Corporate Governance

Recent amendments to the Organizational Sentencing Guidelines make several significant changes to the provisions concerning corporate compliance programs, and reinforce broader shifts taking place in the field of corporate governance. Just as the Sarbanes-Oxley Act imposes additional duties on corporate boards for the integrity of a company's financial controls, the new guidelines seek to make boards responsible for promoting the effectiveness of a corporation's legal and ethical controls. Boards of directors must assume responsibility for the effectiveness of compliance programs, which now encompass not only criminal laws but also ethics and corporate culture.

Boards and senior management are impelled to continuously police corporate integrity by using care not to place miscreants into positions of authority and by taking swift and decisive action in response to instances of wrongdoing. The amendments are intended to stimulate the flow of information about potential ethics and compliance violations by obliging corporations to implement a system for employees and agents to report misconduct without fear of retaliation and providing confidentiality guarantees as necessary.

While there is no “one size fits all” approach for complying with the guidelines, the board of directors should, among other things:

• Ensure that senior management consist of persons of high moral character and that a climate of accountability and transparency prevails at all levels of the company;
• Assume personal responsibility for overseeing compliance matters;
• Undergo ethics and compliance training themselves;
• Ensure that the corporation has a senior compliance officer, who should have direct access to the board;
• Ensure that compliance activities are adequately funded; and
• Have compliance programs audited by independent experts.

For its part, senior management should set the proper “tone at the top” by clearly and forcefully communicating the corporation's ethical values through a variety of means ' and then backing up those words with genuine action. This includes, among other things:

• Holding business unit heads accountable for meeting compliance objectives;
• Ensuring the effectiveness and independence of compliance staff;
• Responding promptly and forthrightly to allegations of wrongdoing;
• Praising and rewarding ethical conduct and meting out firm but fair punishment to wrongdoers, even if they are “big producers”; and
• Institute other mechanisms that allow management to detect problems before they arise and implement internal controls that deter misconduct.

Background

On Nov. 1, 2004, amendments to the Organizational Sentencing Guidelines took effect. (The Guidelines as amended are available at www.ussc.gov/2004guid/TABCON04.htm). Under the guidelines, a corporation convicted of a federal offense may seek leniency if it has maintained an effective program to prevent and detect violations of the criminal laws. U.S.S.G. '8C2.5(f). The original guidelines, which were issued in 1991, provided that to take advantage of this provision, the corporation had to show that it had taken the following measures:

• High-level personnel overseeing the program;
• Procedures likely to reduce the prospect of criminal activity;
• Discretionary authority was not given to employees with a propensity to commit crimes;
• Effective communications and training regarding the program;
• A system for employees to report misconduct without fear of retaliation;
• Appropriate disciplinary mechanisms; and
• Adequate methods for responding to crimes that have been detected.

U.S.S.G. '8A1.2, Application Note 3(k) (1991).

The amendments strengthen the requirements of an effective compliance program in several important ways.

Overview of Key Amendments

1. New Role for Board of Directors, Higher Profile for Compliance Matters

Whereas the original guidelines gave management personnel overall responsibility for overseeing compliance, see U.S.S.G. '8A1.2, Application Note 3(k)(2) (1991), the amendments shift that duty to the board of directors, who must now educate themselves about the organization's compliance and ethics programs and oversee the programs' implementation and effectiveness. U.S.S.G. '8B2.1(b)(2)(A). As for senior management, the amendments require that they participate in the implementation of the programs, ensure that compliance officials have adequate resources, and report periodically to the board about the programs. U.S.S.G. '8B2.1(b)(2)(B),(C).

As a practical matter, the new sentencing guidelines should raise the profile of the compliance function within the corporation, as Sarbanes-Oxley has done for the role of internal audit. At the same time, the new role for the board contemplated by the guidelines increases the risk of liability in the event of serious compliance lapses. This is because historically the organizational sentencing guidelines greatly influenced developments outside the criminal justice arena, as government regulators, courts and industry standard-setters have incorporated their requirements into other settings ' including the law of fiduciary duty of board members. See, eg, Report of Investigation Pursuant to Section 21(a) of the Securities and Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, Exchange Act Release No. 44969 (Oct. 23, 2001) (the Seaboard decision); In re Caremark Int'l Derivative Litig., 698 A.2d 959 (Del. Ch. 1996) (approving settlement of derivative litigation brought against board of directors; board members should take guidelines into account in carrying out their fiduciary duty to monitor company operations). It is likely that this trend will continue under the amended guidelines.

2. Broader Coverage and Sharper Teeth

While the original guidelines focused sharply on programs to prevent and detect criminal conduct, see U.S.S.G. '8A1.2, Application Note 3(k) (1991), the amendments add the requirement that corporations develop an “organizational culture” that encourages ethical conduct and compliance with the law generally. U.S.S.G. '8B2.1(a)(2). This change reflects the Commissioners' view that efforts solely to suppress criminal conduct are unlikely to succeed, and that it is necessary to adopt a more comprehensive approach that addresses employee attitudes and the “tone at the top.” To achieve this result, the amendments prescribe effective training programs, incentives for ethical behavior, and communications and reporting systems to ensure that ethical values permeate the entire organization. See, U.S.S.G. '8B2.1(b)(4)(A), (b)(6)(A).

3. Open the Windows and Let the Information Flow

The amendments provide that the elements of the corporation's compliance standards and procedures must be communicated effectively throughout the company by means, among others, of effective employee training programs. U.S.S.G. '8B2.1(b)(4)(A). This provision is designed to stimulate the flow of information about potential compliance and ethics violations. Thus, as under Sarbanes-Oxley, the corporation is obliged to implement a system for its employees and agents to report misconduct without fear of retaliation, providing confidentiality guarantees as necessary. U.S.S.G. '8B2.1(b)(5)(C). Experience has shown that certain employees are typically aware of significant instances of wrongdoing but are afraid to report it. The new guidelines make senior management responsible for addressing this persistent problem.

4. Cleaning House and Keeping It That Way

Under the amendments, corporations must use due care to identify miscreants and not put them into positions of authority. U.S.S.G. '8B2.1(b)(3). If a violation of the company's standards and procedures is detected, the company must respond vigorously, disciplining wrongdoers and strengthening internal controls as appropriate. U.S.S.G. '8B2.1(b)(6)(B), (7). In this way, the new guidelines reinforce the imperative, introduced by the Caremark decision and advanced by Sarbanes-Oxley, for the board and senior management to continuously police corporate integrity.

5. Shift Toward Compliance Risk Management

The amendments encourage corporations to take a proactive approach to compliance programs, conducting regular risk assessments to determine the scope and nature of risks of violations of law associated with its activities, and using the results of the assessments to inform the design and implementation of the programs. U.S.S.G. '8B2.1(c). Similarly, the amendments require corporations to constantly monitor, audit and evaluate the effectiveness of their compliance programs. U.S.S.G. ”8B2.1(b)(5)(A),(B).

These provisions incorporate familiar methods utilized in the fields of auditing and enterprise risk management. As a result, the new sentencing guidelines should prompt closer cooperation between compliance personnel, on the one hand, and internal audit and risk management personnel, on the other. It is also likely that the new guidelines will eventually lead to the widespread use of independent experts to audit the effectiveness of compliance and ethics programs, in a manner similar to the internal controls audits being conducted under section 404 of the Sarbanes-Oxley Act or the anti-money laundering compliance audits under section 352(a) of the USA Patriot Act. See, 15 U.S.C. '7262; 31 U.S.C. '5318(h)(1)(D). Ideally, this would be an interdisciplinary group that combines expertise in the corporation's particular line of business, regulatory standards, accounting and internal controls, enterprise risk management, and the latest compliance methods.

Advising Corporations on How to Comply

What follows are some suggestions for how corporations can comply with the new guidelines. Of course, there is no uniform solution to guidelines compliance. Which, if any, of these suggestions counsel chooses to incorporate into its advice to the corporation necessarily depends upon counsel's own assessment of the client's particular needs and circumstances.

Meeting the Board's Responsibilities

Ensuring Ethical Senior Management

The Board should ensure that senior management consists of persons of high moral character by carefully vetting candidates for prior misconduct or signs of ambivalence towards ethics or compliance matters. The Board should also see to it that management establishes a climate of transparency at all levels within the organization.

Take Personal Responsibility for Compliance Oversight

The board (or a board committee) should assume formal responsibility for overseeing the corporation's ethics and compliance programs. These individuals should play a substantial role in developing the programs, regularly monitoring and assessing the programs' effectiveness and ensuring that they are revised as appropriate. Board members should also receive ethics and compliance training, so that they are at least generally familiar with the pertinent requirements and sensitive to their importance for the corporation.

Create Senior Compliance Officer Position

The board should ensure that a senior officer position exists to administer the corporation's ethics and compliance programs. This officer's status should be no less than that of the head of risk management or internal audit, and he or she should have direct access to the board. The officer should be fully familiar with the corporation's business operations and the governing regulations, and should have the power to review compliance-related policies and structures created within business units.

Ensure Compliance Activities Are Adequately Funded

The board should ensure that management devotes adequate funds to compliance and ethics programs.

Have Compliance Programs Audited by Independent Experts

To assist it in assessing the effectiveness of the corporation's ethics and compliance programs, the board should ensure that independent experts conduct regular independent audits analogous to those being done under section 404 of the Sarbanes-Oxley Act.

Meeting Management's Responsibilities

Setting the Proper Tone

One of management's most important responsibilities in promoting an ethical culture within the corporation is to set the proper “tone at the top.” This means taking the following steps.

Say You're Serious About Compliance. Senior management should communicate clearly that everyone must comply with the corporation's standards, that breaches will be treated as significant, and that all violations will result in some type of sanction.

Say It Often and in Different Ways. Management should convey the ethics message repeatedly and through a variety of means, including memos, training videos, and compliance presentations.

Link Compliance to the Business Plan. Compliance should be presented as a critical part of the management's business plan, insofar as it helps manage the corporation's risks of liability and reputational injury, and a corporation with a demonstrated commitment to integrity significantly enhances its value to shareholders.

Put Responsibility In the Right Place. Although compliance staff and outside experts will help to develop the elements of the compliance program, responsibility for implementing the program should rest firmly with business unit leaders. Business units should be required to periodically certify to senior management that they have effective compliance programs. Compliance staff should not be allowed to become beholden to the business units they support, and compliance costs should not be charged to those units.

Invite Bad News and Reward the Messenger. Managers and employees should be urged to consult with compliance staff about legal and reputational risks before making significant decisions, and staff should be encouraged to report compliance problems candidly and on a timely basis, even if doing so reveals unpleasant problems.

Senior management should not communicate to personnel that they must meet revenue targets “at all costs.” “Big producers” should not be rewarded when they show disregard for compliance rules. Indeed, one of the most powerful deterrents is for a “big producer” to be disciplined when appropriate. Management performance reviews should include a compliance component, and ethical conduct should be praised publicly and rewarded financially. The company should promptly and forthrightly respond to employees who make complaints.

The Compliance Program ' A Risk Management Approach

Generally speaking, developing a compliance program involves the following steps:

• Making an inventory of all of the legal and ethical standards that govern the corporation's activities;
• Identifying “risk activities” that could produce violations of such standards;
• Prioritizing the risk activities so as to identify the most significant threats to the corporation;
• Managing the risks by discontinuing the offensive activities altogether or by implementing appropriate internal controls; and
• Monitoring and testing the effectiveness of the controls, correcting any weaknesses that are detected.

