Like a Bridge Over Troubled Water: Developing Effective Compliance Plans
By: DAVID GLASER & LOUSENE M. HOPPE
June 2007
Imagine that you have just discovered a significant compliance problem in your company. You are preparing to address it when government agents appear and start asking questions. One of their first questions will be, “What have your compliance efforts been to date?” Your answer may shape the entire course of the investigation.
The best time to consider whether your compliance plan is working (or to implement one) is now, before any compliance problems have developed. A functional plan has seven elements.
The Devil Is in the Details. The plan must contain basic standards and procedures to reduce the prospect of criminal conduct. These materials should clearly articulate your commitment to comply with all standards imposed by federal and state regulations—even though, realistically, few people will actually read these policies closely. Keep them short, and focus on the other elements.
See No Evil, Hear No Evil, Expect Trouble. Close oversight by high level personnel is important to the plan’s success. The first step is to designate a compliance officer or committee to report to, and be held accountable by, the board. If the designated persons lack authority to effect change, government officials may feel the plan is inadequate.
A good compliance officer is approachable, cynical, thoughtful, honest, and capable of following through with investigation and discipline. The compliance committee need not be large. It may struggle with difficult issues. Committee members should be capable of seeing grey, and carefully considering the best course for the corporation. The ability of your committee to function can be hampered if any member is incapable of critically analyzing difficult questions. While the committee needs information from the whole corporation, it can gather that information from outsiders. There is no need to have every department “represented” on the committee.
Another component of oversight is leadership by example. Legal scholars have written a number of articles explaining how the “tone at the top” is key to achieving the goals of a well-written compliance plan. Employees pay attention to the actions and attitudes of their supervisors and company officers with respect to compliance; they are likely follow suit.
Keep Foxes Out of the Henhouse. The third element is closely related to the second: The plan should not empower employees who have demonstrated questionable attitudes toward regulations or have been disciplined for noncompliance. In addition, all staff should be qualified and trustworthy. Criminal background checks for officers, billing staff, and other key employees may be necessary. Compliance should be a factor in employee evaluations.
Obedience Training. Employees cannot follow a compliance plan if they are not educated about its standards and their role in ensuring compliance. The fourth requirement for a successful compliance plan provides thorough, ongoing employee training. Orientation programs should be offered to all employees. Topics should include: (1) the compliance process and substantive rules; (2) proper reporting requirements; and (3) interactions with investigators. The programs should be comprehensive, but also tailored to employees’ job responsibilities. Employees should be encouraged to recognize what they do not know and ask questions when in doubt about appropriate procedures. Be certain to track all efforts to provide compliance orientation and training.
Stop, Look, and Listen. The plan must delineate procedures for effective internal compliance monitoring and auditing. Make it easy for staff to express concerns. For example, tell staff that if they are worried about reporting a concern directly, they can report anonymously by opening an email account on Hotmail, G-mail or some other service. This permits you to communicate with the employee while the employee remains unidentified.
Silence Is Not Golden. If no employee raises a compliance concern, is your plan a success? You might think so, but the government would disagree. The government feels that if staff are not regularly raising issues, they are probably intimidated. The best defense: Every six months or so, ask all employees to list every compliance concern or certify that they believe the organization is compliant. Consult with counsel for information about drafting a certification form. In addition, ask departing employees about compliance issues during every exit interview.
Punish or Perish. Maintaining well-publicized disciplinary guidelines and enforcing the plan standards consistently are necessary to meet the sixth requirement of a good compliance plan. Some violations might require termination, but many simply merit education. Repetition of errors and intentional wrongdoing must not be tolerated. Appropriate disciplinary measures against those who fail to detect an offense are also essential. Employees who report concerns should be rewarded for their efforts; avoid even the appearance of retaliation against those who report concerns.
Don’t Just Sit There. Finally, prompt and appropriate responses by management to all detected violations of the law are critical to a compliance plan’s success. If the government detects a violation and learns that it was reported but not addressed, it will be more likely to pursue sanctions. When violations are uncovered, various self‑disclosure options are available and should be considered. We want to emphasize, however, that not all violations of company policy are violations of the law. At the first hint of trouble, contact legal counsel for advice.
The ultimate test of a compliance plan’s success is the response a disgruntled (current or former) employee will give to a federal agent who asks, “What has your employer done to comply with the law?” Incorporating the elements listed above will go a long way toward preventing the answer, “Nothing.”