Revisiting Anti-Corruption Compliance Programs after the Yates Memo

In the recently issued Yates Memo, the US Department of Justice (DOJ) makes a priority of holding individuals accountable for corporate wrongdoing. What does this mean for business executives subject to US law?Clearly, these persons will want to better understand how their companies’ anti-corruption compliance programs work (if they exist at all), the relative strengths and weaknesses of these programs, and opportunities for improvement. And as executives better understand the particular significance of their own roles in terms of the “tone from the top” component of an “effective compliance program” under the US Sentencing Guidelines (USSG), that interest level will only increase.

In preparing for these foreseeable questions, General Counsel and Chief Compliance Officers (GCs/CCOs) may want to consider some or all of the following ideas:

How does the program work?

• Prepare and present a detailed briefing on the themes, components and key processes of an effective (in terms of US and other applicable law) compliance program. Make the presentation practical and tied to the company’s specific lines of business, geographies, and risks. Stress the regulatory emphasis on culture, and the disdain of “paper programs”. Cover the program’s costs (financial and other) and the revenue-related reasons for having a robust program (e.g. ability to respond to requests for proposals and participate in supply chains where having a formal anti-corruption compliance program is a requirement.)
• To get executives’ attention right from the start, begin the presentation with an overview of the Yates Memo and its significance to them personally.
• Present your program in business terms. Avoid legalese.

What are the program’s relative strengths and weaknesses?

• Recommend conducting a “gap assessment” of the compliance program. Periodic program evaluations of this kind are important in regulators’ views, as they may bring renewed focus and introduce new practices and perspectives to a program’s operations.
• If the assessment is conducted internally using compliance or internal audit personnel, use outside benchmarking and survey data to place the program’s situation in the appropriate context - e.g. with others in the same business or of the same size. Certain compliance media, accounting and law firms, and others publish useful information of this kind.
• Using carefully selected outside professional service advisors to conduct such an assessment can bring the benefits of independence and methods drawn from conducting assessments at other companies. Professional service providers who have spent parts of their careers as GCs/CCOs may be better able to understand the dynamics and related challenges of your role. A privileged law firm report supported by forensic data can be extremely valuable in higher risk situations.

What are the company’s opportunities for improvement?

• The first priority is on the “need to have” category - those missing program components or aspects stemming from either known gaps or those identified through the gap assessment. Stress the “all or nothing” aspect of the USSG’s “effective compliance program” definition.
• Renewed executive interest in the program may also provide opportunities, however, to add some “nice to have” features to the program, for example:
  • Formation of a Compliance Committee
    • This group typically consists of middle management, but may take other forms. It meets regularly to discuss, among other items, compliance program management matters involving business operations and “lessons learned” from program violations. Getting “business buy-in” and participation at the early stages of an issue often avoids having legal/compliance make a later stage entry on a more disruptive basis.
  • Participation of compliance personnel in existing committees
    • Include compliance personal in regular committee or group meetings, such as those involving sales, operations or regions. The compliance participants should make every effort to understand and contribute to the group’s mission and focus, even if that contribution may fall somewhat outside the strict definition of “compliance.” They should also work to be perceived as “sales facilitators,” rather than as members of the “sales prevention department”. Once they are accepted as a “part of the team,” compliance personnel can be much more effective in their jobs.
  • Use of available software services to automate routine program management tasks
    • Compliance software programs operating on software as a service (SaaS) platforms can efficiently manage the time-consuming administrative aspects of compliance program management. These products can also swiftly produce analytics to facilitate sharing information about the compliance program’s overall status and open issue areas. Make the case that your time is better spent on strategic and creative program matters—not sorting through spreadsheets, sticky notes, and months of emails to handle routine matters and to generate reports.

What about “tone from the top” and my part in it?

• Post Yates Memo, many business executives will want to make their own visible participation in the company’s compliance program a priority – for company and personal reasons. The single most significant way to accomplish this goal is to have these persons consistently project program support through their conduct and messaging. Communications supporting the anti-corruption program and its themes are important; actions that are consistent with the communications’ messaging are critical. For example, if an executive’s conduct sends the message “Comply with the anti-corruption policy, but come talk to me if it’s the end of the quarter and we’re not making our overseas numbers,” the policy and program are meaningless, and exposure is dramatically increased.
• Compliance communications plans can help organize, evidence and formalize executives’ leadership in “tone from the top” activities. Meaningful plans contain specificity (e.g. certain topics are covered in a set form at a specified time) and flexibility (e.g. a theme that becomes of interest because of a company development or outside event is highlighted through remarks at a “town hall” gathering of employees.) Involve business executives in the development of the plan and its contents so that there is the opportunity to add the personal touches that indicate the communication topics are genuinely important to the executive and not contrived. And conduct employee surveys to gauge whether the communications are effective, and whether business executives’ conduct is perceived to be consistent with these communications.

Be prepared to introduce "learning moments"

The above questions and ideas cover some of the basic topics that corporate executives (and their Boards of Directors) may wish to address during Yates Memo-inspired compliance program discussions. But GCs/CCOs should also be prepared to introduce “learning moments” into these discussions that stem from the particular business decisions the company is presently facing, or current developments concerning the industry. For example, do executives understand that if a competitor is being investigated for alleged corruption, it may mean that the entire sector is under regulatory scrutiny? Do they appreciate the significantly increased risks created when compliance personnel are informed of decisions well after they’ve been made, rather than at the initial planning stages (e.g., when a sales office is first opened or agents are first hired in a new territory)?

Take this opportunity to establish links between business activities and compliance risk and to drive home messages that may help increase sensitivity to the company’s possible exposures – all from the perspective of the compliance function as a “good revenue”-seeking business partner.

Capitalize on the Yates Memo

Now is the time for GCs/CCOs to capitalize on the interest and energy generated by the Yates Memo to facilitate a healthy internal compliance dialogue and to revitalize anti-corruption compliance programs. As business executive colleagues come to understand the changed DOJ enforcement environment, many will be more supportive of the notion that an anti-corruption compliance program’s form and substance is critical to the achievement of a company’s overall goals.