Sentencing Convicted Corporations

The Ad Hoc Advisory Group to the United States Sentencing Commission on the Organizational Sentencing Guidelines (OSG) has recommended significant changes, particularly in the seven criteria for an effective compliance program to prevent and detect violations of law that, if implemented by an organization, may qualify it for a reduced fine in the event of a conviction. The Sentencing Commission will vote on the proposed amendments next April, following a comment period. As described in its report (www.ussc.gov/corp/advgrp.htm), the Advisory Group's recommendations were based, inter alia, on experience with compliance programs since the OSG became effective in 1991 and on the lessons learned from the corporate scandals of the past 2 years.

Overview of the Advisory Group's Recommendations

First, the Advisory Group recommended that the Sentencing Commission promulgate a stand-alone guideline, ' 8B2.1, defining “an effective program to prevent and detect violations of law.” Currently, the criteria are found in the commentary to Chapter 8.

Second, in the proposed new guideline, the Advisory Group proposed, inter alia, the following changes to the seven criteria for an effective compliance program:

• emphasizing the importance of an organizational culture that encourages an organization-wide commitment to compliance with the law;
• defining “compliance standards and procedures”;
• specifying the responsibilities of an organization's governing authority and organizational leadership for compliance;
• providing adequate resources and authority to individuals with responsibility for the implementation of the program;
• revising the phrase “propensity to engage in violation of law,” which has been the source of considerable confusion in the past;
• adding training and dissemination of compliance training materials and information as criteria for an “effective program”;
• requiring as part of monitoring and auditing the “periodic evaluation” of the effectiveness of the compliance program;
• requiring a mechanism for anonymous reporting; and
• adding ongoing risk assessments as part of the implementation of an effective program.

Third, the Advisory Group recommended modifications to the OSG to clarify under what circumstances a waiver of the attorney-client privilege and work product protections is required for an organization to receive credit for cooperation with law enforcement.

Fourth, the Advisory Group recommended that the Sentencing Commission study and evaluate: 1) the supervision of organizations on probation, particularly with respect to implementing compliance programs; 2) the relationship of the multipliers and table of fines, '' 8C2.4-6, to the statutory maximum fine; 3) the definition of loss in ' 2B1.1 in the context of the OSG and the impact on organization defendants; and 4) training and outreach to small business organizations.

This article focuses on three of the more significant recommendations: the emphasis on the importance of an organizational culture of compliance, the role and responsibility of the organization's governing authority, and the modifications to the OSG concerning waiver.

Culture of Compliance in an Organization

The Advisory Group recommended expanding the general definition of an “effective program to prevent and detect violations of law” to include a commitment by an organization “to otherwise promote an organizational culture that encourages a commitment to compliance with the law.” An effective compliance program must encourage “positive actions” demonstrating that compliance with law is a “key” value of the organization. As stated earlier this year by the SEC's Director of the Office of Compliance Inspections and Examinations, “It [is] not enough to have policies. It [is] not enough to have procedures. It [is] not enough to have good intentions. All of these help. But to be successful, compliance must be an embedded part of [a] firm's culture” (http://www.ussc.gov/corp/advgrp.htm).

However, the Advisory Group stressed that the organization is not expected to do more than implement the seven compliance steps which, if done diligently, will create a compliance culture. While organizations are always free to go further to encourage ethical behavior, the proposed guideline is “intended to limit the assessments of sentencing courts, prosecutors and other interested parties to evaluations of program elements aimed at building support for compliance with law.” Although the Advisory Group had received recommendations that revisions to the OSG should require organizations to adopt appropriate “ethical standards,” it concluded that such standards “may be very difficult, if not impossible, to evaluate in an objective, consistent manner.”

Role and Responsibility of the Governing Authority and Leadership

In virtually all the recent corporate scandals, the alleged malfeasance or misfeasance occurred at the senior management and/or governing authority level. The OSG, however, currently do not address the role of the organization's governing authority in implementing and supervising a compliance program.

Accordingly, the Advisory Group recommended that the OSG be amended to provide that the “organization's governing authority shall be knowledgeable about the content and operation of the program to prevent violations of law and shall exercise reasonable oversight with respect to the implementation and effectiveness of the program to prevent and detect violations of law.” Governing authority is defined to mean either a Board of Directors or the highest-level governing body of the organization. The Board's “knowledge” about program features and operations should include, inter alia, practical management information about the major risks of unlawful conduct facing their organization, the primary compliance program features aimed at counteracting those risks, and the types of problems with compliance that the organization and other companies with similar operations have encountered in recent activities.

