Before the Enron scandal, many companies did not consider an ethics and compliance department. Since then the Department of Justice has made considerable modifications to investigations. To properly charge and evaluate companies during lawsuits, the Department of Justice issued the McNulty memo in 2006. During criminal prosecutions of corporate entities, prosecutors must determine, among other things, whether a compliance program is just a "paper program" or whether it is truly an "effective" one.
There are three key takeaways from the memo:
- The existence and adequacy of the pre-existing compliance program.
- Remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies.
- As part of their analysis, prosecutors should determine whether the corporation has provided adequate resources to the compliance program, the visibility of the program to employees, and the employees' impression of the corporation's commitment to the program.
But how can a company avoid such charges and make sure that their messages are properly relayed to their employees? Flash forward to 2018 and almost every company now has an ethics and compliance department and a system to send complaints or ethical concerns. There are strict compliance programs, but how can we be sure that it is really effective?
Take Wells Fargo - they have been undergoing a new compliance program - or rather, trying to implement an effective one. The past few years they have had to redesign multiple programs that continue to not meet government standards. The OCC says that Wells Fargo did not execute a comprehensive plan to address compliance risk management deficiencies, fill mission-critical staffing positions, implement a reliable risk assessment and testing program and report compliance concerns adequately to the board. Many of their problems cam from internal audits within the company that inconsistently applied its policy and charged borrowers extension fees they should not have. This year they received a $1 billion fine with an additional $800 million accrual in the first quarter.
The success of a compliance program really depends on the measurements they use. It has to be scalable, understandable, and easily implemented. A company has to get out of hot water - or prevent it- by following the expectations and guidelines of the McNulty memo. With that in mind - there must be an effective tone from the top and culture that the company's leaders must demonstrate. That’s easier said than done, especially in an international and multicultural environment.
Avoid the headlines.