Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Pop Quiz

Does your organization have an effective compliance program? The questions below come from the government’s official description of what’s needed.

Congratulations if you can answer yes to everything. (Don’t get cocky. Compliance isn’t about math but human behavior. Just when you think everything is going well . . . .)

Ready to test yourself? Pencils up, and begin:

1. Does the leadership promote a culture that encourages ethical conduct and a commitment to compliance with the law?

2. Is the purpose of your compliance program to prevent and detect criminal conduct? Any other goal is secondary. (Hint: A program that doesn’t work every time can still be effective.)

3. Are there clear and concise written standards and procedures?

4. Are those standards and procedures communicated through training programs appropriate to the listeners’ respective roles and responsibilities?

5. Does the organization use due diligence to prevent and detect criminal conduct? Does it know its own employees, partners, agents, and suppliers?

6. Has overall and day-to-day operational responsibility for the program been assigned to high-level individuals? Do they know and understand the content and operation of the compliance and ethics program?

7.  Have they been given adequate resources, appropriate authority, and direct access to the top decision-making body? Do they report about compliance up the chain of command periodically?

8. Would anyone involved in the administration of the compliance program whose conduct is inconsistent with its aims and goals be removed?

9. Is the program monitored and audited by a third party to make sure it works to prevent and detect criminal conduct?

10. Is there a system in place to handle anonymous whislteblower complaints from employees and other stakeholders, without fear of retaliation?

11. Is the program promoted and enforced consistently throughout the organization, with rewards for compliance and punishment for non-compliance?

12. Does the organization respond  to criminal conduct with corrective action and appropriate modifications to the compliance program? 

View Chapter 8, Part B of the U.S. Federal Sentencing Guidelines here.


Share this post


1 Comment

  1. A good list – to which risk assessment should probably be added, as it is called out both by the Sentencing Guidelines and new OECD Good Practice Guidance.
    Sometimes it is assumed to be not necessary vis a vis a defined risk area (such as FCPA), but in fact risk assessment is very important to assure that:
    *) resources are well deployed (key for global companies in this area – because otherwise FCPA compliance can be infinitely costly); and
    *) nothing is missed (e.g, that FCPA risks in corporate, as well as sales, are addressed).

Comments are closed for this article!