Jeff Kaplan: In many companies, the answer is either the general counsel or chief compliance officer. But a better answer – because it is more consistent with governmental expectations and best practices – is all of a company’s senior managers.
The key legal standards – meaning the Corporate Sentencing Guidelines, which are used (among other things) to determine whether to indict companies for the acts of their employees or agents – cast a broad net when it comes to managerial accountability for compliance. First, senior managers must ensure that their organization’s compliance program is effective. Second, they must be knowledgeable about the content and operation of the program. Third, they must exercise due diligence in the performance of their duties. Finally, they must “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”
Moreover, high-ranking enforcement officials – such as the head of the Department of Justice’s Fraud Section – have identified senior management support as one of the key factors that the government examines in assessing the effectiveness of a company’s compliance program. And, the experiences of companies with best-practice programs have long demonstrated the importance to program efficacy of all of a company’s senior managers truly being held responsible for compliance.
But how do general counsels and chief compliance officers in companies that are not yet at the best-practice stage promote such an approach? The first step is often to formalize senior management accountability in a compliance program governance document (which typically serves various other purposes as well).
After this, there are a number of ways to operationalize compliance responsibility for senior managers, such as:
o Adding specific compliance responsibilities to their job descriptions, business plans and performance evaluation criteria.
o Tracking their compliance “performance” – such as compliance training completion rates or responses to compliance-related questions on employee surveys – for their respective business units or functions.
o Having the general counsel or compliance officer periodically develop business unit/function compliance communication strategies with each senior manager.
Of course, there are other ways, too, and each company needs to find the approach that works best for it. But as a general matter, there is no question that the more all of a company’s senior managers accept responsibility for ensuring that its compliance program is effective the more likely that program is to actually prevent violations or law and – if ever assessed in the high-stakes setting of a criminal investigation – to be deemed effective by the government.