Obviously, it is not enough for the compliance plan simply to exist on paper; it must have an actual impact. Corporations should institute mechanisms that allow them to detect problems before they arise, and implement internal controls that deter misconduct. Experience shows that the following measures are effective elements of a compliance program:

• Regular employee awareness and training programs;
• Rigorous background checks for new employees and consultants;
• Information gathering techniques, including hotlines, ombudsmen, anonymous reporting, and employee questionnaires and surveys;
• Automated monitoring mechanisms that detect suspicious activities;
• Reviews of complaints for emerging patterns;
• Surprise compliance audits;
• Reviews and analyses of industry trends;
• Periodic employee evaluations that focus on compliance and ethics issues;
• Periodic evaluations and assessments of the corporation's risk profile; and
• Annual external audits of the corporation's compliance and ethics programs.

Conclusion

Counsel should encourage corporate boards to use the guidelines as an opportunity to move their companies further down the road towards organizational integrity, rather than viewing the new guidelines as yet another onerous legal requirement. Indeed, organizational integrity helps a corporation to drive value by gaining the confidence of lenders, shareholders, employees, potential acquirers, and other important stakeholders.

Author's Note: The Supreme Court's recent decision that the Federal Sentencing Guidelines are advisory (see, U.S. v. Booker, 125 S. Ct. 738 (2005)) does not undermine any of the advice given in this article. Sentencing judges are still required after Booker to consider the sentence dictated by the Guidelines and to offer a reasoned basis for refusing to apply that sentence. Moreover, Booker does not affect the Justice Department's principles of federal prosecution of business organizations, under which prosecutors are instructed, in exercising their discretion whether to prosecute a corporation, to examine whether the corporation has an effective compliance program. As a result, the Guidelines have strongly persuasive authority, particularly in the organizational context.

Note: The material discussed here is meant to provide general information and should not be acted on without obtaining professional advice tailored to your client's individual needs.

Recent amendments to the Organizational Sentencing Guidelines make several significant changes to the provisions concerning corporate compliance programs, and reinforce broader shifts taking place in the field of corporate governance. Just as the Sarbanes-Oxley Act imposes additional duties on corporate boards for the integrity of a company's financial controls, the new guidelines seek to make boards responsible for promoting the effectiveness of a corporation's legal and ethical controls. Boards of directors must assume responsibility for the effectiveness of compliance programs, which now encompass not only criminal laws but also ethics and corporate culture.

Boards and senior management are impelled to continuously police corporate integrity by using care not to place miscreants into positions of authority and by taking swift and decisive action in response to instances of wrongdoing. The amendments are intended to stimulate the flow of information about potential ethics and compliance violations by obliging corporations to implement a system for employees and agents to report misconduct without fear of retaliation and providing confidentiality guarantees as necessary.

While there is no “one size fits all” approach for complying with the guidelines, the board of directors should, among other things:

• Ensure that senior management consist of persons of high moral character and that a climate of accountability and transparency prevails at all levels of the company;
• Assume personal responsibility for overseeing compliance matters;
• Undergo ethics and compliance training themselves;
• Ensure that the corporation has a senior compliance officer, who should have direct access to the board;
• Ensure that compliance activities are adequately funded; and
• Have compliance programs audited by independent experts.

For its part, senior management should set the proper “tone at the top” by clearly and forcefully communicating the corporation's ethical values through a variety of means ' and then backing up those words with genuine action. This includes, among other things:

• Holding business unit heads accountable for meeting compliance objectives;
• Ensuring the effectiveness and independence of compliance staff;
• Responding promptly and forthrightly to allegations of wrongdoing;
• Praising and rewarding ethical conduct and meting out firm but fair punishment to wrongdoers, even if they are “big producers”; and
• Institute other mechanisms that allow management to detect problems before they arise and implement internal controls that deter misconduct.

Background

On Nov. 1, 2004, amendments to the Organizational Sentencing Guidelines took effect. (The Guidelines as amended are available at www.ussc.gov/2004guid/TABCON04.htm). Under the guidelines, a corporation convicted of a federal offense may seek leniency if it has maintained an effective program to prevent and detect violations of the criminal laws. U.S.S.G. '8C2.5(f). The original guidelines, which were issued in 1991, provided that to take advantage of this provision, the corporation had to show that it had taken the following measures:

• High-level personnel overseeing the program;
• Procedures likely to reduce the prospect of criminal activity;
• Discretionary authority was not given to employees with a propensity to commit crimes;
• Effective communications and training regarding the program;
• A system for employees to report misconduct without fear of retaliation;
• Appropriate disciplinary mechanisms; and
• Adequate methods for responding to crimes that have been detected.

U.S.S.G. '8A1.2, Application Note 3(k) (1991).

The amendments strengthen the requirements of an effective compliance program in several important ways.

Overview of Key Amendments

1. New Role for Board of Directors, Higher Profile for Compliance Matters

Whereas the original guidelines gave management personnel overall responsibility for overseeing compliance, see U.S.S.G. '8A1.2, Application Note 3(k)(2) (1991), the amendments shift that duty to the board of directors, who must now educate themselves about the organization's compliance and ethics programs and oversee the programs' implementation and effectiveness. U.S.S.G. '8B2.1(b)(2)(A). As for senior management, the amendments require that they participate in the implementation of the programs, ensure that compliance officials have adequate resources, and report periodically to the board about the programs. U.S.S.G. '8B2.1(b)(2)(B),(C).

As a practical matter, the new sentencing guidelines should raise the profile of the compliance function within the corporation, as Sarbanes-Oxley has done for the role of internal audit. At the same time, the new role for the board contemplated by the guidelines increases the risk of liability in the event of serious compliance lapses. This is because historically the organizational sentencing guidelines greatly influenced developments outside the criminal justice arena, as government regulators, courts and industry standard-setters have incorporated their requirements into other settings ' including the law of fiduciary duty of board members. See, eg, Report of Investigation Pursuant to Section 21(a) of the Securities and Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, Exchange Act Release No. 44969 (Oct. 23, 2001) (the Seaboard decision); In re Caremark Int'l Derivative Litig., 698 A.2d 959 (Del. Ch. 1996) (approving settlement of derivative litigation brought against board of directors; board members should take guidelines into account in carrying out their fiduciary duty to monitor company operations). It is likely that this trend will continue under the amended guidelines.

2. Broader Coverage and Sharper Teeth

While the original guidelines focused sharply on programs to prevent and detect criminal conduct, see U.S.S.G. '8A1.2, Application Note 3(k) (1991), the amendments add the requirement that corporations develop an “organizational culture” that encourages ethical conduct and compliance with the law generally. U.S.S.G. '8B2.1(a)(2). This change reflects the Commissioners' view that efforts solely to suppress criminal conduct are unlikely to succeed, and that it is necessary to adopt a more comprehensive approach that addresses employee attitudes and the “tone at the top.” To achieve this result, the amendments prescribe effective training programs, incentives for ethical behavior, and communications and reporting systems to ensure that ethical values permeate the entire organization. See, U.S.S.G. '8B2.1(b)(4)(A), (b)(6)(A).

3. Open the Windows and Let the Information Flow

The amendments provide that the elements of the corporation's compliance standards and procedures must be communicated effectively throughout the company by means, among others, of effective employee training programs. U.S.S.G. '8B2.1(b)(4)(A). This provision is designed to stimulate the flow of information about potential compliance and ethics violations. Thus, as under Sarbanes-Oxley, the corporation is obliged to implement a system for its employees and agents to report misconduct without fear of retaliation, providing confidentiality guarantees as necessary. U.S.S.G. '8B2.1(b)(5)(C). Experience has shown that certain employees are typically aware of significant instances of wrongdoing but are afraid to report it. The new guidelines make senior management responsible for addressing this persistent problem.

4. Cleaning House and Keeping It That Way

Under the amendments, corporations must use due care to identify miscreants and not put them into positions of authority. U.S.S.G. '8B2.1(b)(3). If a violation of the company's standards and procedures is detected, the company must respond vigorously, disciplining wrongdoers and strengthening internal controls as appropriate. U.S.S.G. '8B2.1(b)(6)(B), (7). In this way, the new guidelines reinforce the imperative, introduced by the Caremark decision and advanced by Sarbanes-Oxley, for the board and senior management to continuously police corporate integrity.

5. Shift Toward Compliance Risk Management

The amendments encourage corporations to take a proactive approach to compliance programs, conducting regular risk assessments to determine the scope and nature of risks of violations of law associated with its activities, and using the results of the assessments to inform the design and implementation of the programs. U.S.S.G. '8B2.1(c). Similarly, the amendments require corporations to constantly monitor, audit and evaluate the effectiveness of their compliance programs. U.S.S.G. ”8B2.1(b)(5)(A),(B).

These provisions incorporate familiar methods utilized in the fields of auditing and enterprise risk management. As a result, the new sentencing guidelines should prompt closer cooperation between compliance personnel, on the one hand, and internal audit and risk management personnel, on the other. It is also likely that the new guidelines will eventually lead to the widespread use of independent experts to audit the effectiveness of compliance and ethics programs, in a manner similar to the internal controls audits being conducted under section 404 of the Sarbanes-Oxley Act or the anti-money laundering compliance audits under section 352(a) of the USA Patriot Act. See, 15 U.S.C. '7262; 31 U.S.C. '5318(h)(1)(D). Ideally, this would be an interdisciplinary group that combines expertise in the corporation's particular line of business, regulatory standards, accounting and internal controls, enterprise risk management, and the latest compliance methods.

Advising Corporations on How to Comply

What follows are some suggestions for how corporations can comply with the new guidelines. Of course, there is no uniform solution to guidelines compliance. Which, if any, of these suggestions counsel chooses to incorporate into its advice to the corporation necessarily depends upon counsel's own assessment of the client's particular needs and circumstances.

Meeting the Board's Responsibilities

Ensuring Ethical Senior Management

The Board should ensure that senior management consists of persons of high moral character by carefully vetting candidates for prior misconduct or signs of ambivalence towards ethics or compliance matters. The Board should also see to it that management establishes a climate of transparency at all levels within the organization.

Take Personal Responsibility for Compliance Oversight

The board (or a board committee) should assume formal responsibility for overseeing the corporation's ethics and compliance programs. These individuals should play a substantial role in developing the programs, regularly monitoring and assessing the programs' effectiveness and ensuring that they are revised as appropriate. Board members should also receive ethics and compliance training, so that they are at least generally familiar with the pertinent requirements and sensitive to their importance for the corporation.

Create Senior Compliance Officer Position

The board should ensure that a senior officer position exists to administer the corporation's ethics and compliance programs. This officer's status should be no less than that of the head of risk management or internal audit, and he or she should have direct access to the board. The officer should be fully familiar with the corporation's business operations and the governing regulations, and should have the power to review compliance-related policies and structures created within business units.

Ensure Compliance Activities Are Adequately Funded

The board should ensure that management devotes adequate funds to compliance and ethics programs.

Have Compliance Programs Audited by Independent Experts

To assist it in assessing the effectiveness of the corporation's ethics and compliance programs, the board should ensure that independent experts conduct regular independent audits analogous to those being done under section 404 of the Sarbanes-Oxley Act.

Meeting Management's Responsibilities

Setting the Proper Tone

One of management's most important responsibilities in promoting an ethical culture within the corporation is to set the proper “tone at the top.” This means taking the following steps.

Say You're Serious About Compliance. Senior management should communicate clearly that everyone must comply with the corporation's standards, that breaches will be treated as significant, and that all violations will result in some type of sanction.

Say It Often and in Different Ways. Management should convey the ethics message repeatedly and through a variety of means, including memos, training videos, and compliance presentations.

Link Compliance to the Business Plan. Compliance should be presented as a critical part of the management's business plan, insofar as it helps manage the corporation's risks of liability and reputational injury, and a corporation with a demonstrated commitment to integrity significantly enhances its value to shareholders.

Put Responsibility In the Right Place. Although compliance staff and outside experts will help to develop the elements of the compliance program, responsibility for implementing the program should rest firmly with business unit leaders. Business units should be required to periodically certify to senior management that they have effective compliance programs. Compliance staff should not be allowed to become beholden to the business units they support, and compliance costs should not be charged to those units.

Invite Bad News and Reward the Messenger. Managers and employees should be urged to consult with compliance staff about legal and reputational risks before making significant decisions, and staff should be encouraged to report compliance problems candidly and on a timely basis, even if doing so reveals unpleasant problems.

Senior management should not communicate to personnel that they must meet revenue targets “at all costs.” “Big producers” should not be rewarded when they show disregard for compliance rules. Indeed, one of the most powerful deterrents is for a “big producer” to be disciplined when appropriate. Management performance reviews should include a compliance component, and ethical conduct should be praised publicly and rewarded financially. The company should promptly and forthrightly respond to employees who make complaints.

The Compliance Program ' A Risk Management Approach

Generally speaking, developing a compliance program involves the following steps:

• Making an inventory of all of the legal and ethical standards that govern the corporation's activities;
• Identifying “risk activities” that could produce violations of such standards;
• Prioritizing the risk activities so as to identify the most significant threats to the corporation;
• Managing the risks by discontinuing the offensive activities altogether or by implementing appropriate internal controls; and
• Monitoring and testing the effectiveness of the controls, correcting any weaknesses that are detected.

Obviously, it is not enough for the compliance plan simply to exist on paper; it must have an actual impact. Corporations should institute mechanisms that allow them to detect problems before they arise, and implement internal controls that deter misconduct. Experience shows that the following measures are effective elements of a compliance program:

• Regular employee awareness and training programs;
• Rigorous background checks for new employees and consultants;
• Information gathering techniques, including hotlines, ombudsmen, anonymous reporting, and employee questionnaires and surveys;
• Automated monitoring mechanisms that detect suspicious activities;
• Reviews of complaints for emerging patterns;
• Surprise compliance audits;
• Reviews and analyses of industry trends;
• Periodic employee evaluations that focus on compliance and ethics issues;
• Periodic evaluations and assessments of the corporation's risk profile; and
• Annual external audits of the corporation's compliance and ethics programs.

Conclusion

Counsel should encourage corporate boards to use the guidelines as an opportunity to move their companies further down the road towards organizational integrity, rather than viewing the new guidelines as yet another onerous legal requirement. Indeed, organizational integrity helps a corporation to drive value by gaining the confidence of lenders, shareholders, employees, potential acquirers, and other important stakeholders.

Author's Note: The Supreme Court's recent decision that the Federal Sentencing Guidelines are advisory ( see , U.S. v. Booker , 125 S. Ct. 738 (2005)) does not undermine any of the advice given in this article. Sentencing judges are still required after Booker to consider the sentence dictated by the Guidelines and to offer a reasoned basis for refusing to apply that sentence. Moreover, Booker does not affect the Justice Department's principles of federal prosecution of business organizations, under which prosecutors are instructed, in exercising their discretion whether to prosecute a corporation, to examine whether the corporation has an effective compliance program. As a result, the Guidelines have strongly persuasive authority, particularly in the organizational context.

Note: The material discussed here is meant to provide general information and should not be acted on without obtaining professional advice tailored to your client's individual needs.