September 13, 2005

Compliance 101 -- The Ellerth/Faragher Defense

In a prior post I noted that an effective compliance and ethics program can prevent vicarious liability for supervisor sexual harassment under federal employment discrimination law.  In the coming week or so, I will devote several posts to updates on sexual harassment cases decided over the last few months, focusing on what these cases say about good and bad compliance practices.  As background for the coming posts, this post offers a brief description of the legal background.

In its 1998 decisions in Burlington Indus., Inc. v. Ellerth  and Faragher v. City of Boca Raton,  the United States Supreme Court held that employers were vicariously liable under federal employment discrimination law  for sexual harassment committed by their supervisory employees.  If the sexual harassment did not result in a tangible employment action, such as firing, demotion, or reduction of pay,  the employer can avoid vicarious liability by pleading and proving a two-element affirmative defense: "(a) that the employer exercised reasonable care to prevent and correct promptly any sexually harassing behavior, and (b) that the plaintiff employee unreasonably failed to take advantage of any preventive or corrective opportunities provided by the employer or to avoid harm otherwise."  Note that "reasonable care to prevent and correct promptly" the harassment-basically, a compliance program-is a necessary but not sufficient condition of the affirmative defense. Even if the employer has a state-of-the-art sexual harassment compliance program, the affirmative defense fails if the victim abided by the organization's program. Ironically, then, vicarious liability attaches despite the compliance program working precisely as intended.

The Court offered two elaborations on the affirmative defense, both of which have guided lower courts. First, "[w]hile proof that an employer had promulgated an anti-harassment policy with complaint procedure is not necessary in every instance as a matter of law, the need for a stated policy suitable to the employment circumstances may appropriately be addressed in any case when litigating the first element of the defense."  As noted above, drafting written compliance policies is one of the basic compliance tasks under the Sentencing Guidelines, so it is not surprising that the Court would expect a reasonable sexual harassment compliance program to have one. The lower courts have followed this logic,  denying the affirmative defense to employers that either had no written policy,  had a written employment discrimination policy that did not specifically address the type of harassment involved,  or did not consistently distribute or train employees on the sexual harassment policy.

Second, the cautious employer should also have a sexual harassment complaint procedure because an employee's unreasonable failure to use the procedure will "normally suffice to satisfy the employer's burden under the second element of the defense."  This is another area where lower courts have heeded the Court's dicta. For example, several courts have highlighted the need for employers to have a compliant procedure that allows employees to bypass an allegedly harassing supervisor.

September 13, 2005 in Cases, Compliance 101, Risk Spotlight | Permalink | TrackBack

September 06, 2005

Compliance 101 -- Motivating Employees

This is the next installment in my series covering the major changes from the November 2004 amendments to the organizational sentencing guidelines.  This week I cover the new guidelines’ treatment of incentives for participating in the compliance program.

When it comes to motivating employees, the original sentencing guidelines (in Application Note 3(k)(6) to section 8A1.2) spoke only in the negative: "The [company's compliance] standards must have been consistently enforced through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect an offense."   The amended guidelines (in section 8B2.1(6)) add the carrot to this stick:

The organization's compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

The Commission explained that this amendment imposes "a duty to promote proper conduct in whatever manner an organization deems appropriate."  For example, instead of simply evaluating employees on whether their job performance meets certain tangible measures, the organization might also ask how the employee went about achieving those measures.  Did the employee act in a manner that promotes the organization's ethical values?  If so, the employee should be rewarded.

September 6, 2005 in Compliance 101, Sentencing Guidelines | Permalink | TrackBack

September 01, 2005

Compliance 101 -- The Caremark Case

Today, Compliance 101 gives a brief intro to perhaps the most famous court decision in compliance circles.

Dicta in the Delaware Chancery Court's 1996 decision in In re Caremark Int'l Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), addressed the board's duty to oversee a corporation's legal compliance efforts. As part of its duty to monitor, the Board must make good faith efforts to ensure that a corporation has adequate reporting and information systems. The opinion described this claim as "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment," with liability attaching only for "a sustained or systematic failure to exercise oversight" or "[a]n utter failure to attempt to ensure a reporting and information system."

