Ensuring Corporate Compliance:
A Guide for Directors
By: Michael Goldblatt
Associate General Counsel, Tidewater, Inc.
©2001 National Association of Corporation Directors. Reprinted with Permission.
Directors Monthly is a publication of the National Association of Corporate Directors, the premier educational, publishing and consulting organization in board leadership and the only membership association for boards, directors, director-candidates and board advisors. Michael L. Goldblatt is Associate General Counsel, Tidewater Inc. and author of Preventive Law in Corporate Practice, Matthew Bender & Company.
Interest in corporate compliance programs will continue to grow in the new millennium as a result of trends that began in the twilight of the 20th century. Federal Sentencing Guidelines adopted in 1991 reduce penalties for compliance lapses by companies that adopt effective methods for communicating legal standards to their employees. Despite the positive effects of these guidelines, regulators, public interest groups, whistleblowers, and the media all remain vigilant for violations of the laws governing corporate conduct. This article provides an overview of steps that directors and their companies can take to avoid corporate lawbreaking and reduce the penalties for unintentional compliance lapses.
To be effective, a corporate compliance program must be embraced and adopted by the corporation’s board of directors, management, and employees. To ensure this result, the board should designate high-level individuals to ensure program compliance. Indeed, the Federal Sentencing Guidelines delineate this as one of the critical components of an effective compliance.(U.S. Sentencing Guidelines Manual, A1.2, application note 3(k)(2).)
At the highest level, the board should delegate the responsibility of overall monitoring of compliance programs to a board-level committee, such as the audit committee.
Beyond this, it is advisable to delegate daily management and responsibility of compliance to an individual manager, such as a compliance officer or ethics officer. Some larger companies have subordinate compliance managers for substantive areas of risk, such human resources or environmental resources or on-site ethics officers for specific company divisions. As mentioned, the Federal Sentencing Guidelines dictate that a "high-level" individual should be assigned responsibility for overseeing adherence to corporate law compliance standards and procedures. The Sentencing Guidelines define "high-level personnel" as
"individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization, [including] a director, an executive officer, an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance, [or] an individual with a substantial ownership interest."
Depending on the industry, some line managers may have direct compliance responsibility. To avoid conflicts of interest, compliance responsibility should be delegated to an individual or individuals whose activities do not directly effect the profitability of the organization.
Compliance programs should not be handed down from above, or inserted from the outside. Rather, they should be developed internally. That is, organizational members should assist directly or indirectly in the development of guidelines. Departments that should be involved in the development (if the company has them) include:
• corporate law
• internal audit
• corporate ethics, and
• human resources.
Members of those departments can assume responsibility for planning, budgeting, and preparation of reports and training programs, and coordination of compliance efforts with industry standards.
Director should assign a leadership role to in-house counsel in addressing compliance concerns, regardless of the size of the department. Members of the law department can be aligned with a business unit in which they have experience, interest, and legal expertise. Each lawyer can then be responsible for assisting management to interpret and clarify policy and implement the compliance program relative to that particular business unit.
Compliance program design may require the assistance of outside counsel with expertise in compliance design. Outside counsel with knowledge of industry regulations, past compliance deficiencies, and experience in federal criminal investigations can provide valuable input to program design.
Directors may want to use consultants and other experts knowledgeable on industry standards. Accreditation organizations, company insurers, and risk management specialists may also be helpful.
Some corporate counsel urge the use of outside counsel to provide an objective view of the corporation’s risk and to uncover areas of risk that may not be detected by in-house personnel. Others advise assigning in-house counsel to specific business units because inside counsel has intimate knowledge and greater understanding of the business.
Corporate ethics departments are a relatively new phenomenon. General Dynamics Corp. was one of the first companies to establish an ethics department in 1985 when it responded to a directive from then Secretary of the Navy, John F. Lehman, that General Dynamics had a "pervasive record of corporate policy that we want changed." General Dynamics organized a special board-level committee of outside directors and hired Kent Druyvesteyn as director of corporate ethics.
The company has adopted a code called "Standards of Business and Ethical Conduct" and has distributed it to all of the company’s thousands of employees. Ethics directors were appointed at each of the company’s divisions and workshops are held periodically to instruct employees on how to comply and to raise their awareness of ethics. A confidential reporting system was also installed to encourage employees to report violators of the code.
In a large enterprise, it is often difficult to keep all parts of the company moving in the same direction. Johnson & Johnson has been especially successful in fostering a company-wide sense of common business and ethical purpose, and some of the credit for this common sense of purpose is attributed to the company’s promulgation of a statement of values known as the "Johnson & Johnson Credo." According to Johnson & Johnson, the company-wide sense of common business and ethical purpose was a key element in staving off demoralization and disarray during the notorious Tylenol tampering crisis.
