On the right are four points to keep in mind when putting together and maintaining an effective corporate compliance programme.
Never think: What I don’t know can’t hurt me.
Ignorance is not a defence. Compliance is not limited to adherence to local laws, such as those relating to labour issues and workplace safety. Rather, it can encompass a wide range of guidelines, industry standards, ethics rules and, in some cases, foreign laws.
For example, US laws against price-fixing cartels, bribery of foreign officials, accounting fraud, and trade with embargoed countries—such as Iran and Cuba—have ensnared numerous non-US firms and individuals. Sometimes the result has been massive fines and jail terms.
The UK’s Bribery Act 2010 also has had reverberations around the world. Such laws can create liability through the conduct of third-party agents and business partners.
Considering the enterprise-threatening nature of these offences, it is essential to stay well informed.
Get advice from the right people.
Don’t hesitate to seek advice from lawyers who specialise in compliance issues, so you can identify potential risks and be adequately prepared.
Finding an advisor with the right experience and expertise is essential. For example, a lawyer who handles your day-to-day corporate work or employment law issues might not be knowledgeable about how to deal with an antitrust problem.
A lawyer might focus on risks in his or her jurisdiction without adequately considering risks in other countries.
Ask to be introduced to specialists, seek out recommendations, or reach out directly to lawyers who are known to practise in these areas.
Have practical rules and procedures in place.
Having a comprehensive code of conduct is important, but often the stipulations are general and do not explain what to do if a problem arises.
Ensure you have detailed rules and procedures in writing, ideally in different languages if your firm has global operations.
Designate a crisis management team who will be immediately informed should a problem arise. Make sure that they are trained on what to do in every foreseeable situation.
Be prepared to impose a legal hold as quickly as possible, ensuring that potentially relevant documents and data are preserved. Employees sometimes panic and delete large numbers of documents, many of which may be totally innocuous (such as family photos and junk mail). Yet this could lead to criminal charges for obstruction.
In addition, make sure to have plans for public relations and investor disclosures, with input from legal counsel.
The best-written rules and procedures will not be effective unless they are integrated into each employee’s everyday conduct.
Periodic training is essential, especially focusing on areas with higher risks, such as giving antitrust training to sales people, and anticorruption training to people in certain countries.
There must also be monitoring and periodic audits to check that the rules are being followed. And, going back to the first point, the rules should be reviewed and updated based on the latest legal developments.
The goal of a corporate compliance programme is to establish a culture of compliance, in which all employees are committed to respecting all applicable laws and regulations, as well as to maintaining high standards of business ethics.