By guest author Jeffrey M. Kaplan
How would your compliance and ethics (C&E) program fare if evaluated under the Department of Justice’s corporate criminal charging standards or the Federal Sentencing Guidelines for Organizations? This one-minute self test – based on applicable legal standards, best practices and lessons learned from major C&E failures – may give you a sense of the likelihood of “passing” what could be a life-or-death test for your company.
- Does your board oversee compliance with key substantive areas of law (e.g. antitrust)?
- Is the C&E performance of senior management incented in a meaningful way (such as through function-specific C&E evaluation criteria)?
- Does your risk assessment process actually provide useful ideas for C&E risk mitigation strategies – i.e., does it serve the purposes contemplated by the Sentencing Guidelines 2004 revisions (but rarely achieved though traditional ERM-based approaches)?
- Does your program have sufficient “reach” – for instance, to the risk causing business activities of suppliers or independent agents?
- Have you assessed in a well-documented way the efficacy of your program in high-risk areas (e.g., FCPA compliance)?
Of course, this is by no means an exclusive – let alone complete – list of topics for a C&E self assessment. But hopefully it is a helpful place to start.