Some companies question whether or not they should invest in a full-fledged compliance program. While the return on investment isn’t always obvious, a strong program can help your company avoid fines and legal expenses. In the United States, the Department of Justice (DOJ) and the Securities Exchange Commission (SEC) sometimes decline to pursue charges due to a company having an effective compliance program in place.
In effect, an effective compliance program can lead to a sentence downgrade or even preclude criminal prosecution of an organization. Evidence of a solid compliance program has helped a number of companies avoid prosecution under the FCPA, even when a company did not or could not prevent the underlying violation that gave rise to the investigation. In this article, you’ll learn more about demonstrating program effectiveness and how the multinational Harris Corporation avoided prosecution thanks to its compliance program.
AN EFFECTIVE COMPLIANCE PROGRAM: THE HARRIS CORPORATION
In September 2016, the SEC and DOJ declined to prosecute the Harris Corporation, despite violations of the FCPA by its newly acquired subsidiary, CareFx Corporation. The case demonstrates how robust compliance programs can shield companies from potential prosecutions.
Briefly, Harris had acquired CareFx which, in turn, owned a Chinese subsidiary, CareFx China, whose CEO had engaged in a bribery scheme. The CEO, Jun Ping Zhang, offered gifts and hospitality to government officials at state-owned hospitals in China. Ping disguised the bribes as expense claims, which were then improperly recorded and consolidated into Harris Corp.’s accounting records.
“Although only able to perform limited pre-acquisition due diligence on the subsidiary,” Harris had taken immediate, significant steps “to train staff in China and integrate the subsidiary into Harris’s system of internal accounting controls,” according to the DOJ. “As a result of Harris’s post-acquisition measures, including the implementation of an anonymous complaint hotline, Harris discovered the misconduct at the subsidiary within five months of the acquisition.”
This case was the first time a multinational company avoided prosecution altogether while its employee (Ping) was still on the hook for the violation. Despite Ping’s flagrant violations, the SEC and DOJ declined to prosecute Harris, mainly because Harris had conducted appropriate due diligence on CareFx and maintained an effective compliance program in place after the acquisition.
It’s important to note that Harris had ongoing self-policing in place as part of their program, which led them to discover the violation and subsequently report it to the government. It’s a great example of the protection provided by a strong compliance program.
DEMONSTRATING YOUR PROGRAM’S EFFECTIVENESS
The first step is to have a compliance program in place. But it’s not enough to just do the right thing -- your company must also be able to provide evidence of the program’s effectiveness. In recent years, the DOJ and SEC have shown that they’re willing to issue a formal decision to not bring charges, based on a number of factors; including efforts at self-policing, prompt self-reporting, thorough remediation and exemplary cooperation with investigators. Further guidance is also found in the recent release of the DOJ (February 2017) providing companies with a set of criteria, based in part on federal sentencing guidelines, against which a compliance program’s effectiveness can be evaluated. The DOJ guide addresses the following 11 aspects of corporate compliance programs:
- Analysis and remediation of underlying misconduct
- Senior and middle management
- Autonomy and resources
- Policies and procedures
- Risk assessment
- Training and communications
- Confidential reporting and investigation
- Incentives and disciplinary measures
- Continuous improvement, periodic testing and review
- Third-party management
- Mergers and acquisitions
You can use the DOJ’s guide to measure how well your compliance program shields your company from prosecution. Whether you’re training individuals, rolling out policies or vetting third parties, every affirmative compliance effort that you make should become part of an auditable trail of efforts, processes and controls. Unfortunately, that’s where many companies fall short.
TECHNOLOGY’S ROLE IN COMPLIANCE
At many companies, people may be committed to doing the right thing, but fail to fully record those efforts. Part of the problem is the sheer volume of information to maintain, from tracking whistleblower issues to registering every gift or clearance of a potential conflict.
In order to quickly and easily demonstrate your compliance efforts you need more than good policies -- you need a system of record. That’s where today’s technology offers great value: Sophisticated, automated systems are more reliable than good intentions when it comes to collecting the evidence you need to win a declination from the DOJ and SEC. As we saw in the Harris case; evidence of an effective compliance program can make all the difference in deterring prosecution.