The Board's “oversight” responsibility requires it to be proactive and seek out information about the compliance programs, evaluate such information when received, and monitor the implementation and effectiveness of responses when compliance problems are detected. See Conference Board Commission on Public Trust and Private Enterprise, Findings and Recommendations, Part 2: Corporate Governance (Jan. 9, 2003) (www.ussc.gov/corp/advgrp.htm). A Board of Directors, or a subgroup such as an audit committee, should receive periodic reports from the people in high-level management with direct, overall responsibility for an organization's compliance program and, as suggested in ' 8B2.1 Application Note 3 (B), from the individual or individuals with day-to-day operational responsibility for the program.

Cooperation and Waiver of Confidentiality

The OSG currently provide in ' 8C2.5 that an organization is entitled to a significant fine reduction if it cooperates with law enforcement authorities but does not state whether such cooperation requires the organization to waive attorney-client privilege and work product protections. A survey by the Advisory Group found that the United States Attorneys' Offices believed that “the request for waiver … [was] the exception rather than the rule,” while the defense bar expressed “continuing concern that prosecutors are increasingly requiring, or at least strongly suggesting, waiver as a necessary part of the cooperation process.”

The Advisory Group, which included a sitting United States Attorney, recommended amending Application Note 12 of 8C2.5 to read:

” … If the defendant has satisfied the requirements for cooperation set forth in this note, waiver of the attorney-client privilege and of work product protections is not a prerequisite to a reduction in culpability score under subsection (g). However, in some circumstances, waiver of the attorney-client privilege and of work product protections may be required in order to satisfythe requirements of cooperation.”

The Advisory Group recommended a similar change to ' 8C2.4, which governs downward departures on the basis of the defendant organization's substantial assistance.

Both sides in the debate likely will likely find support for their position in the recommended changes. But the key point is that the issue was debated and common ground was found at least to clarify some language. Hopefully, this is the beginning, and not the end, of a healthy debate over the proper balance that society should strike between law enforcement's need for cooperation and the essential role that the attorney-client privilege and work product doctrine play in our justice system.

Conclusion

The significance of the Advisory Group's recommendations lies in the sum of their parts. Most, if not all, of the individual recommendations reflect existing best practices, case law since the promulgation of the OSG, recent legislative and regulatory enactments in response to the corporate scandals, or common sense. However, the Advisory Group's recommendations for the first time distill into a relatively concise set of inter-related standards the last decade's accumulated, hard-earned knowledge of what constitutes an effective compliance program to prevent and deter organizational wrongdoing.

The Ad Hoc Advisory Group to the United States Sentencing Commission on the Organizational Sentencing Guidelines (OSG) has recommended significant changes, particularly in the seven criteria for an effective compliance program to prevent and detect violations of law that, if implemented by an organization, may qualify it for a reduced fine in the event of a conviction. The Sentencing Commission will vote on the proposed amendments next April, following a comment period. As described in its report (www.ussc.gov/corp/advgrp.htm), the Advisory Group's recommendations were based, inter alia, on experience with compliance programs since the OSG became effective in 1991 and on the lessons learned from the corporate scandals of the past 2 years.

Overview of the Advisory Group's Recommendations

First, the Advisory Group recommended that the Sentencing Commission promulgate a stand-alone guideline, ' 8B2.1, defining “an effective program to prevent and detect violations of law.” Currently, the criteria are found in the commentary to Chapter 8.

Second, in the proposed new guideline, the Advisory Group proposed, inter alia, the following changes to the seven criteria for an effective compliance program:

• emphasizing the importance of an organizational culture that encourages an organization-wide commitment to compliance with the law;
• defining “compliance standards and procedures”;
• specifying the responsibilities of an organization's governing authority and organizational leadership for compliance;
• providing adequate resources and authority to individuals with responsibility for the implementation of the program;
• revising the phrase “propensity to engage in violation of law,” which has been the source of considerable confusion in the past;
• adding training and dissemination of compliance training materials and information as criteria for an “effective program”;
• requiring as part of monitoring and auditing the “periodic evaluation” of the effectiveness of the compliance program;
• requiring a mechanism for anonymous reporting; and
• adding ongoing risk assessments as part of the implementation of an effective program.

Third, the Advisory Group recommended modifications to the OSG to clarify under what circumstances a waiver of the attorney-client privilege and work product protections is required for an organization to receive credit for cooperation with law enforcement.

Fourth, the Advisory Group recommended that the Sentencing Commission study and evaluate: 1) the supervision of organizations on probation, particularly with respect to implementing compliance programs; 2) the relationship of the multipliers and table of fines, '' 8C2.4-6, to the statutory maximum fine; 3) the definition of loss in ' 2B1.1 in the context of the OSG and the impact on organization defendants; and 4) training and outreach to small business organizations.

This article focuses on three of the more significant recommendations: the emphasis on the importance of an organizational culture of compliance, the role and responsibility of the organization's governing authority, and the modifications to the OSG concerning waiver.

Culture of Compliance in an Organization

The Advisory Group recommended expanding the general definition of an “effective program to prevent and detect violations of law” to include a commitment by an organization “to otherwise promote an organizational culture that encourages a commitment to compliance with the law.” An effective compliance program must encourage “positive actions” demonstrating that compliance with law is a “key” value of the organization. As stated earlier this year by the SEC's Director of the Office of Compliance Inspections and Examinations, “It [is] not enough to have policies. It [is] not enough to have procedures. It [is] not enough to have good intentions. All of these help. But to be successful, compliance must be an embedded part of [a] firm's culture” (http://www.ussc.gov/corp/advgrp.htm).

However, the Advisory Group stressed that the organization is not expected to do more than implement the seven compliance steps which, if done diligently, will create a compliance culture. While organizations are always free to go further to encourage ethical behavior, the proposed guideline is “intended to limit the assessments of sentencing courts, prosecutors and other interested parties to evaluations of program elements aimed at building support for compliance with law.” Although the Advisory Group had received recommendations that revisions to the OSG should require organizations to adopt appropriate “ethical standards,” it concluded that such standards “may be very difficult, if not impossible, to evaluate in an objective, consistent manner.”

Role and Responsibility of the Governing Authority and Leadership

In virtually all the recent corporate scandals, the alleged malfeasance or misfeasance occurred at the senior management and/or governing authority level. The OSG, however, currently do not address the role of the organization's governing authority in implementing and supervising a compliance program.

Accordingly, the Advisory Group recommended that the OSG be amended to provide that the “organization's governing authority shall be knowledgeable about the content and operation of the program to prevent violations of law and shall exercise reasonable oversight with respect to the implementation and effectiveness of the program to prevent and detect violations of law.” Governing authority is defined to mean either a Board of Directors or the highest-level governing body of the organization. The Board's “knowledge” about program features and operations should include, inter alia, practical management information about the major risks of unlawful conduct facing their organization, the primary compliance program features aimed at counteracting those risks, and the types of problems with compliance that the organization and other companies with similar operations have encountered in recent activities.

The Board's “oversight” responsibility requires it to be proactive and seek out information about the compliance programs, evaluate such information when received, and monitor the implementation and effectiveness of responses when compliance problems are detected. See Conference Board Commission on Public Trust and Private Enterprise, Findings and Recommendations, Part 2: Corporate Governance (Jan. 9, 2003) (www.ussc.gov/corp/advgrp.htm). A Board of Directors, or a subgroup such as an audit committee, should receive periodic reports from the people in high-level management with direct, overall responsibility for an organization's compliance program and, as suggested in ' 8B2.1 Application Note 3 (B), from the individual or individuals with day-to-day operational responsibility for the program.

Cooperation and Waiver of Confidentiality

The OSG currently provide in ' 8C2.5 that an organization is entitled to a significant fine reduction if it cooperates with law enforcement authorities but does not state whether such cooperation requires the organization to waive attorney-client privilege and work product protections. A survey by the Advisory Group found that the United States Attorneys' Offices believed that “the request for waiver … [was] the exception rather than the rule,” while the defense bar expressed “continuing concern that prosecutors are increasingly requiring, or at least strongly suggesting, waiver as a necessary part of the cooperation process.”

The Advisory Group, which included a sitting United States Attorney, recommended amending Application Note 12 of 8C2.5 to read:

” … If the defendant has satisfied the requirements for cooperation set forth in this note, waiver of the attorney-client privilege and of work product protections is not a prerequisite to a reduction in culpability score under subsection (g). However, in some circumstances, waiver of the attorney-client privilege and of work product protections may be required in order to satisfythe requirements of cooperation.”

The Advisory Group recommended a similar change to ' 8C2.4, which governs downward departures on the basis of the defendant organization's substantial assistance.

Both sides in the debate likely will likely find support for their position in the recommended changes. But the key point is that the issue was debated and common ground was found at least to clarify some language. Hopefully, this is the beginning, and not the end, of a healthy debate over the proper balance that society should strike between law enforcement's need for cooperation and the essential role that the attorney-client privilege and work product doctrine play in our justice system.

Conclusion

The significance of the Advisory Group's recommendations lies in the sum of their parts. Most, if not all, of the individual recommendations reflect existing best practices, case law since the promulgation of the OSG, recent legislative and regulatory enactments in response to the corporate scandals, or common sense. However, the Advisory Group's recommendations for the first time distill into a relatively concise set of inter-related standards the last decade's accumulated, hard-earned knowledge of what constitutes an effective compliance program to prevent and deter organizational wrongdoing.