ARTICLE | January 23, 2024 | Authored by RSM US LLP
Businesses with an eye on compliance know that the Department of Justice’s (DOJ) Criminal Division has recently released an update to the Evaluation of Corporate Compliance Program (2023 Guidance). Although this update is meant to assist prosecutors in evaluating and determining the adequacy and effectiveness of a corporation’s compliance program, the 2023 Guidance should be considered by in-house counsel, corporate compliance leaders and auditors as they administer and oversee their own programs, including their response to allegations of noncompliance, both in design and practice. For instance, recent regulation regarding clawback of management compensation due to noncompliance has been top of mind for executives and attorneys alike.
The importance of a robust compliance program cannot be emphasized enough in today’s complex regulatory and legal environment. The financial impact of settlements, fines and penalties for compliance violations are continually on the rise—and often on the front page of the news. All things considered, your company’s reputation, as well as current and future profitability, will be better protected when you have integrated compliance and investigations teams.
A sophisticated compliance program recognizes that (1) proactive compliance and (2) any resulting investigations into alleged noncompliance can each influence, complement and strengthen the other.
Compliance programs are not one-size-fits-all. Your organization should tailor your program to fit your needs and circumstances. However, based on recent cases resolved under the DOJ guidance, your company should consider how well your programs are designed to address four key elements critical to compliance programs. Addressing these issues will increase the chances of a more positive outcome when faced with compliance issues:
There are a variety of ways your organization can look to mature your compliance and investigations efforts with the help of external experience and insight.
An effective compliance program should evolve and adapt to the changes in the business, industry and any other relevant external circumstances. To that end, companies may periodically engage with external advisors to independently review and update their existing compliance program. Experience from outside your organization brings lessons learned from competitors, other industries and geographies to leverage against the specific compliance needs at issue, limiting risks of noncompliance with new industry standards, regulations and laws.
Third-party resellers, vendors, suppliers, agents and contractors play vital roles in organizations in the global business environment. However, the use of third parties and their relationships introduces certain risks. In some cases, external entities can affect your company’s compliance status and its brand reputation. Risk mitigation begins with establishing and monitoring a TPRM program led by trained compliance advisors to ensure effective due diligence, mitigating potential risks associated with higher-risk external parties.
For companies operating globally, navigating the complexity of international regulations and laws of foreign countries could be challenging. External advisors with a global network can help your company comply with diverse regulatory requirements and form law-abiding strategies abroad.
Without timely and thorough investigations of allegations of noncompliance, the effectiveness of a compliance program can be significantly diminished. Your organization should maintain relationships with experienced law and investigative firms to provide appropriate global subject matter experience when required. Your organization may lack well-established procedures, personnel or resources; the necessary tools and technology to conduct a thorough investigation; or sometimes, the stakes may simply be too high to go at it alone.
As part of the conclusion of any investigation, a thorough root cause analysis of noncompliance incidents is essential to address the underlying financial or operational issues. Internal controls and process management advisors have deep insights into the types of noncompliance activities and control failures in specialized industries. Advisors can perform the appropriate analyses, determine remediation efforts, assess the adequacy of your data and technology, and develop a prioritized, actionable work plan to remediate control deficiencies.
The risks, the expectations and the stakes for compliance and response have never been higher. When you establish a team of integrated compliance and investigative professionals that deploy the right technology and outside resources when needed, you are positioned for future success reputationally and financially.
Call us at (541) 773-6633 (Oregon), (208) 373-7890 (Idaho) or fill out the form below and we’ll contact you to discuss your specific situation.
This article was written by RSM US LLP and originally appeared on 2024-01-23.
2022 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.