It s your first day on the job - What do you do? Where do you start? According to the National Business Ethics Survey* ( NBES ):

Size: px

Start display at page:

Download "It s your first day on the job - What do you do? Where do you start? According to the National Business Ethics Survey* ( NBES ):"

Annabella Lambert
5 years ago
Views:

CREATING AN EFFECTIVE COMPLIANCE PROGRAM SCCE UTILITIES & ENERGY CONFERENCE Houston,

Egbert Creative Solutions for Executives 1 INTRODUCTION It s your first day on the

2 FIRST SOME FACTS TO CONSIDER According to the National Business Ethics Survey* (

pressure to compromise their standards down by 4%; Why?

1 CREATING AN EFFECTIVE COMPLIANCE PROGRAM SCCE UTILITIES & ENERGY CONFERENCE Houston, Texas February 22, 2015 Carolyn S. Egbert Creative Solutions for Executives 1 INTRODUCTION It s your first day on the job - What do you do? Where do you start? 2 FIRST SOME FACTS TO CONSIDER According to the National Business Ethics Survey* ( NBES ): Observed misconduct decreased by 14% since 2007; Fewer employees felt pressure to compromise their standards down by 4%; Why? Strong ethics and compliance programs bearing fruit? or, employees take fewer risks when the economy is weak or uncertain, given the economic state since 2008? *Ethics Resource Center, 2013 survey of 6420 employees. 3 1

FIRST SOME FACTS TO CONSIDER (cont d) According to the NBES:* A relatively high percentage of misconduct is committed by managers (60% of reports involved supervisors to top management); 26% of

4 WHY HAVE A COMPLIANCE PROGRAM? 1. Fulfill fiduciary, legal and regulatory duties and requirements. 2. Understand risks and potential exposures. 3.

2 FIRST SOME FACTS TO CONSIDER (cont d) According to the NBES:* A relatively high percentage of misconduct is committed by managers (60% of reports involved supervisors to top management); 26% of reported misconduct ongoing at time of survey; Reporting misconduct has stalled; Retaliation continues as a widespread problem. *Ethics Resource Center, 2013 survey of 6420 employees. 4 WHY HAVE A COMPLIANCE PROGRAM? 1. Fulfill fiduciary, legal and regulatory duties and requirements. 2. Understand risks and potential exposures. 3. Effective risk management and reputation protection. 4. Create an engender a values-based, ethical culture that defines who you are and how you do business. 5 THE COST OF MISCONDUCT Direct Costs: Regulatory fines: In 2013, the DOJ levied $8B in fines for civil and criminal actions; the SEC levied a record $3.4B in enforcement sanctions. Other penalties, including imprisonment. Indirect costs: Loss of customers Loss of competitive standing Loss of investor confidence Lack of trust in management Loss of top quality talent 6 2

FEDERAL SENTENCING GUIDELINES ( FSG ) In 1991, the Federal Sentencing Commission established the standards for an effective compliance program at FSG 8B2.

3 FEDERAL SENTENCING GUIDELINES ( FSG ) In 1991, the Federal Sentencing Commission established the standards for an effective compliance program at FSG 8B2.1(a)(2): To have an effective compliance and ethics program, for purposes of subsection (f) of 8C2.5 (Culpability Score) and subsection (1) of 8D1.4 (Recommended Conditions of Probation Organizations), an organization shall (1) exercise due diligence to prevent and detect criminal conduct; and (2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. 7 Federal Sentencing Guidelines (cont d) The FSG: Are clearly remedial; mitigate culpability; Distinguish between rewarding ethical and compliant behavior and disciplining/deterring unethical, criminal behavior; and, Recognize that organizations cannot prevent inappropriate behavior from ever occurring. 8 EIGHT ELEMENTS OF AN EFFECTIVE COMPLIANCE PROGRAM 1. High level company personnel who exercise effective oversight and have direct reporting authority to the governing body or appropriate subgroup (e.g., Audit Committee); 2. Written policies and procedures; 3. Training and education; 4. Lines of communication; 9 3

