The U.S. Sentencing Commission issued several amendments to the Federal Sentencing Guidelines in 2010. Among the amendments are two that deal specifically with corporations or "organizational defendants."
The first amendment changes the presumption that a compliance program is not effective where senior executives are somehow involved in the charged criminal conduct, while the second clarifies the standard for determining whether a corporate compliance program is effective. We highlight these key amendments, and their practical impact, below.
The Importance of Compliance Programs. An effective compliance program is an integral part of corporate governance. While compliance programs are ideally designed to mitigate, if not entirely prevent, employee conduct that could give rise to a criminal investigation and prosecution, there are instances where the government decides to make an example out of a corporate citizen.
In those instances, a sound compliance program can prove invaluable.
Where a corporation is indicted and ultimately settles with the government, the extent of its punishment — especially with respect to the imposition of a fine — can be significantly reduced with the existence of an internal compliance program. The U.S. Sentencing Guidelines already credit such programs in calculating the fine to be assessed against a corporation, for example.
The 2010 amendments, however, go further in rewarding corporations for maintaining a robust compliance program.
Section 8C of the Guidelines provides a formula for calculating the amount a corporation should be fined if convicted. The total fine is determined, in part, by reference to a "culpability score," which is calculated on the basis of several factors, including the effectiveness of the corporate defendant’s compliance program.
This score is very important.
The higher the culpability score assessed, the greater the fine imposed. The Guidelines, as presently in effect, contain a rebuttable presumption that a corporate defendant’s compliance program was not effective if senior management officials within the company (referred to as "high-level" or "substantial authority" personnel) participated in, permitted, or simply ignored the charged criminal conduct.
Under the newly drafted amendments, this presumption would not apply if all of the following conditions are met:
i. the individual(s) with operational responsibility for the compliance program has direct reporting obligations to the governing authority or an appropriate subgroup thereof (e.g. an audit committee of the board of directors);
ii. the compliance program has detected the offense before discovery outside the organization or before such discovery was reasonably likely;
iii. the organization has promptly reported the offense to appropriate governmental authorities; and
iv. no individual with operational responsibility for the compliance program has participated in, condoned, or been willfully ignorant of the offense.
To satisfy the first requirement, corporate compliance officers must be granted the express authority to communicate personally and promptly with the board of directors, or an appropriate subcommittee, regarding any matter involving actual or potential criminal conduct. Compliance officers must also provide board members with annual status updates on the implementation and effectiveness of the compliance and ethics program.
Implicitly, these direct reporting obligations reflect the government’s desire to both minimize management’s influence over how compliance officers do their jobs and formalize a compliance officer’s right of access to matters that may ripen into a criminal inquiry.
The second requirement is more straightforward. It simply reflects the common sense view that a corporation’s compliance and ethics program cannot be effective unless it timely detects internal wrongdoing.
The third requirement is, at best, a double-edged sword.
On the one hand, it rewards companies that preemptively report wrongdoing. On the other, it categorically punishes those that do not self-report misconduct, irrespective of whether such companies subsequently cooperate with the government’s investigation.
Since it is not always in the company’s best interest to self-report suspected misconduct, determining whether or not to do so is always a serious decision. Yet, under this requirement, companies that fail to self-report are precluded from receiving any compliance credit, regardless of how much or how little they cooperate with government investigators once the misdeed becomes known.
Companies that confront such a difficult choice are put between a rock and a hard place, where they are forced to balance the weight of one evil against that of another.
Such a flat-out bar on receiving compliance credit substantially increases enforcement costs by removing any positive incentive for non-self-reporting companies to cooperate with the investigative process. This creates a perverse incentive against cooperation that hampers the government’s effort to prosecute wrongdoing.
The fourth requirement shifts the focus of the presumption that a compliance program was ineffective if senior executives were somehow involved in the alleged wrongdoing. The amendments shift the threshold question from the wrongdoer’s rank or title, to the degree of the culprit’s operational responsibility for the company’s compliance program.
As a result, the scope of this presumption has been narrowed to make it less inclusive, and it now covers only wrongdoing by those specific officers charged with day-to-day responsibility for the company’s compliance and ethics program.
Measuring the Effectiveness of a Compliance Program. It is not enough to simply have a compliance program. If a corporation is convicted, it must demonstrate that the program was "effective" as defined under Section 8B2.1 of the Guidelines.
The new amendments contain an Application Note that offers guidance in measuring the effectiveness of corporate compliance programs. One of the key measures of an effective compliance program is the extent to which it outlines "reasonable steps" for the corporation to take when it detects criminal conduct through its compliance program.
Under the new Application Note, reasonable steps can include providing restitution to victims, self-reporting, cooperation with the authorities, an assessment of existing compliance programs, and the use of professional advisers. The permissive language was adopted in response to concerns that restitution may not always be appropriate, even with identifiable victims.
In some situations, for example, restitution may operate as an admission in a parallel proceeding. Consequently, the new Application Note gives companies the flexibility and discretion to tailor their remediation efforts to their own unique circumstances without compromising their eligibility to receive compliance credit.
Another key measure is prevention.
The new Application Note also calls for companies that have experienced instances of internal wrongdoing to "act appropriately to prevent further similar criminal conduct," including an assessment of their compliance and ethics programs to make necessary modifications to ensure the programs’ effectiveness.
What the Amendments Mean to Corporate Defendants. The Sentencing Commission is required by law to propose amendments to the Guidelines by May 1 of each year, and those amendments will take effect on Nov. 1 absent congressional intervention.
Since Congress did not intervene, these amendments are now in full effect. Accordingly, we recommend that corporations immediately assess their existing compliance programs. In order to capitalize on the amendments, the compliance program must, at a bare minimum:
•identify the person or persons with operational responsibility for the compliance program;
•ensure that those individuals report directly to the corporation’s governing authority — a board of directors, audit committee, or an appropriate subgroup; and
•provide clear steps to be taken if the corporation detects potentially criminal conduct as a result of its own compliance program.
Although the new Application Note references self-reporting and payment of restitution to potential victims of corporate wrongdoing, corporations would be wise to first consult in-house and outside counsel before disclosing any information or remitting any payment. While it is critical for corporate defendants to demonstrate the existence of an effective compliance program, they should be wary of taking any action that can be interpreted as evidence of liability.