Infotech and the Law: Stricter corporate compliance standards are likely

Devon Hewitt

An organization convicted of a criminal offense is sentenced according to Federal Sentencing Guidelines drafted by the U.S. Sentencing Commission, and a key mitigating factor in sentencing is whether the organization has an effective compliance and ethics program.

When Congress passed the Sarbanes-Oxley Act, it had the commission review the guidelines to ensure they would be effective in deterring and punishing organizational misconduct. As a result, the commission has proposed amending the guidelines to toughen compliance standards.

Unless Congress disapproves the amendment, it will go into effect Nov. 1.

The sentencing guidelines require an organization to exercise due diligence to prevent and detect criminal conduct and promote "an organizational culture" that encourages ethical conduct and compliance with law.

Commentary to the guidelines suggests that an organization has fulfilled these requirements if it follows seven steps:

-- Establish internal standards and procedures to prevent and detect criminal conduct

-- Assign a senior official to take responsibility for the organization's compliance

-- Screen personnel of substantial authority to determine if they "have the propensity to engage in illegal activities"

-- Take reasonable steps to communicate the organization's compliance program internally and to agents

-- Monitor and audit the organization's compliance activities

-- Establish disciplinary measures for noncompliance

-- If necessary, modify the compliance program after violations have been found.

The newly proposed amendment incorporates these steps, and includes additional detail and clarification of an organization's responsibility under some of the steps.

Specifically, the amendment increases accountability of an organization's senior managers, officials and governing bodies. Under the amendment, an organization's governing authority, such as the board of directors, as well as its senior personnel must know the organization's compliance program, exercise its oversight and ensure its effectiveness.

Responsibility for the organization's compliance program may be assigned to one senior person or group, who must keep the organization's governing body updated on the implementation and effectiveness of the program.

Those in charge must have direct access to the governing authority and adequate resources. The amendment also requires that training programs extend to the upper levels of management.

The amendment states that just screening high-level personnel for possible propensity for illegal activity isn't enough. An organization should not retain or hire senior employees whom it knows ? or should have known? to have engaged in criminal activity or conduct that would violate an organization's compliance objectives.

The amendment mandates that an organization periodically evaluate the effectiveness of its corporate compliance program. The amendment adds a requirement that organizations institute and publicize an internal system that let personnel report violations or seek guidance confidentially and without fear of retaliation.

Finally, the amendment creates a rebuttable presumption that a corporate compliance program is not effective if personnel with substantial authority in the organization participated in, condoned or were willfully ignorant of any criminal violation.

Although the guidelines only apply in the context of a criminal sentencing procedure, the seven steps are a benchmark for both industry and the government in assessing the effectiveness of a corporate compliance program.

The specific and generally stricter requirements imposed by the proposed amendment, therefore, should be considered applicable to all organizations.

Devon Hewitt is a partner of Government Practices at ShawPittman in McLean, Va. She can be reached at

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.