What Is The Focus Of The Guidelines?
On April 8th 2004 the United States Sentencing Commission voted unanimously to amend the Federal Sentencing Guidelines, including substantial amendments to the Organizational Guidelines. The new amendments took effect on November 1, 2004 and many organizations are still trying to comprehend its impact on their operations.
In this article we break down the significant changes to the Federal Sentencing Guidelines to help organizations understand the direction the regulatory environment is heading and how to sculpt in mind your training programs with the Guidelines to reduce the risk of penalties in the event of a lawsuit or claim.
What Are The Federal Sentencing Guidelines?
Organizational Guidelines are rules that set out a uniform sentencing policy for convicted defendants in the United States federal court system. The Guidelines reflect the principle of criminal law that an employer is responsible for the actions of its employees and agents. The theory is that each organization shares a degree of culpability where an employee acts in an unlawful manner, even if the organization neither knew nor approved of their actions. The Organizational Guidelines outline the appropriate punishment for an organization that is convicted of a crime, which may range from probation to community service to the payment of hefty fines.
The Organizational Guidelines have undergone a paradigm shift in overall philosophy from focusing simply on compliance to a broader perspective that examines corporate culture and the role of both ethics and compliance. Consistent with this shift in focus, the amendments have established more rigorous requirements and even a "definition" for an effective Compliance and Ethics Program and placed greater responsibility on boards of directors and executives for their oversight and management.
In meeting these new responsibilities and requirements, organizations can benefit, as the amended Organizational Guidelines offer a reduced sentence to organizations convicted of a federal crime if that organization can demonstrate that notwithstanding the violation, it had an effective Compliance and Ethics Program in place. While these guidelines are not mandatory, organizations need to follow them closely in order to experience their benefit.
Furthermore, many prosecutors, both at the state and federal level, carefully examine and factor into their prosecutorial decisions (including whether to prosecute in the first place) the level to which an organization can demonstrate its commitment to engendering a workforce culture committed to compliance. Invariably the Federal Sentencing Guidelines' definition of such effective compliance and ethics programs is the yardstick against which organizations are compared.
What Is The Definition Of "An Effective Compliance And Ethics Program"?
According to Federal Sentencing Guidelines § 8B2.1, to have an effective Compliance and Ethics Program, an organization should:
1) Exercise due diligence to prevent and detect criminal conduct; and
2) Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
This does not happen by fiat and organizations must recognize that effective communication of corporate policies and procedures can't be achieved by simply creating brochures and stating they have a commitment to ethics. To oversee this initiative, the Guidelines recommend the creation of the post of Chief Ethics Officer or Chief Compliance Officer. This officer should be empowered with the authority and resources to carry on his duties and have direct access to the top executives. The position is becoming more and more ingrained in the corporate hierarchy. Where as five years ago, there were but a handful in Fortune 500 companies, today an increasing number of organizations have created and filled the post.
How The Guidelines Have Changed
To see how the Guidelines have been changed, we should take a look at the original seven hallmarks of an Effective Compliance and Ethics program. To demonstrate the presence of an effective Compliance and Ethics program, an organization is expected to have, at a minimum, the following key ingredients:
1) Prevention and Detection Procedures: Establish standards and procedures to prevent and detect criminal conduct;
2) High Level Oversight: Assign specific individuals within high-level personnel an overall responsibility to oversee compliance and provide adequate resources and authority to carry out such responsibility;
3) Due Care: Use reasonable efforts not to include within high authority personnel any individual who engaged in illegal activities or other improper conduct;
4) Training and Communication: Make effective compliance and ethics training a requirement for all of the organization's employees and agents, including the upper levels, and establish that this communication and training obligation is ongoing, requiring periodic updates;
5) Monitoring: Take reasonable steps to achieve compliance, specifically, use auditing and monitoring systems designed to detect criminal conduct, and use internal reporting systems to report or seek guidance regarding potential or actual criminal conduct, allowing for anonymity and confidentially mechanisms;
6) Consistent Enforcement: Enforce and encourage compliance through, respectively, disciplinary measures and appropriate incentives to perform in accordance with the program; and
7) Response and Prevention: Take reasonable steps to respond to and prevent further similar criminal conduct.
The new Guidelines have 10 additional recommendations, with each item intended to synchronize the Guidelines with Sarbanes-Oxley and emerging public and private regulatory requirements. The 10 recommendations are:
1) Tone At The Top: Emphasize the importance within the Guidelines of an organizational culture that encourages a commitment to compliance with the law;
2) Conduct And Internal Control: Provide better description of compliance standards and procedures, i.e. the standards of conduct and internal control systems that are reasonably capable of reducing the likelihood of violations of the law;
3) Leadership Accountability: Specify the responsibilities of an organization's governing authority and organizational leadership for compliance;
4) Resources and Authority: Emphasize the importance of adequate resources and authority for individuals with the responsibility for implementing a Compliance and Ethics Program;
5) History of Violations: Replace "propensity to engage in violations of the law" with a more objective requirement of determining if there is a "history of engaging in violations of the law";
6) Conduct Training: Include both training and dissemination of training materials within the definition of an effective Compliance and Ethics Program;
7) Evaluate Programs: Add periodic evaluation of the effectiveness of a Compliance and Ethics Program to the requirement for monitoring and auditing systems;
8) Risk Assessment: Provide for the ongoing risk assessment as part of an effective Compliance and Ethics Program;
9) Encourage Employees: establish a system for employees not only to report actual violations, but also to seek guidance about potential violations, in order to encourage prevention of violations; and
10) Whistleblower System: Require a mechanism for anonymous reporting.
Perhaps the most ambiguous of the additional recommendations to the Guidelines is the focus on risk assessments. The amended Organizational Guidelines expressly provide, as an essential component of the design, implementation and modification of an effective program, that an organization is expected to periodically assess the risk that criminal conduct will occur, including addressing the following:
In other words, companies are expected to demonstrate that they have identified risk areas where criminal violations may occur. An organization should also demonstrate the use of an auditing and monitoring system to detect criminal conduct, and periodic evaluations of the effectiveness of the program.
The Seven Keys To Implementing An Effective Compliance And Ethics eLearning Program In Your Organization
Sarbanes-Oxley and other regulatory requirements require organizations to implement an 'effective compliance program.' The Guidelines, in particular, place heavy emphasis on training for all employees at all levels within an organization, as these training programs communicate the organization's values and demonstrate a commitment to disseminating this message.
An increasing number of organizations are turning to eLearning compliance and ethics training providers, for they can efficiently deliver training in a more cost-effective manner than traditional forms of training. Unfortunately, many organizations achieve inadequate results given the considerable time and money spent. There is a way to do it right and below are seven tips that will assist you in implementing 'an effective compliance program' in your organization and increasing workforce participation and usage.
1. Understand the necessity of the program and make the commitment
Implementing an effective compliance eLearning program is a preventive measure against misconduct, and it also demonstrates a commitment to encouraging ethical behavior. Not all programs are created equally, however. If it looks like 'window dressing' to your employees, it will not be taken seriously and will not sufficiently protect you in the event of a lawsuit or claim.
2. Set the proper tone from the top
When senior management is truly engaged in the compliance and ethics training program initiative, it significantly increases the likelihood that it will be embraced by all employees, because they will see that it is an important part of the corporate culture.
3. Understand that technology is half the battle
Corporations often undervalue the importance of technological simplicity in eLearning programs. While the content must be accurate and engaging to educate employees, it is also important for the program to be easy to use. When a program has too many 'bells and whistles,' it can lose its functionality and effectiveness.
4. Be demanding and invest in quality - it is less expensive than you think
Often, the implementation of an enterprise-wide compliance and ethics training program is the employees' only exposure to the effort of the corporate legal department. Therefore, the quality of the programs and underlying technology directly affect how employees consider their corporation's commitment, or lack thereof, to compliance and ethics. Basic PowerPoint or click-and-read eLearning programs convey that the organization does not take compliance and ethics seriously.
5. Respect employees' time
Well-designed eLearning programs balance subject relevance and program completion time. An imbalance of these concepts either builds employee resentment over long programs that divert employees from their primary responsibilities, or decreases comprehension and retention due to material irrelevant to the learner, over which they lose interest.
6. Demand that vendors disclose any possible conflicts of interest
It has become increasingly vital that boards of directors ensure their organization's business dealings reflect ethical and fair transactions at all times. Therefore, you must make sure your outside advisors do not have a conflict of interest when recommending a particular solution to your organization. You will spare yourself aggravation and embarrassment later.
7. Learn from open standards, best practices, and the experiences of others
Historically, it has never been easy to implement effective eLearning compliance programs, because they must successfully merge company culture, technology, adult instructional design, and the law itself. Fortunately, there are pioneers in this industry that share their experiences and insights on best practices. Organizations looking to benefit from this knowledge may look to such leading groups as: