Medium and Small Company Compliance

Guest Blogger | Feb 20, 2012
This post was contributed by Michael Volkov of Mayer Brown and first appeared on Volkov's Corruption, Crime & Compliance Blog

 

"People are doing the best that they can from their own level of consciousness."  — Deepak Chopra

 

If you travel on the anti-corruption seminar circuit (which is far more enjoyable than the proverbial “rubber chicken” circuit), you will hear from some of the most accomplished compliance professionals working at Fortune 50 companies. They are proud, and should be, about the compliance programs they oversee and helped design and implement. These are the “Cadillac[s]” of compliance programs. Everyone can learn important lessons from these programs. Most of these companies have compliance programs that are well designed, operate efficiently and stand out as model programs.

 

But for most companies these programs do not have any relevance. Approximately 40 percent of all Fortune 500 companies do not have a specific FCPA program in place, other than general statements of compliance as part of an overall code of conduct or general legal compliance program.

 

Most companies are designing and implementing compliance programs based on Department of Justice guidance and with the assistance of outside professionals. As companies face these issues, here are some general tips for developing compliance programs.

 

1. Gradually Roll Out Your Compliance Program: No business one should try and impose a new compliance regime by suddenly announcing the implementation of new policies from top-to-bottom. Buy-in is critical and can only be accomplished by rolling out parts of a compliance program in a careful and calculated way. Communication is the key and taking time to explain the rationale for compliance requirements to sales, regulatory, management and key constituencies will ensure success.

 

2. Develop a Realistic Schedule for Implementing Your Compliance Program: A company has to be realistic as to the timing for implementing each stage of a compliance program. All too often, I have heard CEOs direct compliance staff to “get the job done” as quickly as possible. While encouraging prompt implementation is a good policy, a company has to be committed to a realistic schedule for effective implementation.

 

3. Design Your Compliance Program Consistent with Available Resources: Medium and small companies do not have the resources to design and implement a “Cadillac” compliance program. Neither DOJ nor the SEC can hold medium and small companies to a standard of compliance achieved by Fortune 50 (not 500) companies which have access to abundant resources.

 

4. Make Sure Your Program Includes Basic Compliance Requirements: DOJ has outlined the basic requirements for a compliance program. The Federal Sentencing guidelines include basic principles, which are mirrored in the UK Bribery Act Guidance. Companies know (or should know) each of the required elements and make sure each element is addressed in the overall plan. For example, every program must be based on a “tone from the top” commitment to compliance, and every program should designate a compliance officer at a sufficiently high management level who is responsible for overseeing the program. (Whether the compliance officer is separate from the general counsel’s office can be decided based on specific circumstances). I am not going to list all of the required elements — they have been repeated over and over by the Justice Department, professional compliance advisers and almost every FCPA practitioner.

 

5. Do Not Get Sidetracked Into Investigating Historical Conduct: Companies need to keep their focus on the objective — designing and implementing an effective compliance program. While doing so, they are bound to uncover potential problem areas — e.g. red flags relating to third party agents. But the focus has to be on going forward, not looking backward. That is not to say the problem should be ignored; rather, a commitment needs to be made to come back and address the problem after the compliance program has been addressed.

 

For every company, big or small, they must abide by Deepak Chopra's advice — "do the best you can" and everything will be all right.

 

Original version is located here - http://corruptioncrimecompliance.com/2012/02/medium-and-small-company-compliance.html

 



Michael Volkov is a former federal prosecutor with almost 30 years’ experience in a variety of government positions and private practice. Michael’s practice focuses on white collar defense, corporate compliance, internal investigations, and regulatory enforcement matters.

Michael has experience in the Foreign Corrupt Practices Act, compliance counseling, special committee representations, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and other regulatory enforcement issues.