In the decade since, this Delaware dicta has morphed into what has come to be known as a Caremark claim, as federal and state courts, both within and outside Delaware, have recognized a cause of action against boards for failing to take minimal steps to achieve legal compliance. As the phrases "utter failure" and "systematic failure" suggest, a board's Caremark duty is a relatively low one. Only egregious lapses breach this duty, such as when board members ignore obvious red flags signaling illegal behavior, fail to appoint an audit committee, or do not address obvious concerns like large loans to corporate insiders.

Here are a couple of good sources that discuss the Caremark case:

H. Lowell Brown, The Corporate Director's Compliance Oversight Responsibility in the Post Caremark Era, 26 Del. J. Corp. L. 1 (2001).

Charles M. Elson & Christopher J. Gyves, In Re Caremark: Good Intentions, Unintended Consequences, 39 Wake Forest L. Rev. 691 (2004).

September 1, 2005 in Cases, Compliance 101 | Permalink | TrackBack

August 25, 2005

Compliance 101 -- The Organizational Sentencing Guidelines Post-Booker

Here is a question I have received quite a bit over the last year: What effect (if any) does the Supreme Court’s decision striking down the federal individual sentencing guidelines have on the federal organizational sentencing guidelines?  My standard answer is “none,” and this post gives both some background on the issue as well as the explanation for my rather categorical answer.

In United States v. Booker,  the Court held that the federal sentencing guidelines violate an individual criminal defendant's Sixth Amendment right to a jury trial.  The case relied heavily on last term's decision in Blakely v. Washington,  where the Court struck down similar state sentencing guidelines.  Blakely involved a criminal defendant who had plead guilty to kidnapping his estranged wife, a crime that carried a 53-month jail sentence.  During the sentencing phase, the trial court increased the defendant's jail term to 90 months based on its finding that the defendant had acted with "deliberate cruelty."  According to Blakely, however, the Sixth Amendment requires that a jury find any facts used to increase a defendant's sentence.  Thus, the sentence enhancement based on the judge's finding of "deliberate cruelty" was unconstitutional.

Booker held that the federal sentencing guidelines suffer the same fatal flaw, namely requiring federal judges to enhance criminal sentences based on facts neither found by a jury nor admitted by the defendant.   Having held the guidelines unconstitutional as written, the Court had two choices - require that a jury find all sentencing facts necessary to apply the guidelines, or make the guidelines mere suggestions that judges may consider when exercising sentencing discretion.  By a five-to-four vote, the Court kept federal sentencing in judges' hands, making the guidelines merely advisory.

There are three good reasons Booker should not matter for the organizational guidelines.  First, there is serious doubt whether the Sixth Amendment right to a jury trial extends to organizational defendants.   So, the Booker holding is dicta for corporations, partnerships, and the like.

Second, even if the organizational guidelines are unconstitutional, they will continue to influence charging and sentencing decisions.  A Department of Justice Memo on the "Principles of Federal Prosecution of Business Organizations"  (aka, the Thompson Memorandum discussed in prior posts on this blog) directs United States Attorneys to consider whether an organization had an effective compliance program in deciding whether to investigate, charge, or negotiate a plea with the organization.   Further, the Memo specifically refers to the organizational sentencing guidelines for specific criteria in evaluating the effectiveness of such a program.   On the sentencing side, whether an organization has an effective compliance program will surely influence judicial sentencing discretion.  And because the amended guidelines reflect current best practices, they are a logical standard for measuring the effectiveness of such programs.

Third, the sentencing guidelines have had influence far beyond the sentencing arena.  Several federal agencies, including the Department of Health and Human Services, Department of the Treasury, and the Securities and Exchange Commission, have issued compliance regulations or guidance that either incorporate or specifically reference the sentencing guidelines.  (See the left hand menu for a collection of agency compliance links.)  So, even if interred for sentencing convicted organizations, the guidelines will live on in other regulatory guises.

August 25, 2005 in Cases, Compliance 101, Sentencing Guidelines | Permalink | TrackBack

August 17, 2005

Compliance 101 -- The 2004 Amendments to the Sentencing Guidelines

This post follows up on a post last week that described the origins of the federal organizational sentencing guidelines.  This week, we cover the November 2004 amendments to the guidelines.