4 EIGHT ELEMENTS OF AN EFFECTIVE COMPLIANCE PROGRAM (cont d) 5. Standards enforced through wellpublicized disciplinary guidelines; 6. Internal compliance monitoring; 7. Response to detected offenses (including remediation of harm caused by criminal conduct) and corrective action plans (including assessment and modification of the compliance and ethics program); and, 8. Periodic Risk Assessments. 10 EIGHT ELEMENTS OF AN EFFECTIVE COMPLIANCE PROGRAM (cont d) In the 2012 Morgan Stanley matter, the DOJ/SEC gave the company a pass (NPA agreement) due to rogue employee behavior, citing MS compliance program elements: Policies and procedures Compliance resources (over 500 compliance officers) Training Ongoing communications Transaction-specific controls 11 HIGH LEVEL PERSONNEL Governing Authority (e.g., Board of Directors) The organization s governing authority should: be knowledgeable about the program; exercise reasonable oversight over its implementation and effectiveness; ensure adequate resources to operate the program effectively; and, promote the program. 12 4

HIGH LEVEL PERSONNEL Day-to-Day Responsibility May be a Chief Compliance Officer (GC, IA or Independent) and/or a Compliance Committee; Must have overall responsibility for day-today compliance

5 HIGH LEVEL PERSONNEL Day-to-Day Responsibility May be a Chief Compliance Officer (GC, IA or Independent) and/or a Compliance Committee; Must have overall responsibility for day-today compliance program operations; Must have prompt access to the Board to report instances of criminal conduct; Must report annually to the Board on compliance and ethics program; and, Must have access to effective high level management and executive oversight. 13 SMALLER ORGANIZATIONS What is deemed adequate will vary depending on the size and operations of an organization. Smaller organizations may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations. In appropriate circumstances, reliance on existing resources and simple systems can demonstrate a degree of commitment that, for a large organization, would only be demonstrated through more formally planned and implemented systems. Federal Sentencing Guidelines Manual Effective Compliance Programs Guidelines Commentary 14 PROMOTING THE PROGRAM 8B2.1(b)(6) an organization should promote and consistently enforce its program through incentives and disciplinary action. Should be done throughout all levels; Appropriate is case-specific; Appropriate includes rewarding material concerns that are raised or helpful recommendations for improvement; and, Could range from reprimand with additional training to a demotion or termination. Must be proportional! 15 5

COMPLIANCE COMMUNICATIONS ELEMENTS Written Policies and Procedures Training and Education Lines of Communication (Hot/Helplines) Standards enforced through wellpublicized disciplinary guidelines Code

6 COMPLIANCE COMMUNICATIONS ELEMENTS Written Policies and Procedures Training and Education Lines of Communication (Hot/Helplines) Standards enforced through wellpublicized disciplinary guidelines Code of Conduct 16 WRITTEN POLICIES AND PROCEDURES Should be adopted to promote employee understanding of and adherence with laws and regulations; Should encourage managers and employees to report good-faith belief or knowledge of unlawful, unethical or improper behavior without fear of retaliation; and, Should be readily available, easily accessed, and kept current. 17 TRAINING AND EDUCATION 8B2.1(b)(4) prescribes that: Reasonable and practical steps must be taken to widely promulgate, disseminate information and train employees on the organization s compliance program and its code of conduct, policies, procedures and processes. Training should be provided to the governing authority, high-level executive, employees and, where appropriate, the organization s agents. (May be required by law.) Recommended that training be tracked, attested to, documented, and followed-up. 18 6

SMALLER ORGANIZATIONS With respect to smaller organizations, Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guidelines

7 SMALLER ORGANIZATIONS With respect to smaller organizations, Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guidelines include... training employees through informal staff meetings. Federal Sentencing Guidelines Manual Effective Compliance Programs Guidelines Commentary 19 LINES OF COMMUNICATION To enhance the effectiveness of a compliance program, the FSG requires lines of communication whereby: Employees and agents may seek guidance and report concerns, including the opportunity to report anonymously; There are assurances that there will be no retaliation for good-faith reporting; and, Sometimes required by statute. e.g., Medicare/Medicaid. 20 PUBLICIZED STANDARDS AND DISCIPLINE FSG 8B2.1(b)(1) An organization must have standards of conduct and internal controls reasonably capable of reducing the likelihood of criminal and other improper conduct. The Code of Ethical Conduct is the foundation of these controls and is the centerpiece of an effective compliance program. 21 7

