Compliance and Enforcement for Organizations
This project will address the need for a set of recommended standards and best practices on the law of compliance and risk management.
- Tentative Draft No. 2516 pages, 2021, #1PLCERTD2E
TABLE OF CONTENTS
Section Page
Project Status at a Glance............................................................................................................. xix
Foreword................................................................................................................. .....................xxi
Reporters’ Memorandum............................................................................................................ xxiii
PART ONE
GENERAL PROVISIONS
CHAPTER 1
DEFINITIONS
§ 1.01. Definitions........................................................................................................................... 1
PART TWO
COMPLIANCE
CHAPTER 4
COMPLIANCE RISK MANAGEMENT
Introductory Note............................................................................................................................ 7
TOPIC 1
COMPLIANCE RISK MANAGEMENT IN GENERAL
§ 4.01. Nature of Compliance Risk and Compliance Risk Management........................................ 7
§ 4.02. Goals of Compliance Risk Management........................................................................... 16
TOPIC 2
GENERAL CONSIDERATIONS IN COMPLIANCE RISK MANAGEMENT
§ 4.03. Characteristics of Organizations Affecting Compliance Risk Management..................... 18
§ 4.04. General Compliance Risk-Management Activities of Organizations................................ 26
§ 4.05. Structuring the Terms of Employment.............................................................................. 34
§ 4.06. Risk Culture....................................................................................................................... 43
TOPIC 3
SPECIFIC COMPLIANCE-RISK-MANAGEMENT ACTIVITIES
§ 4.07. Elements of Effective Compliance Risk Management...................................................... 49
§ 4.08. Strategies for Identifying Compliance Risks..................................................................... 56
§ 4.09. Strategies for Assessing and Prioritizing Compliance Risk............................................... 57
§ 4.10. Strategies for Addressing Compliance Risk...................................................................... 60
§ 4.11. Strategies for Monitoring Compliance Risk...................................................................... 63
§ 4.12. Compliance Risk Responses.............................................................................................. 66
§ 4.13. Assessing and Accepting Residual Compliance Risk........................................................ 68
CHAPTER 5
THE COMPLIANCE FUNCTION
TOPIC 3
SPECIFIC COMPLIANCE ACTIVITIES
§ 5.09. Oversight of Employees and Others.................................................................................. 71
TOPIC 5
INTERNAL REPORTING
§ 5.18. Procedures for Internal Reporting..................................................................................... 75
TOPIC 6
THIRD-PARTY SERVICE PROVIDERS
§ 5.19. The Role of Third-Party Service Providers........................................................................ 78
§ 5.20. Attorneys........................................................................................................................... 79
§ 5.21. External Auditors.............................................................................................................. 81
TOPIC 7
INVESTIGATIONS
§ 5.22. The Decision to Investigate............................................................................................... 83
§ 5.23. Scope of Internal Investigations........................................................................................ 87
§ 5.24. The Investigator................................................................................................................. 90
§ 5.25. Privilege in Investigations.................................................................................................. 92
§ 5.26. Responding to Government Investigations....................................................................... 96
§ 5.27. Fairness to Employees During Investigations.................................................................... 98
§ 5.28. Responding to the Investigator’s Report......................................................................... 101
§ 5.29. Lessons Learned.............................................................................................................. 102
TOPIC 8
COMPLIANCE BEYOND THE ORGANIZATION
§ 5.30. Responsibility of Parent Companies for Compliance in Subsidiaries.............................. 103
§ 5.31. Supply-Chain Due Diligence........................................................................................... 105
§ 5.32. Vendor and Business-Partner Due Diligence.................................................................. 106
§ 5.33. Customer Due Diligence.................................................................................................. 110
TOPIC 9
ETHICS AND SOCIAL RESPONSIBILITY
§ 5.34. Commitment to Ethical Behavior.................................................................................... 112
§ 5.35. Codes of Ethics............................................................................................................... 113
