By Gregory A. Brower and Alissa H. Gardenswartz
Gregory A. Brower is a Shareholder with Brownstein Hyatt Farber Schreck, LLP in Las Vegas, NV and Washington, DC, and Alissa H. Gardenswartz is a Shareholder in the firm’s Denver, CO office. Mr. Brower also serves on WLF Legal Policy Advisory Board and is the WLF Legal Pulse’s Featured Expert Contributor, White Collar Crime and Corporate Compliance.
The COVID-19 pandemic is impacting every type of organization, from large multinational corporations to small businesses. While this crisis is causing changes in the way business is done, at least for now, the same old legal and regulatory realities remain. Indeed, with an increase in federal spending that will likely top $3 trillion in new money for businesses, we can expect a corresponding increase in the budgets of the federal inspectors general and others tasked with reviewing how this money is spent. Given this reality, now is not the time for corporate compliance efforts to wane. Indeed, this crisis presents an opportunity for companies to get ahead of increased governmental scrutiny and improve their compliance efforts. Here are a few ideas.
Re-read the Department of Justice (DOJ) guidance on compliance
First, if you are responsible for compliance within your organization, take the few minutes that you are likely not spending in your car or on the train commuting and dust off your electronic version of the “Evaluation of Corporate Compliance Programs” that DOJ issued just about one year ago. Although this guidance from “Main Justice”is intended to serve as a guide for prosecutors, it is a valuable insight into how federal prosecutors think about corporate compliance, and is therefore a great resource for compliance professionals in designing, implementing, and testing their programs. Moreover, the DOJ guide tells us what the department thinks is important when it comes to compliance, and, for obvious reasons, if DOJ thinks it’s important, so should any corporate compliance operation. This guide reveals, most fundamentally, that when evaluating a target company’s compliance program, prosecutors will ask three basic questions: (1) is the program well designed?; (2) is the program being applied earnestly and in good faith?; and (3) does the program actually work? It is important for any chief compliance officer (CCO) to not lose sight of how DOJ views these issues.
Reevaluate your compliance training
After reminding yourself of one of the principal reasons any company does compliance, i.e., because DOJ expects you to, consider using this current situation to reevaluate your compliance training program. DOJ’s guidance makes clear that it considers training to be a “hallmark” of a well-designed compliance program. In particular, the guidance specifies that in order to be deemed effective, a program must include training that is appropriately designed based on the company’s unique risks, is reasonably frequent and user-friendly, is appropriately targeted within the organization, and is well-documented. Training does not have to be in-person to be effective, especially given our current reality, but it should be as interactive as possible. Virtual meeting technologies are a great way to present “live” instruction without requiring attendees to travel or physically gather with colleagues. Moreover, training should not be one-size-fits-all. Instead, different training rubrics should be designed differently for different groups—one for the board of directors, another for managers, yet another for frontline salespeople. As many compliance problems arise from third-party activities, CCOs should also take this time to consider how to include third-party contractors and vendors into their own training regimes.
Incorporate technology into your compliance efforts
Technology is critical to any compliance activities, especially during a time of limited capacity for travel. Just because we are currently forced to take a break from the way we normally interact with one another in the workplace doesn’t mean that companies can take a break from critical compliance functions. Effective use of the latest technology can help keep compliance programs on track even during a crisis. Meetings, training, and investigative interviews all can be done virtually. Of course, with increased use of technology comes heightened cybersecurity risk, and remote activities must be appropriately safeguarded against such risk. Moreover, remote work itself presents certain compliance issues, and now could be a good time for the compliance and HR departments to work together to ensure the organization’s remote work policies are both up-to-date and being enforced. Moving to a more virtual compliance reality need not be only temporary, and may make sense, both practically and economically, even after this crisis passes. Virtual compliance is not necessarily an oxymoron.
Use this challenging time to get enterprise-wide buy-in for compliance
Finally, CCOs should take advantage of this time of unprecedented organizational challenges to redouble their efforts at obtaining enterprise-wide buy-in for the compliance mission. Any deferred prosecution agreement (“DPA”) drafted by DOJ will include language something like: “The Company will ensure that its directors and senior management provide strong, explicit, and visible support and commitment to its corporate anti-corruption policy and compliance code.” Considering the emphasis that DOJ puts on “tone at the top,” companies would be well advised to consider using this time to do a comprehensive evaluation of the organization’s commitment to compliance, not just on paper, but in practice. A positive and robust culture of compliance is not only good for business, it can go a very long way toward impressing DOJ or other government investigators when it matters.