Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Why Boards Should Listen

By Jeffrey M. Kaplan and Rebecca Walker

As discussed in Part One of this post, the U.S. Sentencing Commission approved changes to the compliance-and-ethics (“C&E”) program-related provisions of the Federal Sentencing Guidelines for Organizations in April, one of which concerns steps companies should take after the discovery of criminal conduct.

The second important modification concerns reporting to the board of directors, and specifically would permit a reduction in an organization’s criminal fine despite the culpable involvement of “high-level personnel“ so long as (among other things) those individuals with operational responsibility for the C&E program have “direct reporting obligations” to the board or committee thereof. A newly-added application note clarifies that an individual has “direct reporting obligations” to the board if he or she has “express authority to communicate personally” to the board “(A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the C&E program.”

Board oversight of a C&E program has long been considered essential to a robust program, and this is particularly true in the FCPA realm. This is, in part, because anti-bribery compliance programs can be resource-intensive and board oversight can help ensure that a program gets the resources it needs. In addition, under the logic of the Delaware Supreme Court’s decision in Stone v. Ritter, companies with significant FCPA (or any other specific type of C&E) risk should provide information to the board regarding efforts to mitigate such risk.

In practice, reporting to the board on FCPA compliance typically includes a discussion of each element of the FCPA compliance program, with particular emphasis on (i) risk assessment; (ii) FCPA training and communication efforts; (iii) due diligence for third parties and other controls; and (iv) FCPA audit plans and results. With respect to notifying the board of actual or potential criminal conduct, the person with operational responsibility for the program should have the express authority (i.e., set forth in program governance documentation) to report to the board regarding allegations of wrongdoing (not only regarding the FCPA but of any type). Companies may also want to consider providing the person with operational responsibility for compliance with the opportunity to meet with the audit committee in executive session on a periodic basis.

The Sentencing Commission has sent the proposed amendments to Congress, and, so long as Congress does not act to the contrary (which it is unlikely to do), they will become effective on November 1.

Jeffrey M. Kaplan and Rebecca Walker are partners at Kaplan & Walker LLP. They are currently writing a chapter for the BNA/ACC Compliance Manual on Compliance with the Foreign Corrupt Practices Act. He can be reached at [email protected]. Rebecca Walker’s book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. She can be reached at [email protected].

Share this post


Comments are closed for this article!