Generic Guidance on Effective Corporate Compliance Programs

Sf Hallmarks of Effective Compliance Programs Individual companies may have different compliance needs depending on their size and the particular risks asso- ciated with their businesses, among other factors. When it comes to compliance, there is no one-size-fits-all program. Thus, the discussion below is meant to provide insight into the aspects of compliance programs that DOJ and SEC assess, recognizing that companies may consider a variety of factors when making their own determination of what is appropriate for their specific business needs.>’° Indeed, small- and medium-size enterprises likely will have different compliance programs from large multi-national corpora- tions, a fact DOJ and SEC take into account when evaluat- ing companies’ compliance programs. Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffec- tive. Because each compliance program should be tailored to an organization's specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corpo- rate compliance program most appropriate for that particu- lar business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company. Managers and employees take their cues from these corporate leaders. Thus, DOJ and SEC consider the commitment of corpo- rate leaders to a “culture of compliance”?! and look to see if this high-level commitment is also reinforced and imple- mented by middle managers and employees at all levels of a business. A well-designed compliance program that is not enforced in good faith, such as when corporate man- agement explicitly or implicitly encourages employees to engage in misconduct to achieve business objectives, will be ineffective. DOJ and SEC have often encountered compa- nies with compliance programs that are strong on paper but that nevertheless have significant FCPA violations because management has failed to effectively implement the pro- gram even in the face of obvious signs of corruption. This may be the result of aggressive sales staff preventing com- pliance personnel from doing their jobs effectively and of senior management, more concerned with securing a valu- able business opportunity than enforcing a culture of com- pliance, siding with the sales team. The higher the financial stakes of the transaction, the greater the temptation for management to choose profit over compliance. A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards. Compliant middle managers, in turn, will encourage employees to strive to attain those standards throughout the organizational structure?” In short, compliance with the FCPA and ethical rules must start at the top. DOJ and SEC thus evaluate whether senior management has clearly articulated company stan- dards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization. Code of Conduct and Compliance Policies and Procedures A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the com- pany’s behalf. Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company HOUSE_OVERSIGHT_022559