U.S. Sentencing Commission Amends Requirements for an Effective Compliance and Ethics Program

April 13, 2010

The United States Sentencing Commission voted unanimously on April 7, 2010 to modify the Federal Sentencing Guidelines for organizations, including the provisions that set forth the attributes of an effective compliance and ethics program.  After considering a number of proposed changes to these Guidelines, the Commission voted to:

• Enhance the report obligations from a compliance officer to the board of directors in order for the compliance program to be deemed effective in all circumstances;
• Clarify the steps a corporation must take to meet the Commission’s requirement for proper remediation in the event criminal conduct occurs;
• Reject the proposed language that would have mentioned, for the first time, the appointment of monitors as a possible component of the remediation requirement or, separately, as a possible condition of probation for a convicted corporation; and
• Reject language under consideration that would have given document retention policies unique prominence in the list of compliance program requirements.

During the period leading up to November 1, 2010–the date the amendments are slated to take effect–corporations will want to consider whether and how to modify their compliance programs in light of the changes.

The Effective Compliance and Ethics Program Framework

Under the Federal Sentencing Guidelines, a convicted corporation or other organization is eligible for a reduced sentence if it had an effective compliance and ethics program in place at the time of the offense.  The Guidelines spell out several features that a compliance program must have for the corporation to receive this credit. 

These requirements have taken on importance well beyond the small number of cases in which corporations stand convicted of federal offenses each year.  Satisfying the requirements in the Guidelines for an effective compliance and ethics program is widely viewed as an important step in (i) avoiding prosecution altogether, (ii) positioning a corporation to advocate for a non-prosecution or deferred prosecution agreement, (iii) mitigating the fine that must be paid if a non-prosecution or deferred prosecution agreement is negotiated, or (iv) steering clear of civil liability in the private litigation and enforcement contexts.

The current requirements under the Federal Sentencing Guidelines for an effective compliance and ethics program include:

(1) standards and procedures to prevent and detect criminal conduct;

(2) knowledge by the corporation’s board about the content and operation of the program and the exercise of reasonable oversight with respect to its implementation and effectiveness;

(3) reasonable efforts to avoid placing in a substantial authority position those whom the organization should have known had engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;

(4) reasonable steps to communicate the program’s standards and procedures throughout the organization, and training that is tailored to each audience;

(5) reasonable steps to ensure that the corporation’s compliance program is followed, including monitoring and auditing to detect criminal conduct, periodically evaluating the program’s effectiveness, and publicizing a system that allows reporting or the receipt of guidance about potential and actual criminal conduct without fear of retaliation;

(6) consistent promotion and enforcement of the program with appropriate incentives for proper performance and appropriate disciplinary measures for those who engage in criminal conduct or fail to take reasonable steps to prevent or detect it; and

(7) reasonable steps to respond appropriately to criminal conduct when detected, and to prevent further similar criminal conduct, including any needed changes to the program.

These requirements have been in place, with minor modifications, since 2004.  Despite this guidance, corporations almost never have qualified for a sentence reduction for having an effective compliance and ethics program.   

In January 2010, the Commission proposed a series of changes that would clarify some of the requirements, make others more rigorous, and extend the availability of sentence credit for an effective compliance and ethics program to a greater number of organizations.  The Commission held a public hearing on these proposals in March and received additional written comment, culminating on April 7 with the adoption of modifications.

Making the Compliance Program Credit More Available–But at a Price

The most anticipated part of this year’s organizational Guidelines amendment package was a proposed change to the current per se disqualification from effective compliance and ethics program credit if one or more members of "high-level personnel" participated in, condoned, or was willfully ignorant of the offense.  The term high-level personnel is defined to include a director, an executive officer, and "an individual in charge of a major business or functional unit of the organization."  Although the Commission collects no statistics on the point, it is believed that this disqualifier applies to several convicted corporations each year.  The Commission requested comment on whether to no longer make it an automatic bar.

With several groups supporting the change, the Commission voted to take that step.  There is a catch, however.  The credit still will not apply unless four conditions are met.  The first condition requires that "the individual or individuals with operational responsibility for the compliance and ethics program . . . have direct reporting obligations to the governing authority or an appropriate subgroup thereof (e.g., an audit committee of the board of directors)."

This change will expand on the level of direct reporting required between the person with day-to-day operational responsibility for compliance and members of the board (or of a committee of the board).  The current requirement is flexible–those with operational responsibility for the program shall report periodically to high-level personnel and, as appropriate" to the board or an appropriate committee of the board.  The only specificity is that such individual or individuals "typically should, no less than annually, give the governing authority or an appropriate subgroup therefore information on the implementation and effectiveness of the compliance and ethics program." 

Under the amendment, "an individual has ‘direct reporting obligations’ to the governing authority or an appropriate subgroup thereof if the individual has express authority to communicate personally to the governing authority or appropriate subgroup thereof (A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the compliance and ethics program." 

The first component is new and could be problematic for corporations that vest overall responsibility for compliance in a senior member of management (e.g., the general counsel), while delegating operational responsibility to a subordinate.  The new requirement may not allow the senior officer (e.g., the general counsel) to act as a filter in deciding which conduct warrants reporting (and when) to the audit committee.  It is also notable that the new guidance does not address the variety of corporate structures, such as the frequently used European model where the general counsel reports to the chief financial officer. 

