Revisions Dovetail with Timing of U.K. Bribery Act and Impact the Effectiveness of Compliance Programs
Introduction
The importance of corporate ethics and compliance programs has been emphasized by U.S. law enforcement authorities since the early 1990s, when the U.S. Sentencing Commission first issued Guidelines offering credit in the form of reduced penalties to companies that work diligently to prevent misconduct. These Guidelines have served as the principal framework for assessing corporate misconduct for multiple U.S. enforcement agencies, including the Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC").
On May 14, 2010, the U.S. Sentencing Commission published in the Federal Register several noteworthy amendments to provisions in the U.S. Sentencing Guidelines ("USSG") impacting business organizations, including Sections 8B2.1 (Effective Compliance and Ethics Program), 8C2.5 (Culpability Score), and 8D1.4 (Recommended Conditions of Probation). Among the proposed amendments, perhaps the most significant is reflected in §8C2.5(f), which spotlights a topic that has been of some debate -- that is, the importance of providing compliance officers with direct reporting access to the board of directors or other principal corporate governing authority.
Viewed collectively, the new amendments add to the USSG several key factors used by U.S. regulators in today's vigorous enforcement climate to measure corporate commitment to the creation (or enhancement) of an organizational culture grounded in robust ethics and compliance -- factors such as detection, responsiveness, internal and regulatory reporting, and remediation. In doing so, the amendments seek to add further incentive for companies to improve their corporate self-governance and promote a healthy compliance culture.
The amendments also publicly reinforce certain components of the U.S. government's regulatory blueprint for organizations seeking to construct and/or maintain an effective corporate compliance and ethics program. This latter point is particularly notable, as the ethics and compliance community has, for some time, been seeking more clarity on the U.S. government's expectations underlying its compliance principles, and more conspicuous support for the notion that conscientious companies can (and will) earn culpability credits in enforcement decisions.
Interestingly, the timing of the proposed amendments coincides with the passage of the U.K.'s Bribery Act of 2010 ("U.K. Act") and a recent uptick in U.K. enforcement activity for corruption. Having received Royal Assent on April 8, 2010, the U.K. Act gives British authorities a broader range of tools and sanctions to prosecute corporations for graft. More importantly, the U.K. Act includes a defense for organizations that can prove they had "adequate" compliance procedures in place to prevent the offense at issue. While specific guidance about the procedures commercial organizations can implement to prevent bribery under the U.K. Act has not yet been formally promulgated, the U.K.'s Serious Fraud Office ("SFO") has indicated that a dedicated compliance function, early detection, direct internal corporate reporting capabilities, and voluntary disclosure are areas likely to be included.
U.K. authorities have long recognized that multinational businesses subject to the jurisdiction of the FCPA have grown accustomed to vigorous U.S. controls on bribes and other corrupt conduct. The U.S. enforcement landscape has been strict, with significant fines paid, and, in some cases, prison terms for officers of the offending organizations. In recent years, we have also seen an increase in multinational investigations conducted across borders -- in particular simultaneous investigations by the SFO and the DOJ.
As the regulatory components of the two nations combine forces, companies with FCPA-compliant programs should not assume that present policies conform to the U.K. Act. For instance, unlike the FCPA, which applies only to foreign public officials, the U.K. Act punishes bribery and corruption in both the public and private sectors. Additionally, the U.K. Act contains no exemption for "facilitation payments" (i.e., small payments made to expedite routine government action). Multinational organizations subject to the FCPA must bear in mind these differences when updating their policies and procedures to ensure compliance with U.K. law.
For business organizations with operations in the U.S. and U.K., therefore, the message inherent in these latest proscriptions is clear: the rewards for greater transparency, disclosure, and stricter controls have increased commensurate with the risks of compliance inertia.
The following represents a brief summary of the proposed USSG amendments. Barring Congressional action, they will take effect on November 1, 2010.
Remediation and Prevention: Section 8B2.1(b)(7)
This revision amends §8B2.1 (Effective Compliance and Ethics Program) by clarifying the remediation and prevention efforts required to satisfy the seventh minimal requirement for an effective compliance and ethics program under subsection (b)(7). This seventh element requires an organization, after criminal conduct has been detected, to take reasonable steps (i) to respond appropriately to the criminal conduct and (ii) to prevent further similar criminal conduct. This clarification was added in response to calls for further guidance regarding expectations of investigators and regulators.
