What’s the first thing compliance officers need to do? We’d say it’s convincing management and board members they need an effective compliance program. That’s not easy. It takes advocacy, and advocacy takes credibility.
If the CO’s constituencies think for a instant he’s exaggerating or making stuff up, advocacy fails. On the other hand, if the CO can support his arguments, game on.
One of the best places compliance officers can find support is in the United States Attorneys Manual (USAM) — the playbook for federal prosecutors. Compliance officers who want to succeed should memorize big chunks of USAM Title 9 — Principles of Federal Prosecution of Business Organizations. It’s a gold mine of reasons why companies need compliance programs that work.
Here’s an excerpt from a comment under Title 9-28.800, Corporate Compliance Programs:
Prosecutors should . . . attempt to determine whether a corporation’s compliance program is merely a “paper program” or whether it was designed, implemented, reviewed, and revised, as appropriate, in an effective manner. In addition, prosecutors should determine whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation’s compliance efforts. Prosecutors also should determine whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it. This will enable the prosecutor to make an informed decision as to whether the corporation has adopted and implemented a truly effective compliance program that, when consistent with other federal law enforcement policies, may result in a decision to charge only the corporation’s employees and agents or to mitigate charges or sanctions against the corporation.
Want to convince the board to engage more with compliance? Try this from Title 9:
In evaluating compliance programs, prosecutors may consider whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct. For example, do the corporation’s directors exercise independent review over proposed corporate actions rather than unquestioningly ratifying officers’ recommendations; are internal audit functions conducted at a level sufficient to ensure their independence and accuracy; and have the directors established an information and reporting system in the organization reasonably designed to provide management and directors with timely and accurate information sufficient to allow them to reach an informed decision regarding the organization’s compliance with the law. See, e.g., In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 968-70 (Del. Ch. 1996).
For compliance professionals, that’s gold dust.
Sprinkle it around the C-Suites and see what happens.
Richard L. Cassin is the publisher and editor of the FCPA Blog. He can be contacted here.