Corporate compliance policy statements provide the company’s fundamental beliefs of the importance of such a program. The policy statement should accurately reflect the legal and ethical responsibilities of high-level personnel and those with substantial authority within the company, as well as realistic, achievable standards of conduct, tailored to the company culture.
Mere circulation of corporate policy statements is not enough to convince investigators, prosecutors, or employees of corporate commitment to compliance. Receipt of compliance-related polices and program training should be acknowledged and documented. Also, dissemination of all compliance-related policies must be coupled with education, continuous training, monitoring, and evaluation.
Compliance policies should not be written in stone. Companies should (and typically do) adapt codes of conduct to changes in the law and industry on both the domestic and global fronts.
Some corporate codes of conduct lack explicit legal detail, while others incorporate the relevant regulatory standard of conduct within the code. Codes may address a variety of topics including government relations, employee relations, customer/supplier relations, and relations with competitors. Codes govern a variety of conduct as well including conflicts of interest, political activity, confidentiality of corporate information, use of corporate communication systems, misappropriation of corporate assets, civility toward colleagues, bribes and kickbacks, and political contributions.
For economy of administration, many companies have combined ethical and legal policies into one unified statement. Other companies have adopted legal policy statements that do not deal with purely ethical matters, perhaps due to skepticism about the effectiveness of ethical codes. The legal areas most frequently covered in policy statements include antiboycott law, antitrust law, corporate political activity, environmental law, employee relations, securities law, intellectual property, healthcare, and civil rights, including sexual harassment. These legal areas are popular targets for compliance programs since they are subject to rigorous enforcement by government agencies and violations can result in stiff penalties. Other areas of secondary importance include protection of corporate secrets, accounting and record keeping requirements under the Foreign Corrupt Practices Act, relations with customers and suppliers, government relations, commercial bribery, and use of company funds.
Companies in regulated industries (e.g., banks, common carriers, utilities, and so forth) frequently adopt policy statements to assure compliance with the complex laws governing their business.
Legal policy statements should contain a summary of the law and indicate that employees must conduct their activities in compliance with the law. Policy statements should also set forth procedures for reporting violations, and should outline the company’s policies in investigating and disciplining policy violations. Policy statements should also include warnings about when to contact the law department for assistance.
For example, a policy on antitrust compliance should warn managers to contact the law department before they terminate a distributor. A policy on labor law could instruct managers to consult the law department before terminating an employee. Policy statements should be written in plain English to facilitate understanding. Examples, illustrations, and detailed discussions of likely real-life scenarios should be incorporated into the text to the extent appropriate for the subject matter. For additional guidance, the reader should be directed to the committee or department responsible for interpreting the statement.
Policy statements must be reviewed and revised on a regular basis. And the review process should consider not only recent legal developments and changes in the company’s business activities, but also how effectively the policy has been in communicating its message.
Responsibility for routine interpretation and clarification of the policy statements can be assigned to a law department attorney. Major questions can be referred to the board of directors itself or to the board committee with responsibility for overseeing legal compliance, or to the company’s director of compliance. If a significant gap or ambiguity is detected, a supplemental policy statement should be issued or the original statement should be amended.
Corporate compliance programs are essential for preventing illegal conduct and for seeking a mitigated sentence when there has been a compliance failure. Federal sentencing guidelines require the courts to recognize compliance efforts when imposing sanctions for criminal conduct. Directors can implement the techniques outlined in this article to prevent and/or reduce exposure for stiff criminal sanctions in a climate of increasing criminalization of undesirable corporate conduct.
Michael L. Goldblatt is associate general counsel for Tidewater, Inc. He has authored numerous books and articles on preventive law, practice management, and marketing legal services, as well as consumer and business law pamphlets published by Blumberg/Excelsior. He has served as a board member, chapter president, and committee chair for the American Bar Association, American Corporate Counsel Association, and American Society of Corporate Secretaries. He is also on the advisory board of Findlaw.com and MyStockOptions.com.
This article is adapted from Preventive Law in Corporate Practice (New York: Matthew Bender/Lexis Publishing, 2000), coauthored with Robert M. Hardaway, a professor at the University of Denver College of Law, and with contributing author Robert J.M. Scranton, J.D., associate, Braden Frindt Stinar Renfro & Jolivet, LLC, Colorado Springs, Colorado. For a review of this book, see the October 2000 DM, p. 9.