Compliance Plans Should Reduce Risk, Not Create Liability

Calls for improved corporate compliance are coming from boards of directors, shareholders and government. Board members are now exposed to personal liability for failing to ensure an adequate program. Outside and in-house counsel constantly remind upper management that legal developments around the globe demand focus on compliance.

Given these developments, there is little corporate resistance to the concept of implementing a compliance program. But once there is a commitment to crafting a program, it may be patched together with insufficient planning. Personnel may have the compliance function thrust upon them without adequate training, or they may be given a copy of a program from an established competitor and encouraged to use it to fashion a new plan.

That may enable management to “check the box” and report that compliance is a priority, but it’s an approach that can prove lethal. When plans are adapted without careful analysis, poorly crafted documents emerge. Some provisions may then be ignored because they are too impractical to implement, and reporting and auditing provisions may be deemed too burdensome to follow.
Assessing risk requires a comprehensive review of the business lines, including the federal statutes implicated in the operations of the business, the countries involved and their reputations for corruption. Vendor relationships should be reviewed, as should any particular practices closely scrutinized by the government. Lawsuits and regulatory probes should be reviewed.

Consideration should be given to conducting these kinds of activities in a privileged context.