Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Compliance Program Assessments and Moral Hazards

Why a C&E Assessment is Imperative

by Jeff Kaplan and Rebecca Walker
January 27, 2020
in Compliance, Featured
blue assessment key on keyboard

Jeff Kaplan and Rebecca Walker inaugurate what will be a regular column on compliance & ethics program assessments. Most of our posts will be focused on the “how” of assessing C&E programs, but here, we begin by exploring the “why.”

Legal Mandates and Guidance

Some of the most powerful drivers for assessments are legal.  The first and most influential of these is in the Federal Sentencing Guidelines for Organizations (FSGO), which provide that an organization should periodically evaluate the effectiveness of its program. The FSGO also specify the need for assessments in the wake of violations to help minimize the likely recurrence of misconduct.

The FSGO were followed by various Department of Justice (DOJ) and Securities and Exchange Commission (SEC) enforcement policies with C&E assessment provisions, culminating last year with the publication by the DOJ of the “Evaluation of Corporate Compliance Programs.” Among the key provisions of that document for our purposes is the following:

“One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions and the applicable industry standards. Accordingly, prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale. Some companies survey employees to gauge the compliance culture and evaluate the strength of controls, and/or conduct periodic audits to ensure that controls are functioning well, though the nature and frequency of evaluations may depend on the company’s size and complexity.”

A policy issued by the DOJ shortly after this concerning antitrust enforcement also strongly encourages companies to develop strong compliance programs in that area.

The Role of Moral Hazard

Given these expectations, failing to conduct an assessment — while likely not fatal in itself — could hurt a company in an investigation or enforcement proceeding. By contrast, having conducted an assessment could shape the government’s view of a company positively in such a setting.

In light of how large fines can now be for corporate offenses, the enforcement factor alone seems reason enough to undertake an assessment. Yet not all companies have taken this step. This may be due to a sense that the potential penalties are motivation enough to have strong programs, and companies do not need an assessment to get them to do a good job when it comes to C&E. This is where the notion of moral hazard enters the picture.

A condition of “moral hazard” exists when an employee’s or other agent’s compensation creates an incentive for her to perform her duties in ways that are not consistent with the interests of her employer/principal. Viewing C&E from a moral hazard perspective, while the incentives for companies to have strong programs are indeed powerful, individual executives — who often take a short-term approach to managing their companies — may view their personal incentives differently. An assessment can help minimize this moral hazard-based tension.

The Value of Assessments

While legal mandates are powerful incentives for conducting an assessment, the practical benefits of assessments are equally powerful. One of the more challenging tasks faced by an in-house compliance professional is measuring the value of a C&E program to an organization.

Program assessments can help us demonstrate that our programs are working and can provide important insights into how to enhance them. Assessments can help us understand how best to utilize scarce compliance resources. They can help us create a “roadmap” to follow for years to come in implementing and improving a program. Among the benefits of such a roadmap is providing a clear path for the board of directors and corporate officers in exercising their legal obligation to oversee the program. Indeed, a third-party’s assessment of a program can both help a board and senior leadership better understand the value of a program and provide an important perspective in addition to that of an organization’s internal compliance team.

An assessment can also breathe life into a program that has lost momentum. It can serve as an antidote to a false sense of “mission accomplished,” which is, unfortunately, a real danger to many companies.


Tags: DOJSEC
Previous Post

Hammer, Screwdriver, Wrench, Tape Measure – Your Compliance Toolbox

Next Post

The 2020 Landscape: What Boards Should Expect

Jeff Kaplan and Rebecca Walker

Jeffrey M. Kaplan is a partner in the Princeton, New Jersey office of Kaplan & Walker LLP. He has specialized since the early 1990s in the practice of compliance- and ethics-related law, including assisting numerous companies in developing, implementing and reviewing C&E programs and conducting C&E risk assessments. He has also reviewed programs for many official bodies in connection with settlements of enforcement actions. He is the co-author of a C&E legal treatise, author of several e-books — including “Compliance & Ethics Risk Assessment” — and book chapters and many articles on C&E, a frequent speaker at C&E conferences, editor of the Conflict of Interest Blog and formerly an Adjunct Professor of Business Ethics at NYU’s Stern School of Business.
Rebecca Walker is a partner in the law firm of Kaplan & Walker LLP, a firm that specializes in corporate compliance and governance located in Santa Monica, California, and Princeton, New Jersey. For over 20 years, Rebecca has specialized in advising clients on the development and implementation of compliance programs. She has also served as a monitor for the Department of the Air Force and as an independent consultant, reviewing programs for the U.S. Securities and Exchange Commission. Rebecca is the author of “Conflicts of Interest in Business and the Professions: Law and Compliance,” published by Thomson West, as well as numerous articles and studies. She chairs the Practising Law Institute’s Compliance and Ethics Essentials Institute in New York and the Advanced Compliance and Ethics Workshop in San Francisco and serves on the Advisory Board of “Compliance and Ethics Professional” magazine. Rebecca received her B.A. from Georgetown University and her J.D. from Harvard Law School.

Related Posts

illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

January 25, 2021
illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
silhouette of businesspeople in meeting with blue cyber background

Cyber Risk Quantification and Prioritization is the Future of GRC

January 20, 2021
Next Post
woman in yellow backpack looking out over landscape

The 2020 Landscape: What Boards Should Expect

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights