Kusserow on Compliance: Department of Justice on Compliance Programs

Marshall L. Miller, the Principal Deputy Department of Justice (DOJ) Assistant Attorney General, Criminal Division, addressed the Advanced Compliance and Ethics Workshop in New York City on strengths and weaknesses the DOJ has observed in corporate compliance programs. Miller made it clear that in most criminal cases involving large companies, the DOJ interacts with corporate compliance programs and departments. The DOJ’s prosecutorial decisions are determined by applying the Principles of Federal Prosecution of Business Organizations, or the Filip factors, including expressly considering “the existence and effectiveness of the corporation’s pre-existing compliance program” in deciding whether to charge a corporation with a crime. It is the DOJ’s common practice to make a prominent reference, positive or negative, to the corporation’s compliance program. The existence of an effective compliance program can make all the difference to the DOJ. A compliance program’s ability to uncover wrongdoing and the responsible individuals, coupled with a corporation’s decision to disclose that information to the government, is significant in evaluation of the compliance program and the organization’s overall posture with the government.

Miller observed that the failure to expand compliance programs to meet the needs of growing organizations drives many of the compliance problems. On the other hand, effective compliance programs evidence have training mechanisms, as well as procedures designed to uncover wrongdoing and expose individuals responsible for criminal behavior. A compliance program that is used to uncover misconduct and identify wrongdoers is central to the DOJ evaluation of a compliance program.

The DOJ recognizes that organizations must tailor compliance programs to manage their unique risks. The “hallmarks” of an effective program include:

  • High-Level Commitment. Evidence that there is a “culture of compliance,” that begins at the top and extends to actions throughout the organization. Compliance programs need to have appropriate stature within corporations and evidence that compliance officers are sitting in true positions of authority, reporting directly to executive leadership and boards of directors, with adequate resources to enforce their authority.
  • Compliance Keeps Pace with Organization Growth. Good compliance programs need to be periodically evaluated, using risk assessment models aimed at the individual circumstances of the company. As the organization changes over time, so must compliance policies. A strong compliance program must also involve enforcement and discipline that is equally applied at all levels of the organization, including members of managements.

Among the observations noted by the DOJ in connection with its investigations that included review of compliance programs were the following:

  1. Comments were made that circulating an ethics questionnaire is useful. It is only useful if the information is used properly. The DOJ has found cases where employees indicate the existence of wrongful acts, without actions to follow up on that information.
  2. Policies, however strongly written, are meaningless if not thoughtfully enforced and backed by commitment and resources. The failure to do so certainly demonstrated that compliance was not a company priority.
  3. Expanding organizations need to extend their compliance programs to all of their entities, especially those that were recently acquired. It is critical that compliance policies are understood and implemented by all employees, no matter what country they work in.
  4. Written guidance needs to be translated into other languages, reflective of the workforce composition. Everyone needs to know what is expected of them in terms of compliance.

The DOJ has found that organizations with strong compliance programs can and do detect and report criminal misconduct by employees. Often those reports result in a decision to decline prosecution against an organization. The case of Morgan Stanley was raised, where a managing director for Morgan Stanley’s real estate business in China pleaded guilty for his efforts to corruptly transfer a multi-million dollar ownership interest in a Shanghai building to himself and a Chinese public official. The DOJ declined to take action against the company, in part due to the company’s robust internal compliance program. The company went to great lengths to ensure that everyone was aware of the compliance policies and understood them. Furthermore, it was the company that voluntarily disclosed the criminal conduct to the government and cooperated with the government’s investigation.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2014 Strategic Management Services, LLC. Published with permission.