By Jeffrey M. Kaplan and Rebecca Walker
As discussed in Part Two of this post, the U.S. Sentencing Commission recently approved changes to the compliance-and-ethics (“C&E”) program-related provisions of the Federal Sentencing Guidelines for Organizations. One of these changes concerns reporting to the board of directors by individuals with operational responsibility for the program, including reporting “no less than annually on the implementation and effectiveness of the C&E program.”
In our prior post, we described what such reports should generally include, and also noted that companies should consider providing the person with C&E operational responsibility the opportunity to meet with the audit committee in executive session on a periodic basis. In this post, we offer suggestions for some questions that board members might want to raise in such sessions.
Risk Assessment/Program Scope
How do we know the risk assessment process is effective?
Despite using the process, have we been caught by surprise before by FCPA risks?
Does the program reach all relevant company operations (e.g., not just sales, but also appropriate corporate activities)?
Training and Other Communications
Are we addressing the specific FCPA issues that we need to (based on our risk assessment) – and reaching the at-risk employee population?
Do we train/communicate on FCPA compliance with sufficient frequency and impact?
Program Management and Support
Does the C&E officer (or other individual in charge of the FCPA compliance program) have adequate “clout” and resources for the job?
Is she sufficiently independent of those who could create FCPA risks?
Do other managers (in both corporate functions and business units) play enough of a role in FCPA compliance (e.g., through messaging in their respective parts of the business)?
Are we doing sufficient due diligence on third parties?
What are our third-party FCPA communication and audit efforts?
How do our third parties ensure that their employees and agents follow our anti-bribery standards when acting on our behalf?
How do incentives at our company possibly impact FCPA compliance – both positively and negatively? (Same question with respect to company culture.)
Is there anything that other companies do to prevent/detect FCPA violations that our company doesn’t, but should, do?
Of course, this is not intended as a complete list, and nor would directors want to ask all of the questions in every executive session. This should, however, help directors develop the FCPA oversight questions that make the most sense for their respective companies.
* * *
Jeffrey M. Kaplan and Rebecca Walker are partners at Kaplan & Walker LLP. They are currently writing a chapter for the BNA/ACC Compliance Manual on Compliance with the Foreign Corrupt Practices Act. He can be reached at [email protected]. Rebecca Walker’s book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. She can be reached at [email protected].