8 PUBLICIZED STANDARDS AND DISCIPLINE (cont d) Code of Ethical Conduct Content: Leadership/mission statement Description of program and relevant risks Values, guiding ethical principles Who is covered and who administers the program Guidance on expected behaviors Channels and obligations for reporting misconduct or violations of the Code Disciplinary actions for Code violations 22 INTERNAL MONITORING FSG a compliance program should include ongoing monitoring and auditing systems designed to detect criminal and other improper conduct. Essential component because: ensures that the organization s compliance and ethics program is followed; and, evaluates the effectiveness of the compliance program. 23 INTERNAL MONITORING (cont d) What should be monitored? Risks and context anything changing? Compliance with the Code of Conduct; policies and procedures; overall effectiveness of the program, policies and systems; Employee understanding/opinion of the ethical climate, commitment to compliance; and, Whether there are risks not addressed. 24 8

9 INTERNAL MONITORING (cont d) Types of monitoring: Line management reviews of risks, strategies and management systems; Internal audit independent required of area assessed; External audit; and, Employee surveys. 25 INTERNAL MONITORING (cont d) SMALLER ORGANIZATIONS: Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guideline include... monitoring through regular walk-arounds or continuous observation while managing the organization. Federal Sentencing Guidelines Manual Effective Compliance Programs Guidelines Commentary 26 RESPONSE TO MONITORING - 8B2.1(b)(7) After monitoring and auditing of its compliance program, the organization shall take reasonable steps to: Respond appropriately to any violations of the law or policies to prevent future misconduct; Modify and improve the organization s compliance and ethics program; and, Make restitution when appropriate if criminal conduct is found. 27 9

10 RESPONSE TO MONITORING - 8B2.1(b)(7) When improper conduct has been detected, imperative that organization take action. Failure to prevent/detect improper conduct in and of itself does not mean that program is ineffective.... recurrence of similar misconduct creates doubt regarding whether the organization took reasonable steps to achieve an effective program. Appropriate remedial measures must be taken. May include anything from disciplinary action for responsible person or modification of compliance program in place. 28 PERIODIC RISK ASSESSMENTS - 8b2.1(c) An organization should periodically assess the risk of improper conduct within its operations and take appropriate steps to design, implement or modify each element of the program to reduce the risk of improper or unethical behavior. Benefits Efficiency maximize resources Buy-in/Ownership increase active participation Coordination consensus building across multiple functions 29 PERIODIC RISK ASSESSMENTS - 8b2.1(c) (cont d) Risk assessments usually focus on evaluating: audit results; recent litigation or settlements; compliance complaints; employee claims; industry enforcement trends; and, existence/sufficiency of policies

11 PERIODIC RISK ASSESSMENTS - 8b2.1(c) (cont d) Risk assessments content and focus: now more formal; results should be mapped on a matrix to show the level of risk for each area examined; determine the likelihood of a violation; assess the likely damage to the organization from a violation; identify the steps that must be taken to mitigate the risks; determine whether internal controls are effective to mitigate the risk; identify whether any corrective action needed; and, communicate throughout the organization. 31 PERIODIC RISK ASSESSMENTS - 8b2.1(c) (cont d) Once risks are assessed: - What is your organization s appetite for risk? - What are the most important risks to address? 32 PERIODIC RISK ASSESSMENTS - 8b2.1(c) (cont d) Risk response: - Avoidance - Reduction/Mitigation (internal controls) - Sharing (e.g., insurance) - Acceptance i. Crisis Management Plans ii. Business Continuity Plans iii. Other Operational Plans iv. New policies/procedures 33 11

12 ALMOST DONE Importance and complexity of compliance programs have skyrocketed. Is a key element for all stakeholders. FSG is best guidance, but when at the sentencing stage, it is too late to start a compliance program. Eight components provide the essential foundation to create an effective program and detect/deter improper, unethical conduct. Time to start is now. 34 TOP TEN REASONS TO HAVE AN EFFECTIVE PROGRAM Learn new lingo to amaze and confound your board and colleagues, e.g, FSG, Dodd-Frank, qui tam Prevent your tax dollars from funding beach house for whistleblowers. Let some other company experience the joy of responding to a SEC investigation. Orange is not your color and you don t want to learn, the perp walk, unless it s a new dance. Remember CCO s don t let executives sit for mug shots. Pass up the opportunity to see your name and picture on a headline that reads Chief Compliance Officer Facing Charges. Avoid having to call FINDMEAJOB Avoid wasting your 15 minutes of fame on a CNN Headline News topic. Skip the experience of Club Fed. And the number one reason you need an effective compliance program... IT S THE LAW! 35 QUESTIONS????? 36 12

13 37 13