Effective Compliance Programs

The U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) recognize that individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors. “When it comes to compliance, there is no one-size-fits-all program.”

This common sense statement is found in A Resource Guide to the U.S. Foreign Corrupt Practices Act, published last November. “But wait,” you say, “My business is not affected by the FCPA.” Perhaps it isn’t. But, among other topics, the resource guide identifies and discusses what it calls hallmarks of effective ethics and compliance programs, including confidential reporting mechanisms like ethics hotlines. These standards hold true for any type of organization; here is the list:

Commitment from Senior Management and a Clearly Articulated Policy against Corruption – Compliance begins with the board of directors or senior executives, and must be reinforced and implemented by middle managers and employees at all levels.

Code of Conduct and Compliance Policies and Procedures – A code of conduct is the foundation for an effective compliance program.

Oversight, Autonomy, and Resources – It is important to assign responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization.

Risk Assessment – A company must analyze and address the particular risks it faces, and devote appropriate resources to dealing with each level of risk.

Training and Continuing Advice – A company must take steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification, and by presenting the material in a manner appropriate for the specific target audience.

Incentives and Disciplinary Measures – The DOJ and the SEC recognize the dual importance of disciplinary procedures and positive incentives, which must be applied fairly and consistently across the organization.

Third-Party Due Diligence and Payments – Risk-based due diligence is particularly important with third parties, including agents, consultants, distributors and others.

Confidential Reporting and Internal Investigation – An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation. Companies may employ, for example, anonymous hotlines or ombudsmen.

Continuous Improvement: Periodic Testing and Review – Finally, a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. The DOJ and the SEC will evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale. Shouldn’t you?

The Resource Guide contains much more information about each of these points, in addition to providing a detailed summary of the U.S. Foreign Corrupt Practices Act overall.

You may want to add a copy of the full report to your resource shelf. We’ve provided a link below. In addition, in future blog posts, Ethical Advocate will explore some of these points in more detail. For now, please contact Ethical Advocate if you have questions about how to set-up and manage an ethics hotline or program.


U.S. Department of Justice and U.S. Securities and Exchange Commission. A Resource Guide to the U.S. Foreign Corrupt Practices Act, November 2012. http://www.justice.gov/criminal/fraud/fcpa/guide.pdf