Corporations should consider whether their compliance programs meet this new requirement and whether the advantages of a change would outweigh any disadvantages.  The amendment creates the unusual situation in which a compliance program’s effectiveness, for purposes of receiving sentence credit under the Guidelines, depends on whether high-level personnel are implicated in the offense.  A compliance program that does not have the additional direct reporting obligations will still be deemed effective so long as future criminal conduct (or suspected criminal conduct) that draws the attention of the authorities does not implicate a member of high-level personnel.  Without the new direct reporting obligation in place, though, a compliance program becomes ineffective (i.e., does not trigger the sentence credit) if high-level personnel turn out to have participated in, condoned or been willfully ignorant of the offense.

The other three conditions for receiving credit under this new provision are less important considerations in the design of a compliance program, although management and the board should bear them in mind whenever they learn that illegal conduct may have occurred.  These conditions are that:  (1) the compliance and ethics program "detected the offense before discovery outside the organization or before such discovery was reasonably likely"; (2) the corporation "promptly reported the offense to appropriate governmental authorities"; and (3) "no individual with operational responsibility for the compliance and ethics program participated in, condoned, or was willfully ignorant of the offense." 

Clarification of the Seventh Requirement, Including the Rejection of Monitors as a Suggested Way to Remediate

As mentioned above, the Sentencing Guidelines’ seventh general requirement of an effective compliance and ethics program is that the corporation take reasonable steps in response to criminal conduct that it has detected.  This requirement does not look to the adequacy of the corporation’s response to "today’s" offense, because the question is whether the corporation’s compliance program was effective at the time of that offense.  Instead, under the seventh requirement the corporation must be prepared to show that when criminal conduct was detected in the past it took "reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program."

The current Guidelines contain no "commentary" elaborating on this requirement.  The new version changes that through language stating there are two components:  (1) an "appropriate" response to the conduct through "reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct"; and (2) acting "appropriately" to prevent further similar criminal conduct, "including assessing the compliance and ethics program and making modifications necessary to ensure the program is effective." 

The remediation component includes a reference to restitution, but the reference was toned down following comments from, among others, the Association of Corporate Counsel, the American Bar Association, and the Practitioners Advisory Group to the Commission. These groups noted that it would be unreasonable to expect restitution where, for example, civil litigation has not run its course and identifiable victims will not release claims as part of a proposed restitution payment.  The adopted language states that the steps to remedy harm "may include, where appropriate," providing restitution to identifiable victims. 

As for the second component (steps to prevent future similar criminal conduct), the Commission’s original version of the amendment would have stated that "[t]he organization may take the additional step of retaining an independent monitor to ensure adequate assessment and implementation of the modifications" to the compliance program.  The reference to monitors drew criticism for appearing to endorse and encourage a tool that rarely is necessary or appropriate.  The Commission replaced that language with the following:  "The steps taken should be consistent with subsections (b)(5) and (c) [each requiring periodic evaluations of the program] and may include the use of an outside professional advisor to ensure adequate assessment and implementation of any modifications."  This change will help encourage appropriate use of outside experts in designing and implementing program changes, without suggesting that the corporation must cede decision-making authority to an outside party.

In a separate part of the original proposal, the Commission would have included monitors as an optional probation condition.  In the face of similar concerns that this language might encourage judges to use monitors more frequently than appropriate, the Commission deleted that reference from the final version.  Likewise, it left out language that would have included in the available probation conditions "a reasonable number of regular or unannounced examinations of facilities subject to probation supervision."  As a result, such "regular or unannounced examinations" are still limited to the corporation’s "books and records at appropriate business premises."  The Justice Department has already stated that it will ask the Commission to revisit that decision in the 2011 amendment cycle.

No References to Document Retention Policies

Finally, the Commission elected not to add proposed language that related to document retention policies.  These provisions in the commentary would have required a corporation’s high-level and substantial authority personnel to be aware of such policies and conform them to meet the goals of an effective compliance and ethics program and to reduce the risk of criminal liability under statutes related to obstruction of justice.  The provisions also would have required a corporation to assess and make changes to document retention policies as part of the requirement to periodically assess risk and take appropriate steps to design, implement or modify the elements of a program.

Although the Commission chose not to mention document retention policies in the amendments, it would be a mistake to view that as a decision on the Commission’s part that such policies are unimportant or unnecessary.  Instead, the Commission was likely reacting to comments that specific mention of one type of policy could give that policy greater prominence than others that may be just as important, or even more important, to overall effectiveness of many compliance programs.  Thus, it appears that the Commission decided not to head down the impractical and risky path of making reference to a detailed list of specific policies, opting instead for keeping the requirements–which must apply to organizations of all types and sizes–at a higher level of generality.

Effective Date

Unless Congress passes legislation rejecting these amendments, they will take effect November 1, 2010.  Commissioner Beryl Howell stated at the April 7 hearing that the Commission likely will propose additional amendments to the organizational Guidelines in the 2011 amendment cycle. 

The attorneys at Gibson Dunn, including David Debold in the Washington, D.C. office, who chairs the Commission’s Practitioners Advisory Group, have been extensively involved in the Guidelines amendment process.  The attorneys listed below are experienced in helping clients meet these and other requirements for effective compliance programs and are available to answer any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you work or any of the following: