Although Sarbanes-Oxley and related rules applicable to public companies garnered all the attention in 2002 and 2003, few companies noticed major federal action in 2004 that affects all companies. Quietly, a 2004 amendment to the Federal Sentencing Guidelines for Organizations (FSGO) now requires all U.S. companies to create a corporate culture that encourages ethical behavior "a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program."4
Yes, the little-known 1991 guidelines were amended to better-define "effective compliance and ethics programs," which provide safe harbor treatment for companies in connection with the criminal wrongdoing of individual employees. Generally, the 2004 amendments require company leadership to assume responsibility for ethics programs, including risk identification, training, hot lines, compliance, staffing, resources, and oversight.
Maybe a little background is in order...
The FSGO was originally passed by Congress in 1991 to provide organizations with incentive to implement effective ethics programs that discourage unethical behavior and illegal conduct by employees. If an organization's ethical compliance program demonstrates reasonable due diligence and effectiveness, that organization will receive greatly-reduced penalties (lower "culpability score") in the case of individual employee wrongdoing.
Section 805(a)(2)(5) of Sarbanes-Oxley directed the Sentencing Commission to review its "requirements for an effective compliance and ethics program" to make sure they are "sufficient to deter and punish organizational criminal misconduct." As a result, the Commission amended Chapter 8 of the FSGO to increase its standards related to reasonable due diligence and effectiveness, which now require the following:
Although the FSGO allows for differences in "formality and scope" depending on the size of an organization, the FSGO is very clear -
- The organization's compliance and ethics program (standards and procedures) must reasonably prevent and detect criminal/ethical wrongdoing.
- Knowledge, content, and oversight of the compliance and ethics program are the ultimate responsibility of the board of directors (or similar authority).
- The standards and procedures of the compliance and ethics program must be periodically and effectively communicated to the entire organization via training.
- Reasonable steps must be taken to ensure compliance through auditing and monitoring systems.
- Anonymous and confidential guidance and reporting mechanisms (such as hotlines) must be provided at all levels of the organization.
- Enforcement of compliance and ethics programs must be consistent and include incentives for ethical behavior and disciplines for unethical behavior.
- The entire compliance and ethics program must be periodically assessed and improved.5
Compliance and ethics programs are now required in all U.S organizations!
Read more: A Growing Web of Statutes
4United States Sentencing Commission Guidelines Manual, Chapter 8 - Sentencing of Organizations, Introductory Commentary, November 1, 2006.
5Ibid., Sections 8B2.1(a)-(c).
"You must be the change
you wish to see
in the world."