2019 was a big year for ethics and compliance. In fact, it is easy to argue that since the adoption of the compliance provisions in the US Sentencing Guidelines in 1991, compliance had its biggest year.
The federal government issued three important documents in 2019 – DOJ issued the Evaluation of Corporate Compliance Programs from the Criminal Division (here) and from the Antitrust Division (here), respectively. The Department of Treasury’s Office of Foreign Assets issued its Sanctions Compliance Guidance (here). These documents, in substance and in form, are important indicators of the government’s focus and support of corporate ethics and compliance programs.
In the face of these important actions, companies would be foolish to ignore the clear and significant message from the government – if you invest in ethics and compliance programs and you suffer a compliance issue, we will credit your efforts and minimize the damage. The government has created enough incentives for companies to justify spending time and resources on design and implementation of effective compliance solutions.
The message from DOJ and OFAC is clear – invest in compliance and we will recognize your efforts should your company engage in misconduct. Of course, there are limits to this credit and the government is not going to turn a blind eye to systemic violations (e.g. Ericsson) – companies that suffer from real culture of corruption and systemic problems will continue to be hammered. The message from DOJ is more relevant to those companies that operate on the margins, where they devote time and attention to ethics and compliance but suffer a country-specific or product-specific problem far less than systemic.
With government guidance and incentives in mind, let’s look at some other important trends:
Ethical Culture and More Ethical Culture: DOJ’s Guidance fully embraced the importance of a company’s culture, and the need for companies to monitor and measure their respective cultures. It took a few years but DOJ now has fully embraced the importance of ethical culture. Frankly, it is about time. This is an important development because the industry was well ahead of DOJ on this issue and now DOJ is catching up.
CCOs are responsible for monitoring and promoting a company’s culture. They have to ensure that senior management devotes adequate time and attention to embed a company’s culture and promote its culture as an effective control against corporate misconduct. Indeed, an effective ethical culture is an important link to corporate profitability and should always be couched in financial terms not just in a strategy to reduce the risk of enforcement. Companies with ethical cultures are better performers in the marketplace – no one can dispute this basic premise.
Automation and Technology: CCOs have to embrace technology and specifically, automated systems. To be sure, CCOs understand the importance of automated functions. There are several functions that can be easily automated – third-party risk management; conflicts of interest; gifts, meals and entertainment; and hotlines and case management. Aside from these basic functions, CCOs have to devote time to financial issues that intersect with significant compliance issues.
As an example, consider the financial interactions with distributors. Many companies offer rebates, discount programs, and marketing fund allowances. These issues require compliance attention and oversight. Instead of relying on auditors and financial staff to identify potential red flags, compliance should work closely with financial staff to develop sampling programs and ways in which to monitor high-risk distributors. To support this initiative, data analytics can be used to identify anomalies in the financial transactions between the company and distributors.
Data Analytics and Measurement: Compliance officers continue to show interest in measuring their program performance through data. This is a critical innovation. Compliance professionals have to step up, identify meaningful measurement factors, and then hold themselves accountable for performance. Automated technologies generate large amounts of data and compliance officers have to work carefully to focus on reliable and relevant data.
Speak Up Culture: Companies are focusing on the importance of a speak up culture – that means promotion of reporting systems, encouragement of reporting to middle management, transparent investigation protocols, consistent discipline and publication of disciplinary actions (with appropriate privacy protections). Whistleblowers and employee reporting are important sources of information needed to identify and fix problems before they fester.
Incident Data: Many compliance officers have faced organizational obstacles in securing access to human resource data. The Justice Department’s new compliance guidelines mandated that CCOs have access to incident data across the organization. Hotline data is important and has to be added with human resource data and reporting of issues. CCOs have to broaden their focus so that they can identify proactively problems that may be occurring through analysis of incident data.
Monitoring Resources and Strategies: As part of the reframing of compliance from reactive to proactive strategies, CCOs are starting to focus on how to collect data and monitor the operation of a compliance program. To do this, CCOs have to design and implement specific monitoring programs, preferably programs that include business representatives. For example, a monitoring program could be designed for high-risk third-party representatives that is based on a partnership between a compliance officer and the lead business representative.