Jay Rosen explores proactive monitoring, which demonstrates the benefits of using a third party to fulfill the compliance mandates laid out by the DOJ.
I have been looking back at some Department of Justice (DOJ) announcements over the past several years, as well as the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. Over this series, I have explored what companies can do both internally and externally to incorporate the Benczkowski Memo (“the Memo”) and other DOJ guidance into their corporate compliance programs.
Here, I discuss proactive monitoring, which is directly in the wheelhouse for every compliance program’s three key prongs: prevent, detect and remediate. It is interesting to note: Deputy Attorney General Rod Rosenstein said in a keynote address in late November 2018:
Money spent on an effective compliance program is “money well spent,” while the lack of such an investment is a “missed opportunity.”
When you think about it, that sort of speaks volumes to what this new guidance is all about: to help companies take a serious look at their own compliance programs.
If your organization does not have the capability to do an honest and deep program assessment, you should consider bringing in an outside third-party professional – a compliance company that is independent and neutral and does not have biases – to perform an internal review to look at a compliance program. The Idea is to bring in an outside entity with knowledge and experience.
In a nutshell, it’s proactive monitoring to avoid an imposed monitor.
The Memo and other DOJ announcements in 2018 lay out a discrete roadmap for how organizations can avoid the imposition of a monitor. The independent monitor is conflict-free, performs a comprehensive assessment and then helps lead the company through the recommended remediations. The proactive monitor is focusing the company on whatever deficiencies might exist within their program; it might be fixing the root cause problems by implementing controls and processes.
Equally importantly, the independent monitor does this over time. It can look at a company’s efforts to implement those changes and then maintain them. This is validating the efforts that the company is making to fulfill a compliance mandate.
One of the strengths of a good monitor is assessing what the company is doing and saying to determine what’s real. The proactive monitor does not come into an assignment with preconceived notions. There are no judgments or biases; it is truly is a blank slate. The words “objective” and “professional” come to mind. The independent third-party comes in without preconceived or preordained conclusions, resulting in an honest and fair assessment. So, the upside of bringing in an independent monitor is expertise, professionalism, experience and efficiency.
This final point is very much a business positive: The company itself does not have to recreate the wheel to assess itself, as the tools are already created. An outside, independent third party allows the company to continue its business while the independent third-party monitor is on the outside, looking in on the company while it continues its operations. Monitoring can be a distraction if performed internally. One of the benefits of an external monitor is that it allows the company to do its work while the expert does the assessment.
Additionally, the expertise of the independent monitor can reveal problems the company may have never even been aware of.
To conclude, I want to clearly articulate the differences between a proactive monitor and one imposed by regulators as part of an agreed settlement. A proactive monitor comes to a company not necessarily when the company is in trouble or when there is something going on, but when the company desires to assess their compliance program. Obviously, this can be an effective tool.
Conversely, an imposed monitor brings a different perspective: They are an imposed resource whose mandate is not necessarily to look at all aspects of a compliance program; usually, their mandate might be an agreed-upon or specific issue to consider.
So, while the Memo may well portend less imposed monitors, the costs for putting your organization in a position where one is mandated by the government can be quite high. Not only is the better approach to compliance a proactive approach, it is by far the more cost-effective approach. Finally, the Memo and other DOJ pronouncements in 2018 not only further articulate the DOJ’s expectations, but also demonstrates how a company can move through the enforcement process to receive a full declination under the FCPA Corporate Enforcement Program.
In case you missed the earlier installments of this ongoing series, please see the links below.