Not all organizations are required to have a governance, risk management and compliance (GRC) system that incorporates the Sarbanes-Oxley Act (SOX) or Dodd-Frank, but every organization should conform with the Federal Sentencing Guidelines for Organizations (FSGO). Not having an ethics and compliance program that conforms to the FSGO can cost your organization significantly more when bad things happen.
In fact fines and penalties can be reduced by up to 95% when evidence of a program that conforms to the standards is in place. So what are the FSGO and why do they relate to all organizations? How can your organization ensure your ethics and compliance program conforms to the FSGO? What are some of the major changes to the FSGO in 2010 that many companies have not updated yet in their programs?
And probably most important, Is you organization at risk?
The FSGO were enacted by the U.S. Sentencing Commission in 1991 for two purposes, to provide just punishment, and deterrence to organizations for criminal wrongdoing. They also started to clarify the government’s expectation of what it considered to be an effective ethics and compliance program. The FSGO were amended in 2004, after Sarbanes-Oxley, and again in 2010, after Dodd-Frank. The FSGO apply to: “all organizations whether publicly or privately held, and of whatever nature, such as corporations, partnerships, labor unions, pension funds, trust, non-profit entities, and governmental units … The potential fine range for criminal conviction can be significantly reduced – in come cases up to 95 percent – if an organization can demonstrate it had put in place an effective compliance and ethics program and that the criminal violation represented an aberration within an otherwise law-abiding community.” (“An Overview of the Organizational Guidelines” by Paula Desio, Deputy General Counsel, United States Sentencing Commission, 2004).
Satisfying the requirements in the FSGO for an effective compliance and ethics program is widely viewed as an important step in: avoiding prosecution; positioning an organization to advocate for a non-prosecution or deferred prosecution agreement; reducing the fines and penalties that must be paid if a non-prosecution or deferred prosecution agreement is negotiated; and avoiding civil liability in the private litigation and enforcement contexts.
An “effective” ethics and compliance program is one that is reasonably designed, implemented and enforced to prevent and detect criminal conduct. Most GRC experts agree the definition of an “effective” ethics and compliance program includes conformance with the FSGO. The FSGO has thus become the de-facto standard for organizations when designing ethics and compliance programs. FSGO Elements Under the FSGO, a convicted organization is eligible for a reduced sentence if it had an effective ethics and compliance program in place at the time of the offense. The FSGO lists out several features or elements that an ethics and compliance program must have for the organization to receive credit in the sentencing process.
The current requirements under the FSGO for an effective compliance and ethics program include:
- standards and procedures to prevent and detect criminal conduct;
- knowledge by the organization’s board about the content and operation of the program and the exercise of reasonable oversight with respect to its implementation and effectiveness;
- reasonable efforts to avoid placing in a substantial authority position those whom the organization should have known had engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;
- reasonable steps to communicate the program’s standards and procedures throughout the organization, and training that is tailored to each audience;
- reasonable steps to ensure that the organization’s compliance program is followed, including monitoring and auditing to detect criminal conduct, periodically evaluating the program’s effectiveness, and publicizing a system that allows reporting or the receipt of guidance about potential and actual criminal conduct without fear of retaliation;
- consistent promotion and enforcement of the program with appropriate incentives for proper performance and appropriate disciplinary measures for those who engage in criminal conduct or fail to take reasonable steps to prevent or detect it; and
- reasonable steps to respond appropriately to criminal conduct when detected, and to prevent further similar criminal conduct, including any needed changes to the program.
More information on specifics, practical insights and common practices used by many organizations to conform their ethics and compliance programs to the FSGO can be found in the white paper I wrote in December 2011. I just updated it with new information in May 2014.
A copy of this white paper can be obtained at: http://www.meffordmultimedia.com/store-2/products/federal-sentencing-guidelines-for-organizations-fsgo-white-paper/