They craft policies, train employees, oversee due diligence, perform risk assessments, and lead investigations. But there’s another compliance role that’s practically unknown: disciplinarian.
“Disciplinarian” may not appear in the job description, but it’s high on the feds’ agenda.
In the DOJ’s Evaluation of Corporate Compliance Programs, “discipline” occurs 22 times. In the very first question, prosecutors are told to examine whether the compliance program includes “incentives and discipline.”
The FCPA Resource Guide has a section called “Incentives and Disciplinary Measures.” It says the DOJ and SEC will evaluate compliance programs based partly on whether a company has “appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.”
“Discipline” in compliance isn’t something new. The Evaluation of Corporate Compliance Programs cites an older guide for prosecutors called the Justice Manual (formerly known as the U.S. Attorneys Manual).
The Justice Manual (Principles of Federal Prosecution of Business Organizations — Chapter 9, section 28.000) says in part,
Effective internal discipline can be a powerful deterrent against improper behavior by a corporation’s employees. Prosecutors should be satisfied that the corporation’s focus is on the integrity and credibility of its remedial and disciplinary measures rather than on the protection of the wrongdoers.
The FCPA Resource Guide’s discussion about employee discipline is footnoted to the much older U.S. Sentencing Guidelines. Discipline first appeared in the Sentencing Guidelines in 1991, when organizations became a topic.
In real life, where does employee discipline fit with FCPA enforcement and compliance? Everywhere.
This year’s FCPA enforcement action against Deutsche Bank included a DPA that credited the bank with “employment actions based on the [investigation’s] findings, which included disciplining and terminating certain employees.”
Last year’s DOJ resolution with Goldman Sachs imposed a DPA that required the firm to “implement mechanisms designed to effectively enforce its compliance code, policies, and procedures, including appropriately incentivizing compliance and disciplining violations.”
The DOJ’s declination for Dun & Bradstreet in 2018 said the company fired 11 individuals involved in China misconduct and disciplined other employees by “reducing bonuses, reducing salaries, lowering performance reviews, and formally reprimanding them.”
What about compliance beyond the FCPA?
When ZTE paid $1.19 billion in penalties to settle a 2017 U.S. trade sanctions case, it promised to fire four senior employees and discipline 35 others by reducing their bonuses or reprimanding them. A year later, the Commerce Department said ZTE hadn’t disciplined the 35 employees. On that basis, U.S. authorities hit ZTE with a “denial of export privileges.”
The World Bank considers employee discipline. A debarment action that Kenya’s African Railways settled referred to a culpable employee who “was disciplined and subsequently terminated.”
How involved with employee discipline should compliance officers be?
That’s a company decision.
But according to the Evaluation of Corporate Compliance Programs, prosecutors should ask: “Who participates in making disciplinary decisions, including for the type of misconduct at issue?”
If not compliance officers, along with HR and others, who?
The FCPA Resource Guide says, “Rewarding good behavior and sanctioning bad behavior reinforces a culture of compliance and ethics throughout an organization.”
Who’s the arbiter of that “bad behavior”?
Again, compliance officers.
So who better to help decide how to discipline those who won’t comply?