In early 2002, the United States Sentencing Commission appointed an Ad Hoc Advisory Group to review the organizational sentencing guidelines and propose needed changes.  The Advisory Group learned that in the decade since the original guidelines were introduced, companies and compliance professionals had evolved best practices that refined and built on the original seven criteria.  The Advisory Group sought to codify many of these best practices in the amendments it recommended to the Commission.  (For those interested in a detailed review of compliance history, sources, and emthods, the Advisory Group's Report is a fantastic read.)  The Commission, in turn, proposed most of these amendments to Congress, whose inaction allowed the amendments to take effect on November 1 of last year.  In the coming weeks, I will highlight specific changes made in the 2004 amendments to the organizational sentencing guidelines.  Today, I begin with a change that affects the treatment of small organizations, and relatively ignored constituency in compliance.  (And I speak with some experience here, as my organization qualifies as “small” under the sentencing guidelines.)

Small organizations, which the guidelines define as any organization with less than 200 employees (section 8C2.5, Application Note 1), had two complaints about the original sentencing guidelines.  First, a small organization could not feasibly implement a compliance program that met the guidelines' seven criteria.  For example, the original guidelines required that "high-level personnel of the organization [be] assigned overall responsibility to oversee" the compliance program.  (section 8A1.2, Application Note 3.k(2).)  Yet, in some small organizations, it would be unrealistic for a single person to undertake the compliance function.  And while the guidelines provided that the "requisite degree of formality of a program to prevent and detect violations of law will vary with the size of the organization," they offered no specific guidance regarding what informal compliance measures small organizations might adopt.

The amended guidelines fill this gap by offering concrete examples of how small organizations might feasibly implement an effective program:

Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guideline include the following: (I) the governing authority's discharge of its responsibility for oversight of the compliance and ethics program by directly managing the organization's compliance and ethics efforts; (II) training employees through informal staff meetings, and monitoring through regular "walk-arounds" or continuous observation while managing the organization; (III) using available personnel, rather than employing separate staff, to carry out the compliance and ethics program; and (IV) modeling its own compliance and ethics program on existing, well-regarded compliance and ethics programs and best practices of other similar organizations.

(section 8B2.1, Application Note 2(C)(iii).)  The guidelines make clear, however, that informal does not equal lax: "small organizations shall demonstrate the same degree of commitment to ethical conduct and compliance with the law as large organizations."   So, small organizations must have the same commitment to compliance, but can do compliance differently.

While the examples in the preceding paragraph are certainly helpful, they highlight the fact that small organizations have little to go on in designing, implementing, and operating a compliance program.  The available best practices material and practice commentary, not surprisingly, focus on larger organizations that have the resources to support such work.  To fill this gap, the Commission and private, non-profit organizations should devote resources to the question of how small organizations can best implement the various compliance functions.

A second complaint was that the original guidelines conclusively deemed a small organization's compliance program to be ineffective if so-called "high-level personnel" broke the law.  (section 8C2.5(f))  The guidelines define "high-level personnel" to mean:

individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization.  The term includes: a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.

(section 8A1.2, Application Note 3(b).)  The problem for small organizations is that they will have a much higher concentration of high-level personnel in their smaller overall staff.  This makes it much more likely that such personnel will be involved in wrongdoing, automatically disqualifying the organization from credit for an effective compliance program.  The amended guidelines eliminate this disadvantage, replacing the disqualification with a rebuttable presumption.  (section 8C2.5(f))  Now, if high-level personnel of a small organization participate in wrongdoing, the organization may still prove that its compliance program was effective.

August 17, 2005 in Compliance 101, Sentencing Guidelines | Permalink | TrackBack

August 12, 2005

Compliance 101 -- The Federal Organizational Sentencing Guidelines

UsscsealIn several posts over the last few months, I have mentioned the compliance standards set forth in the federal organizational sentencing guidelines.  These references are to be expected, as the guidelines have become perhaps the single most cited (if not most important) set of compliance criteria in the United States.  So, I thought it was about time that I devoted a few posts to the origins, development, and contents of the organizational sentencing guidelines.  Here it goes.

