Donna Boehme – The FCPA Blog – March 9, 2017
In the Justice Department’s new guidance for compliance programs, which appeared online unannounced, undated and unsigned, one detects the experienced hand of the DOJ’s new Compliance Counsel, Hui Chen.
I am so impressed by the content of the Evaluation of Corporate Compliance Programs that I suggest the DOJ rename this document: Evaluation of Corporate Compliance Programs (This Is What True Compliance Subject Matter Expertise (SME) Looks Like).
The new guidance is great stuff and directly on target. In fact, if it weren’t already buried six feet under, I’d call this document the final, ultimate nail in the coffin of the old, flawed, and disfavored Compliance 1.0 model.
That’s because the DOJ has again expressly endorsed the key attributes of the modern Compliance 2.0 model: empowerment, independence, a seat at the table, line-of-sight, resources, and, of course, true Compliance SME — the important foundational element of a successful compliance function.
For those proponents still holding on to the table leg of Compliance 1.0, here are some specific excerpts from the new guidance that point the way to Compliance 2.0 — the modern model for corporate compliance that recognizes compliance as a new, distinct SME and profession that is very different than Legal and needs to be positioned with empowerment, independence and authority in order to properly perform its job well:
- The Guidance specifically points to stature, seat at the table and empowerment: “How has the compliance function compared with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers? What has been the turnover rate for compliance and relevant control function personnel? What role has compliance played in the company’s strategic and operational decisions?”
- On independence, empowerment, and line of sight, the Guidance asks: “Have the compliance and relevant control functions had direct reporting lines to anyone on the board of directors? How often do they meet with the board of directors? Are members of the senior management present for these meetings? Who reviewed the performance of the compliance function and what was the review process? Who has determined compensation/bonuses/raises/hiring/termination of compliance officers? Do the compliance and relevant control personnel in the field have reporting lines to headquarters? If not, how has the company ensured their independence?“
- And on Resources: “How have decisions been made about the allocation of personnel and resources for the compliance and relevant control functions in light of the company’s risk profile? Have there been times when requests for resources by the compliance and relevant control functions have been denied? If so, how have those decisions been made?”
- On empowerment: ”Have there been specific instances where compliance raised concerns or objections in the area in which the wrongdoing occurred? How has the company responded to such compliance concerns? Have there been specific transactions or deals that were stopped, modified, or more closely examined as a result of compliance concerns?”
- On Compliance Subject Matter Expertise: “Have the compliance and control personnel had the appropriate experience and qualifications for their roles and responsibilities?”
As many in the compliance profession noted at the time, the DOJ’s appointment of a true Compliance Subject Matter Expert in Hui Chen was an inspired and welcomed move.
And now the new guidance is proof that the notion of true Compliance Subject Matter Expertise is coming full circle, as the DOJ’s experienced compliance SME begins infusing the agency’s policy, including its prosecution and settlement activities, with hard-earned compliance expertise that reflects the true reality that chief compliance officers experience on the ground.
This development should be the last word that the compliance profession has been yearning for, putting a long overdue end to the notion of compliance as a mere subset of the law department — where compliance is expected to work solely through the mandate of the law department, without the positioning, independence, and empowerment to perform its job well. For this masterstroke in reality, we say thank you to DOJ and Hui Chen.
As more companies (especially their boards and other gatekeepers) begin to take this excellent guidance on board, we should be seeing more and more compliance functions and professionals being positioned to do their jobs well. This is the future of compliance, and that’s a good thing.