In November of 2012, the Securities and Exchange Commission and the Department of Justice issued their joint guidance on FCPA enforcement. The discussion of compliance programs it contains, though focused on anti-corruption efforts and firmly rooted in the approach previously taken in the Sentencing Guidelines, has been adopted as the definitive overall statement from the regulatory community of best practices for ethics and compliance programs.
The data discussed in this report make clear that there is more to creating impact than ensuring that the program as designed and implemented has hit the 11 “hallmarks” of an effective program the SEC and DOJ defined. Nevertheless, it is imperative that these marks be hit in order to meet both regulatory expectations and the demands of program stakeholders. Further, how far a program has progressed against the goals, and as to which goals, is closely associated with program effectiveness.
Not All Hallmarks Are Created Equal
Virtually all respondents have made at least substantial progress on some of the hallmarks, while others have seen just moderate progress or are in the “planning” phase.
The “basics” are well and broadly under way. A hotline, code of conduct, training, tone at the top, and internal investigations have all been the subject of at least moderate progress for all but 20 percent of programs. By contrast, fewer than half of all programs have made at least substantial progress on continuous improvement and self-assessment, third-party and pre-M&A third-party due diligence, or designing incentives and sanctions contributing to a culture of compliance.
The Hallmark Hallmark
Finishing the work on hallmarks is in and of itself a hallmark of an effective program. In the table on page 16, the average PEI score of respondents who identified each element as “completed” are shown, ranked in order of the element’s correlation with program effectiveness. Since virtually every program does some training and has a helpline of some sort, the PEI scores are only somewhat above the mean. These values rise dramatically as the sophistication likely associated with a program at this stage of its maturity increases, from code of conduct to tone at the top to creating incentives for employee self governance and reporting.
The “pre-M&A due diligence” measure first listed above is likely another marker for program integration into the business. Including it as part of program design and implementation likely requires an actual “seat at the table.” The same is true, though to a less demanding degree, when it comes to the fourth hallmark on this list, which requires the participation of both business leaders and other corporate staff to develop and implement incentives and sanctions.
The items in the second and third positions, however, are matters in the sole control of the ethics and compliance officer. As has been seen earlier in this report, goals and metrics matter, and this data plainly illustrates the impact of program design and implementation based on risks regularly assessed and acted upon based on a continuous cycle of review and improvement.
Learn more about measuring compliance program effectiveness with our guide.