. Such adaptations for different sized businesses will be the subject of a future alert. But all leaders should consider whether their business has a compliance program at all and, if so, whether it is sufficiently robust to address each of these principles. If not, the first step is for management to direct an integrity evaluation and risk assessment and implement or upgrade the current compliance program.
- Training and Communication: An effective compliance program must be clearly communicated to all levels of the organization. Communication alone, however, is not enough. The company must allocate the resources to provide and document effective training of employees with regard to compliance issues.
- Reporting: Reporting includes at least two critical aspects. First, the company must be clear that every employee has both the duty, and also the opportunity, to report any potential violation of the company’s integrity program. That reporting should be designed so that, if necessary, the information reported is kept confidential, and the reporting employee may remain anonymous. There must be an express (and enforced) prohibition on retaliation for such reporting. Second, there must be clear channels for updates, oversight, and lessons-learned to be communicated to senior management.
- Third parties: An effective compliance program does not only look inward, but also looks outward. Policies and procedures to perform due diligence on third-party business partners are essential to any compliance program. The company must communicate its ethical standards and values expressly to third-party partners. Contracts with such partners should include reference to the company’s integrity compliance program, audit rights, and provision for termination if that partner is found to have violated such standards. There must also be ongoing monitoring of the relationship, including requesting annual compliance certifications, audit rights, and proper internal controls to monitor the payments made to those third-parties.
- Testing, Review, and Adaptation: No integrity program can be constantly effective without continuous improvement. The program must include policies for the regular reevaluation of risk, review of the business environment, testing of controls, and assessment of the program’s current suitability. Further, each time an investigation is conducted, the company should review the process to determine whether improvements should be made. When appropriate, modifications should be made to overcome the shortcomings identified.
- Partner
Heather Hatfield represents clients in corporate investigations, white-collar crime investigations and defense involving the Foreign Corrupt Practices Act (FCPA), complex contract disputes, oil and gas litigation ...
- Partner
Blake Runions assists clients with broad range of business disputes and investigatory matters, including partnership disputes, internal investigations, and commercial litigation.
Prior to joining the Firm, Blake worked in the ...
- Associate
Jamie Godsey represents public and private corporations, partnerships, and small companies on a broad range of complex business and commercial litigation. Her experience includes a wide variety of matters such as contractual ...
Recent Posts
- Best Practices to Ensure Compliance with Upcoming Data Protection Regulations
- Government Signals Focus on AI Enforcement and Data Protection
- CSF 2.0 – An Expanded Cybersecurity Framework for all Organizations
- Anti-Corruption Enforcement: 2023 Year-In-Review
- ComEd Settlement Proves the Foreign Corrupt Practices Act Is Not Limited to Foreign Corruption
- Compliance Challenges Arising from the Use of ChatGPT and Artificial Intelligence
- Human Resources Compliance Audits (Part 2)
- Human Resources Compliance Audits (Part 1)
- U.S. Attorneys’ Offices Implement New Voluntary Self-Disclosure Policy
- Anti-Corruption Enforcement: 2022 Year-In-Review
TopicsSelect Category
ArchivesSelect Month
- June 2024
- April 2024
- March 2024
- February 2024
- October 2023
- September 2023
- August 2023
- June 2023
- March 2023
- February 2023
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019