Compliance – Why Is It Important?
Over the last two decades, compliance has emerged as a distinct risk area requiring designated resources, oversight and management strategy. In fact, in today’s business environment, it is essential for all organizations to develop and implement a compliance program tailored to their business. An effective program not only mitigates an organization’s compliance risk, but brings real value to the business.
To make the case for developing and implementing a compliance program, this article will address three fundamental issues. First, it will define what compliance is. Second, it will explain the importance of having a compliance program. Third, it will describe the value delivered by an effective compliance program.
What is compliance?
Compliance is the process by which an organization strives to adhere to the legal and regulatory standards applicable to its business. The goal of the compliance program is to reduce an organization’s overall risk of violating these standards. To that end, the compliance program harmonizes the applicable standards into a single framework that defines the boundaries of permissible business conduct and discourages behavior that can put the organization at risk.
A compliance program will necessarily vary by organization, but typically includes a code of conduct, and detailed policies and procedures. In addition, most programs develop processes for assessing risk, training employees, monitoring and auditing the effectiveness of the program, and remediating potential or actual violations.
The importance of having a compliance program.
A compliance program is a necessity in today’s business world. Most governing authorities expect organizations to make an affirmative effort to detect and prevent improper and unethical behavior. The existence of a comprehensive compliance program provides compelling evidence of such an undertaking. This is significant as many governing authorities take a “carrot and stick” approach to compliance. The United States Federal Sentencing Guidelines, for example, authorize a reduction of the culpability score, which ultimately determines the penalty assigned to a given violation, if an organization can demonstrate the existence of an effective compliance program.
A comprehensive compliance program, therefore, is important as it signals to the governing authorities that the organization is making the commitment to prevent organizational misconduct. This commitment may be rewarded in the form of a reduced penalty or fine. Conversely, the lack of effort (i.e. the absence of an effective compliance program) may result in a more severe sanction.
The Securities and Exchange Commission’s (“SEC”) enforcement actions against Ralph Lauren Corporation and Smith & Wesson Holding Corporation provide a clear contrast illustrating the benefit of an effective compliance program. Specifically, both Ralph Lauren and Smith & Wesson violated the Foreign Corrupt Practices Act (“FCPA”) by bribing government officials. The SEC, however, decided not to charge Ralph Lauren and entered into a Non-Prosecution Agreement (“NPA”) instead. In explaining its decision not to charge, the SEC specifically stated:
[T]his NPA shows the benefit of implementing an effective compliance program. Ralph Lauren Corporation discovered this problem after it put in place an enhanced compliance program and began training its employees. That level of self-policing along with its self-reporting and cooperation led to this resolution.**
Conversely, the SEC did charge Smith & Wesson for its violations of the FCPA. In so doing, the SEC determined:
Smith & Wesson failed to devise and maintain sufficient internal controls with respect to its international sales operations. While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy.**
Ultimately, Smith & Wesson agreed to settle the charges against it. The settlement sanctions included a $1,906,000 civil monetary penalty.
The value a compliance program delivers.
Implementing an effective compliance program also delivers value to the organization. A properly implemented compliance program will detect corporate misconduct and unethical behavior early on. Not only will this allow the organization to address the misconduct before it matures into a full-blown violation, but it provides a mechanism by which the organization can identify individuals who are susceptible to this kind of misconduct. Moreover, early detection followed by swift action will reinforce core organizational principles by sending a message that these standards are inviolate and that not even small transgressions will be tolerated.
Second, once implemented, a comprehensive compliance program can create efficiencies that will save the organization money in the long term. An organization with a properly trained and knowledgeable workforce is more likely to “get it right” the first time, which will result in greater efficiencies and cost savings. In addition, an effective compliance program may also detect and deter “other” employee transgressions that may not necessarily rise to the level of criminal or unethical conduct, but should nonetheless be reined in.
Lastly, a comprehensive compliance program can transform an organization’s culture by promoting principles of integrity, ethics, and good corporate citizenship. If properly implemented, this can significantly improve employee satisfaction and enhance an organization’s reputation in the industry and the communities in which it does business. Ultimately, this may result in a competitive advantage for the organization.
In today’s business world, organizations are encouraged and, in many instances, expected to have a compliance program tailored to its business. An effective compliance program benefits an organization in two important ways. First, through its compliance program, an organization demonstrates its commitment to detecting and preventing improper business conduct. This effort may be rewarded in the form of a reduced penalty for any violations that may occur. Second, a comprehensive compliance program will have the effect of getting all members of the organization on the same page, which will likely result in greater organizational efficiencies and value to the business.
*This article is intended to be a source of general information. It is not intended to provide legal advice. For specific counsel or advice, please consult with an experienced professional.