Federal Sentencing Organizational Compliance Program Overview for Accountants
By Dave Tate, CPA, Esq. - Organizations, such as corporations, can be guilty of criminal conduct, just like individuals. The measure of an organization's punishment for felonies and certain misdemeanors is governed by Chapter Eight of the U.S. Federal Sentencing Guidelines. Organizations cannot be imprisoned, but they can be fined, sentenced to probation, ordered to make restitution and issue public notices of conviction, and exposed to forfeiture statutes. Due to the nature of their work, both in-house and outside auditor accountants can find themselves in a unique position to spot opportunities to improve upon compliance program processes.
Some of the common offenses committee by organizations are fraud, environmental waste, tax offenses, antitrust offenses, and food and drug violations.
An organization can be found criminally liable whenever an employee of the organization commits an act within the apparent scope of his or her employment, even if the employee acted contrary to company policy or instructions. An organization also can be held criminally liable for any of its employees’ illegal actions even if it made reasonable efforts to prevent the wrongdoing. Recognizing this fact, in enacting the sentencing guidelines, the U.S. Sentencing Commission has attempted to lessen some of the harshest aspects of potential liability for organizations that can demonstrate that they have enacted appropriate and effective preventative, deterrent and reporting compliance programs.
The Federal Sentencing Guideline Manual at Chapter 8, Part B, §8B2.1, Effective Compliance and Ethics Program, specifies that to have an effective compliance and ethics program, an organization shall—
(1) Exercise due diligence to prevent and detect criminal conduct; and
(2) Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Compliance and ethics programs should be designed, implemented, and enforced so that they are generally effective in preventing and detecting criminal conduct.
Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law minimally require that:
(1) The organization establishes standards and procedures to prevent and detect criminal conduct.
(2) The organization effectively communicates and promotes its standards, expected manner of conduct, procedures and other aspects of its compliance and ethics program throughout the organization including, but not necessarily limited to, all levels of employees, officers, managers, supervisors and directors.
(3) The organization’s governing authority is knowledgeable about the content and operation of the compliance and ethics program and exercises reasonable oversight with respect to the implementation and effectiveness of the program.
(4) High-level personnel of the organization ensure that the organization has an effective compliance and ethics program, and are assigned overall responsibility for the program.
(5) Within the organization a specific person is, or specific people are, delegated day-to day operational responsibility for the compliance and ethics program, with adequate resources, appropriate authority and direct access to the governing authority, and shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.
(6) The organization takes reasonable steps—
(A) To ensure that the compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;
(B) To evaluate periodically the effectiveness of the compliance and ethics program; and
(C) To have and publicize a system, which may include mechanisms that allow for anonymity and confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
(7) The organization’s compliance and ethics program is promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
(8) After criminal conduct has been detected, the organization takes reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.
(9) In implementing the program, the organization periodically assesses the risk of criminal conduct and takes appropriate steps to design, implement, or modify each requirement to reduce the risk of criminal conduct identified through the process.
The term "governing authority" means the (1) the board of directors; or (2) if the organization does not have a board of directors, the highest-level governing body of the organization.
The term "high-level personnel of the organization" means individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization. The term includes: a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.
The term "substantial authority personnel" means individuals who within the scope of their authority exercise a substantial measure of discretion in acting on behalf of an organization. The term includes high-level personnel of the organization, individuals who exercise substantial supervisory authority (e.g., a plant manager, a sales manager), and any other individuals who, although not a part of an organization’s management, nevertheless exercise substantial discretion when acting within the scope of their authority (e.g., an individual with authority in an organization to negotiate or set price levels or an individual authorized to negotiate or approve significant contracts). Whether an individual falls within this category is determined on a case-by-case basis.
Dave Tate, CPA, Esq.