The modern compliance movement was launched in 1991 with introduction of the United States Sentencing Commission's Guidelines for the Sentencing of Organizations.   The Sentencing Reform Act of 1984 created the Commission and charged it with drafting guidelines that brought consistency to criminal sentencing in federal courts.   The first set of guidelines, effective in 1987, governed sentencing of individuals.   Four years later, in 1991, the Commission promulgated a new Chapter 8 of the guidelines, which addressed the sentencing of organizations.  Both the individual and organizational guidelines followed the same general approach, adding a carrot to its stick for deterrence and establishing a formula that calculated the defendant's punishment based on the seriousness of the crime and the defendant's culpability.   For organization's, culpability is determined by calculating a "culpability score" that is increased for aggravating factors and decreased for mitigating factors.   For example, cooperating with the government can reduce an organization's culpability score,  while past similar legal violations can increase the score.

For compliance purposes, the most important mitigating factor under the original guidelines was in section 8C2.5(f), which gave credit for "an effective program to prevent and detect violations of law" (what the current guidelines call "an ethics and compliance program").   In Application Note 3(k) to the guidelines, the Commission set forth what has come to be known as "the seven steps" for designing, implementing, and operating an effective compliance program, which include establishing compliance standards and procedures, designating compliance personnel and resources, communicating the organization's compliance standards, monitoring and auditing compliance with those standards, disciplining those who do not comply with the standards or properly oversee compliance, and periodically updating the compliance program.  The guidelines further require the organization to tailor the various compliance measures to its size, compliance history, and likely legal risks.

The organizational guidelines performed the great service of providing universal compliance guidance for organizations large and small, regardless of industry.  That virtue, however, is also the guidelines' most serious limitation.  Such guidelines must allow maximum flexibility for adaptation to the wide variety of business organizations.  Consequently, the Commission spoke broadly and offered few specific suggestions for practical measures.  For example, the original guidelines provide that an "organization must have taken steps to communicate effectively its standards and procedures to all employees and other agents . . . ."   Does this require the organization to provide employee training?  The guidelines mention training as an example of effective communication, but are unclear whether that example is a suggested best practice or simply offered as an illustration of one possible effective means.

The challenge for the rest of the 1990's was for compliance professionals to put the original guidelines' general standards into specific practice.  The guidelines recognized this need, pointing organizations to outside resources: "An organization's failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective program to prevent and detect violations of law."  Several of the links in the left-hand menu of this blog are to industry and regulatory compliance standards.

A decade of accumulated experience in designing, implementing, and operating ethics and compliance programs led the United States Sentencing Commission to revisit the organizational guidelines in 2001. After three years of study and debate, the Commission proposed revised guidelines that went into effect on November 1, 2004, including revised and expanded criteria for what the guidelines now call an "ethics and compliance program.”  Next week, I will cover these amendments in another Compliance 101 post.

August 12, 2005 in Compliance 101, Sentencing Guidelines | Permalink | TrackBack

July 11, 2005

Compliance 101 -- The Seaboard Report

Previously, I reviewed the Thompson Memo, which sets forth factors that the Department Of
Justice considers in deciding whether to prosecute an organization.  Today, I will review the so-
called Seaboard Report, which is the Securities and Exchange Commission’s equivalent document.

The Seaboard Report appears in Exchange Act Release No. 44969, and is entitled, “Report of
Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission
Statement on the Relationship of Cooperation to Agency Enforcement Decisions.”  The Report
has both a narrow and a broad purpose.  First, on the narrow side, it announces that the SEC will
not take enforcement action against a parent company -- Seaboard Corporation -- for accounting
misdeeds at one of its divisions.  (Interestingly, though the Release has been dubbed the Seaboard
Report after the parent company that avoided enforcement action, the release nowhere mentions
the Seaboard Corporation by name.  You must go to Release No. 44970, which covers enforcement
action against the employee, to discover the parent company’s name.)  The Report summarizes
why it chose to give Seaboard Corporation a pass:

We are not taking action against the parent company, given the nature of the conduct and the company's responses. Within a week of learning about the apparent misconduct, the company's internal auditors had conducted a preliminary review and had advised company management who, in turn, advised the Board's audit committee, that Meredith had caused the company's books and records to be inaccurate and its financial reports to be misstated. The full Board was advised and authorized the company to hire an outside law firm to conduct a thorough inquiry. Four days later, Meredith was dismissed, as were two other employees who, in the company's view, had
inadequately supervised Meredith; a day later, the company disclosed publicly and to us that its financial statements would be restated. The price of the company's shares did not decline after the announcement or after the restatement was published. The company pledged and gave complete cooperation to our staff. It provided the staff with all information relevant to the underlying violations. Among other things, the company produced the details of its internal investigation, including notes and transcripts of interviews of Meredith and others; and it did not invoke the attorney-client privilege, work product protection or other privileges or protections with respect to any facts uncovered in the investigation.

The company also strengthened its financial reporting processes to address Meredith's conduct -- developing a detailed closing process for the subsidiary's accounting personnel, consolidating subsidiary accounting functions under a parent company CPA, hiring three new CPAs for the accounting department responsible for preparing the subsidiary's financial statements, redesigning the subsidiary's minimum annual audit requirements, and requiring the parent company's controller to interview and approve all senior accounting personnel in its subsidiaries' reporting processes.

Second, on the broad side, the Report announces factors the Commission (the Report is signed by
three Commissioners) “will consider in determining whether, and how much, to credit
self-policing, self-reporting, remediation and cooperation -- from the extraordinary step of taking
no enforcement action to bringing reduced charges, seeking lighter sanctions, or including
mitigating language in documents we use to announce and resolve enforcement actions.”  There
are 13 factors listed, of which one specifically mentions compliance programs:

2. How did the misconduct arise? Is it the result of pressure placed on employees to achieve specific results, or a tone of lawlessness set by those in control of the company? What compliance procedures were in place to prevent the misconduct now uncovered? Why did those procedures fail to stop or inhibit the wrongful conduct?

While the Report does not provide any discussion or sources for evaluating the effectiveness of an organization's compliance program, the Sentencing Guidelines are likely an important standard.

Like the Thompson Memo, several of the Seaboard Report's other factors are related to an effective ethics and compliance program:

1. What is the nature of the misconduct involved? Did it result from inadvertence, honest mistake, simple negligence, reckless or deliberate indifference to indicia of wrongful conduct, willful misconduct or unadorned venality? Were the company's auditors misled?

. . . .

3. Where in the organization did the misconduct occur? How high up in the chain of command was knowledge of, or participation in, the misconduct? Did senior personnel participate in, or turn a blind eye toward, obvious indicia of misconduct? How systemic was the behavior? Is it symptomatic of the way the entity does business, or was it isolated?

4. How long did the misconduct last? Was it a one-quarter, or one-time, event, or did it last several years? In the case of a public company, did the misconduct occur before the company went public? Did it facilitate the company's ability to go public?

. . . .

6. How was the misconduct detected and who uncovered it?

7. How long after discovery of the misconduct did it take to implement an effective response?

8. What steps did the company take upon learning of the misconduct? Did the company
immediately stop the misconduct? Are persons responsible for any misconduct still with the company? If so, are they still in the same positions? Did the company promptly, completely and effectively disclose the existence of the misconduct to the public, to regulators and to self-regulators? Did the company cooperate completely with appropriate regulatory and law enforcement bodies? Did the company identify what additional related misconduct is likely to have occurred? Did the company take steps to identify the extent of damage to investors and other corporate constituencies? Did the company appropriately recompense those adversely affected by the conduct?

9. What processes did the company follow to resolve many of these issues and ferret out necessary information? Were the Audit Committee and the Board of Directors fully informed? If so, when?

10. Did the company commit to learn the truth, fully and expeditiously? Did it do a thorough review of the nature, extent, origins and consequences of the conduct and related behavior? Did management, the Board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, had they done other work for the company? Where the review was conducted by outside counsel, had management previously engaged such counsel? Were scope limitations placed on the review? If so, what were they?

. . . .

12. What assurances are there that the conduct is unlikely to recur? Did the company adopt and ensure enforcement of new and more effective internal controls and procedures designed to prevent a recurrence of the misconduct? Did the company provide our staff with sufficient information for it to evaluate the company's measures to correct the situation and ensure that the conduct does not recur?

Here’s a quick rundown on how these factors relate to elements of an effective ethics
and compliance program:

Factors 1 and 3 ask about corporate culture and tone at the top.

Factors 4 through 10 address how the compliance program (1) monitors, audits, and receives
reports of wrongdoing (after all, how else will misconduct be discovered, investigated, and
ended); (2) investigates the upon learning of the misconduct; and (3) corrects misconduct
confirmed by the investigation.

Factor 12 asks whether the organization learned from the misconduct by modifying the
compliance program (when necessary) to better detect and prevent similar misconduct.

July 11, 2005 in Compliance 101, Enforcement Actions | Permalink | TrackBack

July 06, 2005

Thompson Memorandum -- This Is How You Do It

As promised, here is a post on how one United States Attorney (USA) applied the Thompson Memorandum factors in deciding not to prosecute an organization.  The following are all excerpts from a press release issued by the United States Attorneys Office for the Southern District of New York.  The press release begins by describing the USA’s decision as well as the company’s alleged wrongdoing:

David N. Kelley, United States Attorney for the Southern District of New York, announced today that the United States Attorney’s Office for the Southern District of New York has decided not to prosecute Royal Dutch Petroleum Company and The “Shell” Transport and Trading Company, p.l.c. (collectively “Shell”) for conduct related to its material overstatement of proved hydrocarbon reserves reported in public filings with the United States Securities and Exchange Commission in 2002 and prior years.

In a series of public announcements between January and May 2004, Shell disclosed that it had overstated its proved hydrocarbon reserves reported as of year-end 2002 by approximately 23%. In 2004, these overstated reserves were recategorized by Shell to comply with the definition of “proved” reserves set forth by the United States Securities and Exchange Commission in its applicable regulations. In light of those announcements, the United States Attorney’s Office began an investigation into how these reserves came to be booked by Shell and reported to the public in the Company’s annual filings with the SEC in 2002 and prior years.

The press release next describes the basis of the decision not to prosecute Shell:

The decision by the United States Attorney not to prosecute was based on the factors set forth in former Deputy Attorney General Larry Thompson’s memorandum, Principles of Federal Prosecution of Business Organizations (the “Thompson Memorandum”). The decision was based on, among others, the following factors: Shell’s full cooperation with the Government’s investigation; Shell’s settlement of an enforcement action by the United States Securities and Exchange Commission (“SEC”), a settlement which included Shell’s consent to a cease-and-desist order finding violations of the antifraud, internal controls, record-keeping, and reporting provisions of the federal securities laws, arising out of the same conduct, and its payment of a $120 million civil monetary penalty; Shell’s commitment as part of the SEC settlement to take substantial remedial actions to enhance the accuracy of its reserves reporting and compliance, including its commitment to spend $5 million to develop and implement a comprehensive corporate compliance program; and the negative effect that charges against Shell would have on the companies’ innocent employees and legitimate activities.

Shell self-reported the material misstatements of its proved oil and gas reserves to the public and to the Securities and Exchange Commission in January 2004 and then undertook a comprehensive internal investigation of the matter, handled by counsel to Shell’s Group Audit Committee. That investigation resulted in the Company requesting and receiving the resignations of the Chairman of Shell’s Committee of Managing Directors, and the CEO of the Company’s Exploration and Production Unit.

In addition, Shell fully cooperated with the Government’s investigation. Its cooperation took the form of, among other things, providing the Government with requested documents gathered from around the globe, making employees based outside the United States available for interviews with Government investigators in the United States, waiving applicable privileges in order to make available to the Government the results of the Group Audit Committee’s internal investigation of the reserves issues, and limiting the distribution of the report of that internal investigation so as not to compromise the Government’s ongoing investigation. The Company identified for the Government early in the investigation the documents that it believed to be most relevant for a complete understanding of its own conduct, and produced those and other documents to the Government in electronically searchable format to permit efficient investigation by the Government.

On August 24, 2004, Shell consented to the entry of an SEC cease-and-desist order, which set forth the substantial remedial efforts Shell had undertaken to enhance its reserves reporting and compliance, including replacing its internal reserves auditor and improving controls on reserves reporting.  As set forth in the SEC cease-and-desist order, Shell’s internal reserves auditor, charged with responsibility for ensuring Shell’s compliance with reserves reporting requirements, was a part-time contractor who received little or no training in the regulations against which he was to measure Shell’s reserves disclosures. Importantly, the remedial measures agreed to by
Shell in its settlement with the SEC included a comprehensive set of actions designed to improve the quality, independence, and thoroughness of the reserves audit function within Shell.

Because Shell has cooperated fully with the Government’s investigation, has implemented substantial remedial efforts to enhance its reserves reporting and compliance, and has paid a $120 million civil penalty to the SEC, the public interest has been sufficiently vindicated. Moreover, criminal prosecution would likely have a severe and unintended disproportionate economic impact upon thousands of innocent Shell employees. Accordingly, Mr. KELLEY stated that, after carefully balancing all of the factors set forth in the Thompson Memorandum, criminal prosecution of Shell would not serve the public interest.

In sum, the big items on the list are:

This list tracks what government lawyers are saying at most compliance conferences.  Also, note that the SEC had already exacted a $120 million pound of flesh from Shell, perhaps lessening the USA’s need to take action.

For me, the last item on the list is the most interesting one.  The wrongdoing involved financial reserves, yet the press release notes that Shell is implementing a “comprehensive corporate compliance program.”  This suggests that wrongdoing regarding a single legal risk may trigger a government expectation (or demand?) that the organization re-evaluate its entire compliance program.  This greatly ups the ante for a single compliance failure.

July 6, 2005 in Cases, Compliance 101, Enforcement Actions | Permalink | TrackBack

July 05, 2005

Compliance 101 -- The Thompson Memorandum

Here is the first post in in the series Compliance 101 -- aka, what every compliance person should know.

The Department of Justice gives one of the most significant incentives for compliance programs in its memorandum on the "Principles of Federal Prosecution of Business Organizations."  The so-called Thompson Memorandum, named after its author Deputy Attorney General Larry D. Thompson, updates a prior memo on the same subject from Deputy Attorney General Eric Holder.   As did its predecessor, the Thompson Memorandum sets forth nine factors for United States Attorneys to consider in deciding whether to investigate, charge, or negotiate a plea with an organization.   Three of these factors relate to an effective corporate compliance program:

4.   the corporation's timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents, including, if necessary, the waiver of corporate attorney-client and work product protection;
5.   the existence and adequacy of the corporation's compliance program;
6.   the corporation's remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies . . . .

The Thompson Memo explains that "the critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives."   The ultimate goal is to "determine whether a corporation's compliance program is merely a 'paper program' or whether it was designed and implemented in an effective manner."

In the end, the Thompson Memorandum is thin on specific compliance guidance.  Given its brief nature as well that it applies to a wide array of crimes and organizations, detailed compliance was beyond its scope.  Instead, the Memorandum refers the reader to the sentencing guidelines "[f]or a detailed review of . . . factors concerning corporate compliance programs."   The explicit suggestion is that the Department of Justice does not expect anything different from the guidelines' seven steps.

Finally, the Thompson Memorandum gives some sobering qualifications to its recognition of compliance programs:

[T]he existence of a compliance program is not sufficient, in and of itself, to justify not charging a corporation for criminal conduct undertaken by its officers, directors, employees, or agents. Indeed, the commission of such crimes in the face of a compliance program may suggest that the corporate management is not adequately enforcing its program. In addition, the nature of some crimes, e.g., antitrust violations, may be such that national law enforcement policies mandate prosecutions of corporations notwithstanding the existence of a compliance program.

Further, an off-the-shelf compliance program just won’t do:

Compliance programs should be designed to detect the particular types of misconduct most likely to occur in a particular corporation's line of business. Many corporations operate in complex regulatory environments outside the normal experience of criminal prosecutors. Accordingly, prosecutors should consult with relevant federal and state agencies with the expertise to evaluate the adequacy of a program's design and implementation. For instance, state and federal banking, insurance, and medical boards, the Department of Defense, the Department of Health and Human Services, the Environmental Protection Agency, and the Securities and Exchange Commission have considerable experience with compliance programs and can be very helpful to a prosecutor in evaluating such programs. In addition, the Fraud Section of the Criminal Division, the Commercial Litigation Branch of the Civil Division, and the Environmental Crimes Section of the Environment and Natural Resources Division can assist US. Attorneys' Offices in finding the appropriate agency office and in providing copies of compliance programs that were developed in previous cases.

Tomorrow, I will post about a company that received leniency under the Thompson Memorandum.

July 5, 2005 in Compliance 101, Enforcement Actions, Sentencing Guidelines | Permalink | TrackBack