Recent Amendments to the Sentencing Guidelines: Compliance and Ethics Program Requirements

[Editor's Note: This article was contributed to CCI by featured columnist Jeff Kaplan and co-written with his partner Rebecca Walker at Kaplan & Walker LLP.]

Recent Amendments to the Sentencing Guidelines

Compliance and Ethics Program Requirements

On April 7 the U.S. Sentencing Commission voted to amend the Sentencing Guidelines compliance and ethics (“C&E”) program provisions in two significant ways (and not to amend them in a significant way, as well).1

No Document Retention Language

First, to the considerable relief of many in the C&E community, the Commission decided not to go forward with two provisions it had been considering that would effectively have raised document retention to the status of a presumptive high risk area for all organizations. The Commission received many comments suggesting that these proposals would skew mitigation efforts in companies, and was evidently persuaded by these submissions.

Responding Appropriately to Criminal Conduct

Second, the Commission added important commentary to the seventh element of an effective C&E program – the Guidelines provision that, when criminal conduct is detected, a company must take “reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.” That new commentary provides that a company in such circumstances must:

  • Take “reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct [which] may include, where appropriate,” providing restitution to identifiable victims, self reporting or cooperating with the authorities.
  • “[A]ct appropriately to prevent further similar criminal conduct, including assessing the compliance and ethics program and making modifications necessary to ensure the program is effective. The steps taken should be consistent with subsections (b)(5) and (c) [the first requiring periodic evaluations of the program, the second periodic risk assessment] and may include the use of an outside professional advisor to ensure adequate assessment and implementation of any modifications.”

This latter provision could be of great benefit because the extent to which a company is deemed to have learned the appropriate C&E program lessons from a violation can powerfully impact how a prosecutor treats the company. In that connection, it is worth considering several actual cases from C&E “history” involving both ineffective and effective responses to violations: a) an antitrust prosecution, where the defendant’s perceived failure to respond appropriately to a relatively modest fine contributed to the government’s insistence on a massive fine the next time around; b) the prosecution of a “Big 5” accounting firm, based in part on the firm’s failure to respond sufficiently to an earlier violation; and c) a very different kind of case than the first two, in which an organization’s having installed what the government saw as a model C&E program after an offense was detected contributed to the government’s decision not to prosecute the organization.

While all violations should trigger a program assessment of some kind, not all violations can or should result in “the use of an outside professional advisor to ensure adequate assessment and implementation of any modifications.” In determining when to seek such assistance, companies may wish to consider the following factors:

  • The seriousness/severity of the violation, because the more significant the offense, the greater a prosecutor’s expectations are likely to be vis a vis a company’s response.
  • The magnitude and complexity of the contemplated C&E program modifications, because the more significant and complex they are, the greater the likely need for an outside advisor’s expertise.
  • The extent to which implementation of modifications seems likely to meet resistance within a company, because the possibility of such resistance may create the need for an independent party to ensure that modifications indeed take place.

Reporting to the Board

The second important proposed amendment concerns the obligation and authority of the person with operational responsibility for the C&E program to report to the highest governing authority of the organization. The Guidelines specify that the reduction in an organization’s culpability score (and hence its criminal fine) is not to be applied where either (i) the organization unreasonably delayed reporting the offense to appropriate governmental authorities or (ii) an individual within high-level personnel of the organization or the relevant business unit participated in, condoned, or was willfully ignorant of the offense. The Commission has proposed amending the Guidelines to allow the culpability score and fine reduction, despite the involvement of high-level personnel, so long as each of the following conditions is met:

  1. those individuals with operational responsibility for the C&E program have “direct reporting obligations” to the governing authority (the board) or an appropriate subgroup thereof (e.g., the audit committee);
  2. the C&E program detected the offense before discovery outside the organization or before such discovery was reasonably likely;
  3. the organization promptly reported the offense to appropriate governmental authorities; and
  4. no individual with operational responsibility for the C&E program participated in, condoned, or was willfully ignorant of the offense.

Importantly, the Commission also added an application note to clarify that an individual has “direct reporting obligations” to the governing authority if the individual has “express authority to communicate personally to the governing authority or appropriate subgroup thereof (A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the C&E program.”

The notion of annual board reporting on program implementation and effectiveness by the person with operational responsibility is already present in the Guidelines, but more in the form of a suggestion than a requirement. It is now clearly a requirement (at least to qualify for this exception).

In practice, such reports typically include an overview of each element of a C&E program, including (i) a discussion of the C&E risk assessment process and results; (ii) a report on any significant personnel changes in the C&E department; (iii) an update on C&E training and communication efforts; (iv) a discussion of any changes to the code and significant company policies; (v) a discussion of C&E audit results and the upcoming C&E audit plan; (vi) an overview of reports received of suspected misconduct and the results of investigations; and (vii) mitigation efforts in areas of high risk (e.g., FCPA).
Many organizations also discuss any strategic initiatives for the upcoming year that impact the C&E program and plans for or results of program assessments.

We also note that the board reporting exception requires “express authority” to communicate personally to the board. Express authority would seem to require a written program and/or board document setting forth the authority and obligations of the person with operational responsibility to report to the board. Companies should review their program documentation in light of this requirement.

With respect to notifying the board of actual or potential criminal conduct, the documentation should make clear that the person with operational responsibility for the program has the authority to report any crime or concern to the board or a committee thereof, in his or her discretion. However, the expectation would be that the authority will, as a general matter, be used only with respect to actual or potential crimes involving high-level personnel. (Of course, other matters will continue to be reported to the board, but they need not be reported directly by the person with operational responsibility for the program.)

Next Steps and Conclusions

The proposed amendments are due to Congress by May 1, after which Congress will have 6 months to act on them. If Congress fails to take any action (which is very likely in this case), the amendments will become effective as of November 1.

The two primary amendments should prove to be quite beneficial to C&E programs. Providing additional guidance to organizations on how best to respond to detected misconduct (including through assessing the C&E program) should help ensure both more effective programs in general and more effective responses in particular. And enhancing the relationship between the person with operational responsibility for the program and the board should help increase the general “clout” and authority of C&E programs, both of which are key to program efficacy.

This memorandum may be considered attorney advertising. It was prepared for general informational purposes only and is not intended as legal advice.

1 – The proposed amendments would also amend the Guidelines’ provisions governing the conditions of probation for an organization and make certain technical changes.

About the Author

Jeff Kaplan

Jeff-Kaplan-kaplan-and-walkerAbout the Author: Jeffrey Kaplan, a partner in the Princeton, New Jersey office of Kaplan & Walker LLP, has practiced law in the compliance and ethics field since the early 1990's. Mr. Kaplan is also an adjunct professor of business ethics at NYU's Stern School of Business, co-editor (with Joseph Murphy) of Compliance Programs and the Corporate Sentencing Guidelines (West Thomson), former counsel to the Ethics and Compliance Officer Association and co-author of a study by the Conference Board on the use of compliance and ethics program criteria in government enforcement decisions.