CliftonLarsonAllen LLP. Start with desired results. Identify common behaviors that cut across multiple compliance areas and make those central to all compliance initiatives and daily business. An effective compliance and ethics program is essential for virtually all U.S. Essentially, a compliance and ethics program is a set of protocols a. What should be in a company’s anti-cartel compliance program? Although implementation details may vary among companies, we believe an effective program needs to cover each of these fundamental points. What Are the Essential Elements of a Corporate. What Are the Essential Elements of a Corporate Compliance. They have developed what they term the five essential elements of a corporate compliance program. While there is no 'one-size-fits-all' compliance program for every organization, there are several core components that must exist to have an effective Program. This QuickCounsel covers those components. September 3. 0, 2. Draft Compliance Program Guidance for Recipients of PHS Research Awards (7. Fed. 7. 13. 12; November 2. Supplemental Compliance Program Guidance for Hospitals (7. Fed. 4. 85. 8; January 3. Compliance Program Guidance for Pharmaceutical Manufacturers (6. Fed. 2. 37. 31; May 5, 2. 7 Steps to a Highly Effective IT Compliance Program Documenting internal policies and controls, assigning appropriate compliance management oversight, and ensuring compliance through training are three of the seven steps. Compliance Program Guidance for Ambulance Suppliers (6. Fed. 1. 42. 45; March 2. Compliance Program Guidance for Individual and Small Group Physician Practices (6. Fed. 5. 94. 34; October 5, 2. Compliance Program Guidance for Nursing Facilities (6. Fed. 1. 42. 89; March 1. Compliance Program Guidance for Medicare+Choice Organizations (6. Fed. 6. 18. 93; November 1. Compliance Program Guidance for Hospices (6. Fed. 5. 40. 31; October 5, 1. Compliance Program Guidance for the Durable Medical Equipment, Prosthetics, Orthotics, and Supply Industry (6. Fed. 3. 63. 68; July 6, 1. Compliance Program Guidance for Third- Party Medical Billing Companies (6. Fed. 7. 01. 38; December 1. Compliance Program Guidance for Clinical Laboratories (6. Fed. 4. 50. 76; August 2. Compliance Program Guidance for Home Health Agencies (6. Fed. 4. 24. 10; August 7, 1. Compliance Program Guidance for Hospitals (6. Fed. 8. 98. 7; February 2. Top. Return to Compliance. What Are the Essential Elements of a Corporate Compliance Program? Can you synthesize and reconcile the world's leading laws, regulations and commentaries on the best practices an anti- bribery and anti- corruption compliance program? I recently saw one such approach by Paul Mc. Nulty and Stephen Martin of the law firm, Baker and Mc. Kenzie. They have developed what they term the five essential elements of a corporate compliance program. These five elements are based upon the best practices as set out in the seven elements of a corporate compliance program under the US Sentencing Guidelines; the 1. Good Practices by the OECD on Internal Controls, Ethics, and Compliance; the FCPA Guidance's Ten Hallmarks of Effective Compliance Program and the UK Bribery Act's Six Principles of an Adequate Procedures compliance program. The five elements are: Leadership. Risk Assessment. Standards and Controls. Training and Communication. Oversight. I. There should be an unambiguous, visible and active commitment to compliance. But even more than support or the right tone, compliance standards require that companies must have high- ranking compliance officers with the authority and resources to manage the program on a day- to- day basis. And compliance officers must have the ear of those ultimately responsible for corporate conduct, including the board of directors. Some of the questions you might think about in connection with the leadership of your compliance program are the following: How is board oversight implemented? Is there an ethics or audit committee reporting to the full board? What is the role of the Chief Compliance Officer? What is the role of the General Counsel? How do the legal and compliance departments interact? Is she or he treated as a second- class citizen? Equally the Board of Directors has a key role to fulfill. The Board must ensure compliance policies, systems and procedures are in place and it should monitor implementation and effectiveness of the compliance program: Be actively involved. Attend Board meetings. Review, consider and evaluate information provided. Inquire further when presented with questionable circumstances or potential issues. Once Board knows of a potential compliance issue it must act. Regularly receive compliance briefings and training. II. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first. What are some of the areas where you need to assess your risks? Country Risk - What is the correlation between growth markets and corruption risk and what is the perceived level of corruption? In other words, the Transparency International Corruption Perceptions Index or similar list. Sector Risk - Has government publicly stated industry is under scrutiny or already conducted investigations in sector? Are there corruption risks particular to the industry? Business Opportunity Risk - Is the business opportunity a high value project for your company? Are there multiple contractors or intermediaries involved in the bidding or contract execution phase? Business Partnership Risk - Does this business opportunity require a foreign government relationship? Does a foreign government require you to rely upon any third parties? Transaction Risk - Will your company be required to make any ? Are you required to use any intermediaries to obtain licenses and permits? In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. They should be conducted at the same time every year and performed by a consistent group, such as your internal audit department or enterprise risk management team. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong as it avoids a . Every company should have a Code of Conduct which should express its ethical principles. However, a Code of Conduct is not enough. Every company should have standards and policies in place that build upon the foundation of the Code of Conduct and articulate Code- based policies, which should cover such issues as bribery, corruption and accounting practices. Every Company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced. FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third- party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper. IV. Simply conducting training usually is not enough. Enforcement officials want to be certain the messages in the training actually get through to employees. The Department of Justice's (DOJ) expectations of effectiveness are measured by who a company trains, how the training is conducted and how often training occurs. There are several key elements to training. First is that you need to train the right people. You must prioritize which audience to educate by starting your training program in higher risk markets and focus on directors, officers and sales employees who may have direct contact with government officials or deal with state- owned entities. Again, focus initially on training country managers in your company's high- risk markets, then expand geographically and through the ranks of employees. Second, in high risk markets and for high risk employees or third parties you should conduct live, annual training. Enforcement officials have made it clear that live, in- person training is the preferred method in high- risk markets and also that it should be regular and frequent. Another benefit of live training is the immediate feedback from employees that would be much less likely to occur during a webinar or other remote training. Lastly, during live training, employees are more likely to make casual mention of a potentially risky practice, giving you the opportunity to address it before it becomes a larger problem. It is important that you pay attention to what employees say during training. This is because training can alert you to potential problems based on the type of questions employees ask and their level of receptiveness to certain concepts. For example, during training employees might ask specific questions about important compliance considerations such as their interactions with government officials or gift- giving practices. Such questions can raise red flags and uncover issues that should be reviewed and addressed quickly. V. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company's employees are adhering to the compliance program. These ongoing efforts demonstrate your company is serious about compliance. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it is effectively monitoring. A robust program should include separate functions for auditing and monitoring. While unique in protocol, however, the two functions are related and can operate in tandem. Finally, what are your remediation efforts? Your company should remediate problems quickly. A key concept behind the oversight element of compliance is that if a company is policing itself on compliance- related issues, the government will not have to do it for them. Remediation, then, is an important component of oversight. It is not enough to just gather information and identify compliance problems through monitoring and auditing. To fulfill this essential element of compliance, you also have to respond and fix the problems. I have found that the Baker 'Five Essentials' approach is an excellent way to think through your obligations under a wide variety of anti- corruption and anti- bribery requirements. It allows you to put in place a program which should meet virtually any legal requirements you may come up against by doing business anywhere in the world. Lastly, the five- step approach is an excellent way for you to benchmark your current compliance program. Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi- national US companies, insurance coverage issues and protection of trade secrets. This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |