Assistant Attorney General Leslie Caldwell said last week the DOJ’s hiring of a compliance counsel doesn’t mean the agency is “moving toward recognizing or instituting a ‘compliance defense.'”
What then will the compliance counsel do?
“She will help us evaluate each compliance program on a case-by-case basis — just as the department always has — but with a more expert eye,” AAG Caldwell told a gethering of compliance officers in New York.
Caldwell, pictured above, then set out the factors the DOJ compliance counsel will assess:
- Does the institution ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
- Do the people who are responsible for compliance have stature within the company? Do compliance teams get adequate funding and access to necessary resources? Of course, we won’t expect that a smaller company has the same compliance resources as a Fortune-50 company.
- Are the institution’s compliance policies clear and in writing? Are they easily understood by employees? Are the policies translated into languages spoken by the company’s employees?
- Does the institution ensure that its compliance policies are effectively communicated to all employees? Are its written policies easy for employees to find? Do employees have repeated training, which should include direction regarding what to do or with whom to consult when issues arise?
- Does the institution review its policies and practices to keep them up to date with evolving risks and circumstances? This is especially important if a U.S.-based entity acquires or merges with another business, especially a foreign one.
- Are there mechanisms to enforce compliance policies? Those include both incentivizing good compliance and disciplining violations. Is discipline even handed? The department does not look favorably on situations in which low-level employees who may have engaged in misconduct are terminated, but the more senior people who either directed or deliberately turned a blind eye to the conduct suffer no consequences. Such action sends the wrong message — to other employees, to the market and to the government — about the institution’s commitment to compliance.
- Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance? This means more than including boilerplate language in a contract. It means taking action — including termination of a business relationship — if a partner demonstrates a lack of respect for laws and policies. And that attitude toward partner compliance must exist regardless of geographic location.
Two days after AAG Caldwell’s talk in New York, Andrew Ceresney, head of the SEC’s enforcement division, spoke to the National Society of Compliance Professionals at the group’s annual event in DC.
He started with a disclaimer: “[T]he views I express here today are my own and do not necessarily represent the views of the Commission or its staff.”
Then he said something every compliance officer and corporate director and C-suiter should hear and remember: “I have found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s compliance department in the firm.”
Here are those “simple” questions:
- Are compliance personnel included in critical meetings?
- Are their views typically sought and followed?
- Do compliance officers report to the CEO and have significant visibility with the board?
- Is the compliance department viewed as an important partner in the business and not simply as a support function or a cost center?
- Is compliance given the personnel and resources necessary to fully cover the entity’s needs?
“Far too often,” Ceresney said, “the answer to these questions is no, and the absence of real compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues.” (our emphasis)
What Caldwell and Ceresney said last week doesn’t equal a compliance defense for the FCPA. Congress hasn’t changed the law, and courts haven’t reinterpreted it. There’s still no formal way for a defendant to plead a compliance defense under the FCPA, and respondeat superior (in all its unfairness) is still alive and well.
Yet what the enforcement top guns said last week will have an impact. They spoke publicly. They used plain English. They were specific in describing what the DOJ and SEC expect to see or not see when evaluating whether to bring an enforcement action.
In house lawyers and outside counsel can measure the company’s behavior against those words, and argue why an enforcement action isn’t warranted. Public accountability of the DOJ and SEC and how they make decisions to bring FCPA enforcement actions just increased.
Beyond that, Caldwell and Ceresney last week gave companies more reasons to have strong compliance programs. And they gave compliance officers more tools to work with, and more authority. Those are the same objectives of a compliance defense.
Last week was a good one for the compliance profession.
Richard L. Cassin is the publisher and editor of the FCPA Blog. He can be contacted here.