The application note containing the clarification specifies that upon discovery of wrongdoing the company should take reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct. Such steps include, where appropriate, providing restitution to victims, self-reporting, and cooperation with authorities. Interestingly, this continuing emphasis on disclosure and cooperation follows the recent guilty plea by Innospec Inc., wherein a routine voluntary disclosure made to the U.S. Treasury Department's Office of Foreign Assets Control ("OFAC") led to a criminal indictment by DOJ.
The Assistant Attorney General for DOJ's Criminal Division, Lanny Breuer, recently conceded that an organization's decision about whether to voluntarily disclosure is "sometimes . . . difficult." Indeed, the recent Innospec case presents the challenges and risks attendant to the decision to disclose; however, the example of an indictment following disclosure is generally more the exception than the rule. Companies who voluntary disclose illegal conduct are often better situated for cooperation credit and leniency from the government than those that do not – especially if unreported conduct is later discovered by the government on its own volition.
By way of comparison, under the U.K. Act, there is no legal obligation for companies to self-report to the SFO. Guidance published in July 2009 by the SFO, however, states that the benefit to an organization of self-reporting would include the increased prospect of a "civil recovery" of the proceeds derived from the bribery and corruption, rather than a criminal prosecution.
With respect to the second component of subsection (b)(7) of the USSG, prevention, the application note provides that an organization should assess its compliance and ethics program and implement modifications needed to ensure the program is effective in preventing similar criminal conduct. The note also counsels organizations to consider using "outside professional advisors" to ensure the adequacy of these critical tasks.
The steps outlined by the application note are consistent with factors considered by U.S. enforcement agencies in evaluating organizational compliance and ethics practices.
Access, Detection, Disclosure: Section 8C2.5(f)(3)(C)
This revision amends subsection (f) of §8C2.5 (Culpability Score) to create a limited exception to the prohibition against according organizations a three-point culpability score reduction for having an effective compliance and ethics program when an organization's high-level or "substantial authority" personnel are involved in the offense. Specifically, the amendment adds subsection (f)(3)(C), which allows an organization to receive the three-point subtraction if it meets four separate criteria:
1. The individual or individuals with operational responsibility for the compliance and ethics program have direct reporting obligations to the organization's governing authority or appropriate subgroup thereof (e.g., an audit committee of the board of directors);
2. The compliance and ethics program detected the offense before discovery outside the organization or before such discovery was reasonably likely;
3. The organization promptly reported the offense to the appropriate governmental authorities; and
4. No individual with operational responsibility for the compliance and ethics program participated in, condoned, or was willfully ignorant of the offense.
The new subsection (f)(3)(C) responds to concerns expressed in public comment and testimony that the general prohibition in §8C2.5(f)(3) operates too broadly and that internal and external reporting of criminal conduct could be better encouraged by providing an exception to that general prohibition in appropriate cases.
Importantly, the amendment adds an application note defining the "direct reporting obligations" necessary to meet the first criterion under §8C2.5(f)(3)(C). The note provides that an individual has "direct reporting obligations" if he or she has express authority to communicate personally to the governing authority "promptly on any matter involving criminal conduct or potential criminal conduct" and "no less than annually on the implementation and effectiveness of the compliance and ethics program." This aspect of the note tracks recent government mandates on "direct reporting," reflected in various plea agreements, including the July 2009 agreement with Control Components, Inc. ("CCI"), wherein CCI agreed to adopt an anti-corruption compliance code in which its compliance officers have authority "to report matters directly to [the] Board . . . or any appropriate committee of the Board."
The application note responds to public concerns about the challenges compliance personnel may face when seeking to report criminal conduct to the governing authority of an organization and encourages compliance and ethics policies that provide operational compliance personnel with access to the governing authority when necessary.
Merging Conditions of Probation: Section 8D1.4(b)
Finally, this revision amends §8D1.4 (Recommended Conditions of Probation) to both buttress and simplify the recommended conditions of probation for organizations. In essence, the amendment removes the distinction between conditions of probation imposed solely to enforce a monetary penalty and conditions of probation imposed for any other reason so that all conditional probation terms are available for consideration by the court in determining an appropriate sentence.
Additional Resources
The published amendments to the USSG, as discussed here, can be found in their entirety at http://www.ussc.gov/2010guid/20100503_Reader_Friendly_Proposed_Amendments.pdf.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.