Preview Mode Links will not work in preview mode

Prison Professors

Dec 22, 2020

Compliance Mitigation dot com


For reasons expressed throughout these modules, every business leader should consider possible steps to lessen potential exposure to a government investigation. Three suggestions follow:

  1. Show a commitment “to doing good” in all communications.
  2. Document processes that show a commitment to operating the business with principled, transparent policies that are easily defensible.
  3. Train all team members to understand the corporate culture, and also the reasons behind every policy in place.

These three components would go a long way toward protecting businesses and individuals.


Government Officials:

In 1991, the U.S. Sentencing Commission (USSC) amended its guidelines. The amendments incentivized business owners to act in compliance with regulations and the law. Those changes opened opportunities for prosecutors to grant leniency, non-prosecution agreements, or deferred-prosecution agreements to businesses that put “effective compliance programs” in place.

Theoretically, if business leaders designed effective compliance programs, their efforts would show a good-faith effort toward corporate responsibility. By building a record demonstrating that they want all team members to act appropriately, leaders reduce risk levels. Although no one can eliminate the possibility of a government investigation, good records will serve as an excellent defense mechanism.

As we’ve stated throughout, although business leaders can control personal decisions, they cannot observe decisions that other people on their team make. For those reasons, leaders should add training on the personal costs that can accompany an investigation or a prosecution for white-collar crime.

Agencies within the Department of Justice now incentivize businesses to make bigger investments in compliance. Guidance from 2019 advises federal prosecutors to consider the following questions when evaluating corporate compliance programs:


  1. Is the program well designed?
  2. Is the program being implemented effectively?
  3. Does the compliance program work in practice?


In 2020, the DOJ emphasized another two key points with its publication of: Evaluation of Corporate Compliance Programs (2020 Guidance):



Corporate compliance programs, to be deemed genuine and effective by the DOJ, must be examined, tested, and updated on a continual basis, including (and perhaps especially) during a government investigation.


Compliance efforts should integrate current data analytics, capabilities wherever possible. If deficiencies are found, then changes should be made, and the 2020 Guidance makes clear that DOJ expects regular review of compliance efforts.



The quality of a company’s compliance program continues to be a major factor in deciding on the appropriate resolution of a government investigation. The 2020 Guidance makes clear a program’s effectiveness will be considered at the close of an investigation as well as when the underlying company conduct occurred.


Consequently, under DOJ policy, the strength of a company’s past and present compliance efforts will ordinarily have an effect on the terms of a resolution, including the often quite important matter of whether a monitor is required (and the scope of a monitorship).


The DOJ’s guidance can help business leaders make decisions to lessen exposure to investigations.

Effective compliance programs will not only show people what they should do, it will help those people understand what they should not do. In addition, they may also profile the consequences that follow for bad behavior.

If a company invests the time to show a person how to make the right decisions, and it requires the people to acknowledge that they understand corporate policy, the business protects itself. Good compliance programs will encourage both corporate accountability, and personal accountability. If there is a breach of policy, the company should create a record and demonstrate the steps that it has taken to make things right.

Two questions that investigators may ask include:


  • Has the company ever terminated or otherwise disciplined anyone for the type of misconduct at issue?
  • Have the disciplinary actions and incentives been fairly and consistently applied across the organization?


To demonstrate individual accountability, the company will record disciplinary measures taken against people charged with violations of compliance policies. If a company shows that it pays more than lip service to compliance, it may lessen exposure to a government investigation.

Compliance programs serve as an insurance policy. Although business leaders may strive to do the right thing every time, rogue employees can expose the business to risks. The compliance program may influence the lens through which prosecutors view the company. That said, some metrics show that the mere existence of a compliance program doesn’t show commitment to compliance. Solely requiring employees to sign forms showing that they’re familiar with the corporate polices won’t move the needle if a pattern of fraud is uncovered.

In 2012, the prosecutors brought criminal charges against Garth Peterson, a trader at Morgan Stanley. Documents noted that Peterson had gone through seven compliance-training sessions and 35 related reminders on bribery. Despite that training, he pleaded guilty to bribery charges. Compliance initiatives had little influence on Peterson, because he viewed them as pro forma, something he needed to do in order to keep his job.

If a business doesn’t create a compliance program with robust follow-through, it may be ineffective and dubious from the perspective a government investigator. Prosecutors will not give credit for compliance programs that fail to inspire appropriate conduct.

A company protects itself when it comes up with innovative ways to help people within the organization embrace the principles of compliance—but also understand the consequences for non-compliance.



Designing A Compliance Program:


Compliance is not a “one-size-fits-all” proposition. Leaders within a company should:

  • Document the reasons behind the compliance training.
  • Show the tools, tactics, and resources they’ve implemented to train.
  • Create accountability logs to show people that have gone through the training, encouraging them to self-report what they’ve learned from the program.


If the program doesn’t work, the leader should show what adjustments he or she has made.

Federal and state regulations, as well as industry standards, evolve constantly. For this reason, leaders should conduct regular assessments to minimize the risks associated with noncompliance.


Risk factors:  

  • What inherent risks exist in the company’s market?
  • What efforts does the company leadership make to stay aware of the market?
  • In what ways does the company solicit third-party expertise?



  • What purpose does each module within a compliance program serve?
  • In what ways do members of the team understand the objectives of a corporate compliance program?


Departmental Responsibilities:  


  • In what ways does the company delegate responsibility for compliance programs?
  • In what ways does the company measure excellence in delivering compliance training?
  • How does the company record employee buy-in of the training?
  • What do team members or stakeholders understand about reporting metrics?





  • What level of commitment does the company make to training?
  • What efforts does the company make to update the training?
  • In what ways can employees independently participate in computer-based training?
  • How does the company measure employee engagement?



Corresponding Policies:


Like every individual has a personality, every organization has an identity. Different businesses will need a compliance program that matches the business’s identity. Some organizations may require a policy that scrutinizes new hires more than others. For example, a business that controls financial information for consumers may require criminal-background checks on all new hires, while a company that specializes in landscaping may not.

A compliance program should show a commitment to transparency. All policies should harmonize with the behavior of officials at the highest level. In this era of cloud-based computing, leaders may make use of computer-based training, encouraging members of the team to review lessons remotely. If employees have feedback, mechanisms should exist for them to provide feedback in a manner that will not undermine their position—provided they offer the feedback in a good-faith effort to promote compliance.




In summary, the best way to minimize vulnerabilities to government investigations is to create a good compliance program that is consistent with the corporate culture. Document every practice within the company. Show the reasons behind the ways that the company makes decisions. Train team members on how to work within the framework of the corporate culture. Leaders may want to review guidance from the Department of Justice, and question whether the compliance programs they’ve put in place measure up.

A good tactic may include bringing in a neutral third party who has that credentials to ask the questions that investigators will ask. Create a program that will allow leaders of the organization to respond honestly, with their dignity intact. When making a decision on whether to bring charges against a company, government attorneys will ask:


  1. Is the program well designed?
  2. Is the program being implemented effectively?
  3. Does the compliance program work in practice?


If a company leader can respond to those questions as quickly as he can answer the questions regarding corporate profitability, the leader will have done everything possible to minimize vulnerabilities to a government investigation. In our era of big government, that doesn’t mean a government investigation will not begin. It only means that a company is in as good a position as possible. No one can change past behavior. But we all can work toward minimizing risks in the future.