An Ounce of Due Diligence Prevention

0

An ounce of due diligence prevention is worth pounds of sentencing cure, according to standards developed by the United States Sentencing Commission, the government agency which establishes federal sentencing guidelines.  The commission’s guidelines emphasize that prior diligence conducted by firms will help ameliorate any penalties faced by the organization.  For asset managers in these prosecution-happy times, the act of conducting due diligence reduces legal risks, whether or not the due diligence is effective in detecting criminal activity.

The United States Sentencing Commission was formed in 1985 as an autonomous agency in the judicial branch of government to establish sentencing policies and practices for the federal courts, including guidelines regarding the form and severity of punishment for offenders convicted of federal crimes.

The 540 page 2010 Federal Sentencing Guidelines Manual contains a chapter on the sentencing of organizations, which contains a section on effective compliance and ethics programs.   The discussion is remarkably cogent and pragmatic.  Here are some highlights which might interest asset managers and the research community.

Organizations can be “vicariously liable” for criminal conduct of employees.  In the context of the current insider trading investigations, employees who receive inside information, even unintentionally, can pose a risk to asset managers and research organizations.  One of the key purposes of any compliance program is to prevent or detect criminal activity, which in our current context is primarily material non-public information or confidential information.

A key point is that prior compliance diligence by an organization benefits an organization, even if it does not prevent or detect criminal activity:

“The requirements set forth in this guideline are intended to achieve reasonable prevention and detection of criminal conduct for which the organization would be vicariously liable. The prior diligence of an organization in seeking to prevent and detect criminal conduct has a direct bearing on the appropriate penalties and probation terms for the organization if it is convicted and sentenced for a criminal offense.”

The guidelines spell out what constitutes an effective compliance program, which we have excerpted below.  An important goal of any compliance platform is to “promote an organizational culture that encourages ethical conduct.”

Here are a few of the key points.  Management needs to be involved in setting up the compliance program, and knowledgeable about the program.  Implementation can be delegated, but compliance officers need direct access to management to surface issues.  The compliance program needs to be effectively communicated and there needs to be periodic training.  Incentives need to be aligned with compliant behavior.  When there are breaches, appropriate actions need to be taken and if necessary adjustments made to the compliance program.

The guidelines also provide commentary about how to evaluate compliance programs.  Factors include industry practices or relevant regulatory requirements, the size of the organization and any previous misconduct.

A compliance program can’t be judged as effective if it fails to follow industry practices or applicable regulation:  “An organization’s failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective compliance and ethics program.”

The size of the organization is also important in evaluating a compliance program.  Small organizations don’t need to devote the same level of resources, but they do need to address each component of an effective compliance program, such as communication, training or oversight.

“[A] small organization may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations. In appropriate circumstances, reliance on existing resources and simple systems can demonstrate a degree of commitment that, for a large organization, would only be demonstrated through more formally planned and implemented systems.”

If an organization experiences recurring instances of misconduct, the efficacy of its compliance program is called into question.

The full text of the guidelines pertaining to effective compliance and ethics programs can be found at http://www.ussc.gov/guidelines/2010_guidelines/Manual_HTML/Chapter_8.htm.

Excerpts:

§8B2.1. Effective Compliance and Ethics Program

(a)To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation – Organizations), an organization shall—

(1)exercise due diligence to prevent and detect criminal conduct; and

(2)otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.

(b)Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:

(1)The organization shall establish standards and procedures to prevent and detect criminal conduct.

(2)(A)The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.

(B)High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.

(C)Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

(3)The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.

(4)(A)The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subparagraph (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B)The individuals referred to in subparagraph (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

(5)The organization shall take reasonable steps—

(A)to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;

(B)to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and

(C)to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

(6)The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

(7)After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.

(c)In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.

Commentary (Excerpted)

Application Notes:

2.Factors to Consider in Meeting Requirements of this Guideline.—

(A)In General.—Each of the requirements set forth in this guideline shall be met by an organization; however, in determining what specific actions are necessary to meet those requirements, factors that shall be considered include: (i) applicable industry practice or the standards called for by any applicable governmental regulation; (ii) the size of the organization; and (iii) similar misconduct.

(B)Applicable Governmental Regulation and Industry Practice.—An organization’s failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective compliance and ethics program.

(C)The Size of the Organization.—

(i)In General.—The formality and scope of actions that an organization shall take to meet the requirements of this guideline, including the necessary features of the organization’s standards and procedures, depend on the size of the organization.

(ii)Large Organizations.—A large organization generally shall devote more formal operations and greater resources in meeting the requirements of this guideline than shall a small organization. As appropriate, a large organization should encourage small organizations (especially those that have, or seek to have, a business relationship with the large organization) to implement effective compliance and ethics programs.

(iii)Small Organizations.—In meeting the requirements of this guideline, small organizations shall demonstrate the same degree of commitment to ethical conduct and compliance with the law as large organizations. However, a small organization may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations. In appropriate circumstances, reliance on existing resources and simple systems can demonstrate a degree of commitment that, for a large organization, would only be demonstrated through more formally planned and implemented systems.

Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guideline include the following: (I) the governing authority’s discharge of its responsibility for oversight of the compliance and ethics program by directly managing the organization’s compliance and ethics efforts; (II) training employees through informal staff meetings, and monitoring through regular “walk-arounds” or continuous observation while managing the organization; (III) using available personnel, rather than employing separate staff, to carry out the compliance and ethics program; and (IV) modeling its own compliance and ethics program on existing, well-regarded compliance and ethics programs and best practices of other similar organizations.

(D)Recurrence of Similar Misconduct.—Recurrence of similar misconduct creates doubt regarding whether the organization took reasonable steps to meet the requirements of this guideline. For purposes of this subparagraph, “similar misconduct” has the meaning given that term in the Commentary to §8A1.2 (Application Instructions – Organizations).

Background. This section sets forth the requirements for an effective compliance and ethics program. This section responds to section 805(a)(2)(5) of the Sarbanes-Oxley Act of 2002, Public Law 107–204, which directed the Commission to review and amend, as appropriate, the guidelines and related policy statements to ensure that the guidelines that apply to organizations in this chapter “are sufficient to deter and punish organizational criminal misconduct.”

The requirements set forth in this guideline are intended to achieve reasonable prevention and detection of criminal conduct for which the organization would be vicariously liable. The prior diligence of an organization in seeking to prevent and detect criminal conduct has a direct bearing on the appropriate penalties and probation terms for the organization if it is convicted and sentenced for a criminal offense.

Share.

About Author

Leave A Reply