By Jeffrey M. Kaplan and Rebecca Walker
As discussed in Part One of this post, the U.S. Sentencing Commission approved changes to the compliance-and-ethics (“C&E”) program-related provisions of the Federal Sentencing Guidelines for Organizations in April, one of which concerns steps companies should take after the discovery of criminal conduct.
The second important modification concerns reporting to the board of directors, and specifically would permit a reduction in an organization’s criminal fine despite the culpable involvement of “high-level personnel“ so long as (among other things) those individuals with operational responsibility for the C&E program have “direct reporting obligations” to the board or committee thereof. A newly-added application note clarifies that an individual has “direct reporting obligations” to the board if he or she has “express authority to communicate personally” to the board “(A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the C&E program.”
Board oversight of a C&E program has long been considered essential to a robust program, and this is particularly true in the FCPA realm. This is, in part, because anti-bribery compliance programs can be resource-intensive and board oversight can help ensure that a program gets the resources it needs. In addition, under the logic of the Delaware Supreme Court’s decision in Stone v. Ritter, companies with significant FCPA (or any other specific type of C&E) risk should provide information to the board regarding efforts to mitigate such risk.
In practice, reporting to the board on FCPA compliance typically includes a discussion of each element of the FCPA compliance program, with particular emphasis on (i) risk assessment; (ii) FCPA training and communication efforts; (iii) due diligence for third parties and other controls; and (iv) FCPA audit plans and results. With respect to notifying the board of actual or potential criminal conduct, the person with operational responsibility for the program should have the express authority (i.e., set forth in program governance documentation) to report to the board regarding allegations of wrongdoing (not only regarding the FCPA but of any type). Companies may also want to consider providing the person with operational responsibility for compliance with the opportunity to meet with the audit committee in executive session on a periodic basis.
The Sentencing Commission has sent the proposed amendments to Congress, and, so long as Congress does not act to the contrary (which it is unlikely to do), they will become effective on November 1.
Jeffrey M. Kaplan and Rebecca Walker are partners at Kaplan & Walker LLP. They are currently writing a chapter for the BNA/ACC Compliance Manual on Compliance with the Foreign Corrupt Practices Act. He can be reached at [email protected]. Rebecca Walker’s book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. She can be reached at [email protected].