Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Ten Elements Of An Effective Compliance Program

The purpose of an “effective compliance program” is to prevent and detect criminal conduct. Why is this important? Because an organization that violates the U.S. Foreign Corrupt Practices Act but has an “effective compliance program” is eligible for a reduced sentence — by up to 95% of the statutory penalties. FCPA violations can happen no matter how much effort is made to prevent them — and the consequences of a violation can be catastrophic — so an “effective compliance program” might be an organization’s last and best defense.

The requirements for an “effective compliance program” are described in the United States Federal Sentencing Guidelines and summarized as follows:

1. A Written Program. The organization must have standards and procedures to prevent and detect criminal conduct.

2. Board Oversight. The organization’s board of directors or equivalent must be knowledgeable about the content and operation of the compliance and ethics program and must exercise reasonable oversight of its implementation and effectiveness.

3. Responsible Persons. One or more individuals among the organization’s high-level personnel must be assigned overall responsibility for the compliance and ethics program.

4. Operating and Reporting. One or more individuals must be delegated day-to-day operational responsibility for the compliance and ethics program. They must report periodically to high-level personnel and, as appropriate, to the board of directors or its audit committee or equivalent on the effectiveness of the program. The individuals must have adequate resources, appropriate authority, and direct access to the board or audit committee.

5. Management’s Record of Compliance. The organization must use reasonable efforts not to hire or retain personnel who have substantial authority and whom the organization knows or should know through the exercise of due diligence have engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.

6. Communicating and Training. The organization must take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to directors, officers, executives, managers, employees and agents — by conducting effective training programs and otherwise disseminating information appropriate to the individuals’ respective roles and responsibilities.

7. Monitoring and Evaluating; Anonymous Reporting. The organization must take reasonable steps (a) to ensure that its compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct, (b) to evaluate periodically the effectiveness of the compliance and ethics program and (c) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

8. Consistent Enforcement — Incentives and Discipline. The organization’s compliance and ethics program must be promoted and enforced consistently throughout the organization through appropriate (a) incentives to perform in accordance with the compliance and ethics program and (b) disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

9. The Right Response. After criminal conduct has been detected, the organization must take reasonable steps to respond appropriately and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.

10. Assessing the Risk. The organization must periodically assess the risk of criminal conduct and take appropriate steps to design, implement, or modify its compliance program to reduce the risk of criminal conduct identified through this process.

The Sentencing Guidelines stipulate that the failure to prevent or detect an FCPA offense “does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.” That means the potential benefits of an “effective compliance program” (mitigation of penalties by up to 95%) will be available when needed most — after a violation happens.

View Chapter 8, Part B of the U.S. Federal Sentencing Guidelines Here.

Share this post


1 Comment

  1. It may also be wise to take a peek at DOJ Opinion Release 04-02, which has a bit more FCPA-specific guidance. For example, it goes into a bit more detail about due diligence with regard to business partners.

    Cheers to the Blog!
    Pete from DC

Comments are closed for this article!