Compliance Program Assessments and Moral Hazards

Legal Mandates and Guidance

Some of the most powerful drivers for assessments are legal.  The first and most influential of these is in the Federal Sentencing Guidelines for Organizations (FSGO), which provide that an organization should periodically evaluate the effectiveness of its program. The FSGO also specify the need for assessments in the wake of violations to help minimize the likely recurrence of misconduct.

The FSGO were followed by various Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement policies with C&E assessment provisions, culminating last year with the publication by the DOJ of the “Evaluation of Corporate Compliance Programs.” Among the key provisions of that document for our purposes is the following:

“One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions and the applicable industry standards. Accordingly, prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale. Some companies survey employees to gauge the compliance culture and evaluate the strength of controls, and/or conduct periodic audits to ensure that controls are functioning well, though the nature and frequency of evaluations may depend on the company’s size and complexity.”

A policy issued by the DOJ shortly after this concerning antitrust enforcement also strongly encourages companies to develop strong compliance programs in that area.

The Role of Moral Hazard

Given these expectations, failing to conduct an assessment — while likely not fatal in itself — could hurt a company in an investigation or enforcement proceeding. By contrast, having conducted an assessment could shape the government’s view of a company positively in such a setting.

In light of how large fines can now be for corporate offenses, the enforcement factor alone seems reason enough to undertake an assessment. Yet not all companies have taken this step. This may be due to a sense that the potential penalties are motivation enough to have strong programs, and companies do not need an assessment to get them to do a good job when it comes to C&E. This is where the notion of moral hazard enters the picture.

A condition of “moral hazard” exists when an employee’s or other agent’s compensation creates an incentive for her to perform her duties in ways that are not consistent with the interests of her employer/principal. Viewing C&E from a moral hazard perspective, while the incentives for companies to have strong programs are indeed powerful, individual executives — who often take a short-term approach to managing their companies — may view their personal incentives differently. An assessment can help minimize this moral hazard-based tension.

The Value of Assessments

While legal mandates are powerful incentives for conducting an assessment, the practical benefits of assessments are equally powerful. One of the more challenging tasks faced by an in-house compliance professional is measuring the value of a C&E program to an organization.

Program assessments can help us demonstrate that our programs are working and can provide important insights into how to enhance them. Assessments can help us understand how best to utilize scarce compliance resources. They can help us create a “roadmap” to follow for years to come in implementing and improving a program. Among the benefits of such a roadmap is providing a clear path for the board of directors and corporate officers in exercising their legal obligation to oversee the program. Indeed, a third-party’s assessment of a program can both help a board and senior leadership better understand the value of a program and provide an important perspective in addition to that of an organization’s internal compliance team.

An assessment can also breathe life into a program that has lost momentum. It can serve as an antidote to a false sense of “mission accomplished,” which is, unfortunately, a real danger to many companies.