Corporate compliance has become an increasingly prominent area of law. The regulatory state has grown to unprecedented heights creating more regulations, which in turn has led to more violations, and higher corporate costs. For example, in 2013, J.P. Morgan agreed to a settlement with the Justice Department for a staggering $13 billion for various regulatory violations. ((Delvin Barrett and Dan Fitzpatrick, J.P. Morgan, U.S. Settle for $13 Billion, Wall St. J. (Nov. 19, 2013), available at http://www.wsj.com/articles/SB10001424052702304439804579207701974094982.))
Although compliance programs may be costly, if a corporation is convicted of a crime perpetrated by its agent, having a corporate compliance program in place at that time may lead to a sentence downgrade under the United States Sentencing Guidelines. ((Philip A. Wellner, Effective Compliance Programs and Corporate Criminal Prosecutions, 27 Cardozo L. Rev. 497, 497 (2005).)) Also, having a compliance program may allow the corporation to escape prosecution, saving millions of dollars in investigation costs, litigation costs, and penalties. ((Mitratech, At the intersection of Legal and Compliance, available at http://info.mitratech.com/Intersection_of_Legal_and_Compliance.html.)) Under the Justice Department’s internal guidance, prosecutors must consider “the existence and effectiveness of the corporation’s pre-existing compliance program.” ((Leslie R. Caldwell, Assistant Attorney General for the Criminal Division, Remarks at the 22nd Annual Ethics and Compliance Conference (Oct. 1, 2014), http://www.justice.gov/opa/speech/remarks-assistant-attorney-general-criminal-division-leslie-r-caldwell-22nd-annual-ethics.))
There is no one size fits all compliance program. In fact, even the most rigid and well thought out programs cannot prevent every potential violation of law within the corporation. At the very minimum, under the Caremark standard, a corporation simply needs to be reasonably informed by creating an information and reporting system designed to adequately assure the board that appropriate information will come to the boards attention in a timely manner as a matter of ordinary operations. ((In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).))
The details of the compliance programs may differ but there are some common characteristics among the more successful ones. First, the corporation must have clear written policies so employees know exactly what to do and what not to do. ((Caldwell, supra, note 4.)) Second, a corporation should assign a senior executive, often in the form of independent compliance officers, who has teeth in the company and is able to effectively implement and oversee the compliance program. ((Id.)) Third, there should be sufficient training and guidance for the employees. ((Id.)) Fourth, there should be confidential channels for internal reporting or whistleblowing. ((Id.)) Finally, and arguably most important, there should be a positive “tone at the top.” ((Geoffrey Miller, The Law of Governance, Risk Management, and Compliance 171 (Vicki Been et al. eds., 1st ed. 2014).)) This means that the leaders of the corporation should show genuine interest in the success of the compliance program. This attitude transcends to the employees and creates a compliance-oriented atmosphere.
To repeat, compliance programs are not one-size-fit all. In fact, some corporations may decide that it is cheaper to pay the costs associated with violations than sustain an effective compliance program. Although risky, this is simply a measure of cost-benefit-analysis. However, there has been a recent trend of increasingly large fines and for regulatory infractions. ((June Rhee, Compliance and Risk Management: Area for Legal Teaching and Scholarship?, Harv. L. Sch. Forum on Corp. Gov. & Fin. Reg. (May 22, 2014).)) For many, it would be wise to mitigate, or even eliminate, this expensive risk with an efficient and effective compliance program.