TOPIC 10
SPECIAL CONSIDERATIONS FOR INTERNATIONAL FIRMS
§ 5.36. Special Considerations for International Firms .............................................................. 114
PART THREE
ENFORCEMENT
CHAPTER 6
CRIMINAL, CIVIL, AND ADMINISTRATIVE ENFORCEMENT AGAINST INDIVIDUALS AND COMPANIES FOR CORPORATE MISCONDUCT
Introductory Note........................................................................................................................ 119
TOPIC 1
DEFINITIONS
§ 6.01. Definitions....................................................................................................................... 120
TOPIC 2
PRINCIPLES COMMON TO ENFORCEMENT BY PROSECUTORS AND CIVIL- ENFORCEMENT OFFICIALS
§ 6.02. Enforcement Policies for Nontrial Criminal, Civil, or Administrative
Resolutions of Organizational Misconduct.................................................................... 129
§ 6.03. Accountability of Individual Wrongdoers for Organizational Misconduct.................... 154
§ 6.04. Voluntary Self-Reporting by Organizations.................................................................... 164
§ 6.05. Full Cooperation by Organizations.................................................................................. 173
§ 6.06. Cooperation: Waiver of the Attorney–Client Privilege and Work-Product
Protection....................................................................................................................... 192
§ 6.07. Disgorgement, Restitution, and Remediation by Organizations..................................... 202
§ 6.08. Assessing the Effectiveness of an Organization’s Compliance Function........................ 216
§ 6.09. Required Internal Reforms to an Organization’s Compliance Function......................... 236
§ 6.10. Factors Relevant to the Appropriateness of a Monitor or Other External
Oversight of an Organization........................................................................................ 247
§ 6.11. Duties and Authority of Compliance Monitors .............................................................. 253
§ 6.12. Selection and Oversight of Compliance Monitors by Enforcement Officials................. 262
§ 6.13. Compliance Consultants.................................................................................................. 267
§ 6.14. Mandated Limitations on an Organization’s Business Activities.................................... 269
TOPIC 3
CRIMINAL ENFORCEMENT POLICY FOR MISCONDUCT BY ORGANIZATIONS
Introductory Note........................................................................................................................ 272
§ 6.15. Forms of Criminal Nontrial Resolutions for Organizations............................................. 272
§ 6.16. Declinations (traditional)................................................................................................. 281
§ 6.17. Guilty Pleas...................................................................................................................... 282
§ 6.18. Declinations Following Disgorgement, Restitution, and Remediation........................... 289
§ 6.19. Deferred and Non-Prosecution Agreements................................................................... 307
§ 6.20. Monetary Penalties in Nontrial Criminal Resolutions with Organizations
that Committed Material Criminal Misconduct............................................................. 314
TOPIC 4
CORPORATE CIVIL AND ADMINISTRATIVE ENFORCEMENT POLICY
Introductory Note........................................................................................................................ 323
§ 6.21. Forms of Civil Nontrial Resolutions and Sanctions for Organizations........................... 324
§ 6.22. Enforcement Policy for Civil and Administrative Nontrial Resolution.......................... 340
§ 6.23. Traditional Declinations and Decisions to not Pursue an Enforcement Action.............. 348
§ 6.24. Choice of Nontrial Resolution When an Adjudicated Resolution Could Trigger
Collateral Consequences in the United States or Abroad......................................... 349
§ 6.25. Policies Governing Admissions of Facts and Denials of Culpability.............................. 369
§ 6.26. Collateral Consequences: Debarment, Exclusion, and Delicensing................................. 376
§ 6.27. Protecting Employees and Agents Who Uphold the Law or
Report Misconduct from Retaliation........................................................................ 387
Appendix A. Black Letter of Tentative Draft No. 2............................................................... 401
Appendix B. Black Letter of Sections Approved by Membership
Tentative Draft No. 2 contains Chapter 4, Compliance Risk Management, and Chapter 6, Criminal and Civil Enforcement Against Individuals and Companies for Corporate Misconduct, as well as parts of Chapter 1, Definitions, and Chapter 5, The Compliance Function. This draft was approved by the membership at the 2021 Annual Meeting, subject to the discussion at the Meeting and to editorial prerogative. This material may be cited as representing the Institute’s position until the official text is published.
- Tentative Draft No. 1Tentative Draft No. 1274 pages, 2019, #1PLCERTD1
TABLE OF CONTENTS
Project Status at a Glance xiii
Foreword xv
Reporters’ Memorandum xxi
CHAPTER 1
DEFINITIONS
§ 1.01. Definitions 1
CHAPTER 2
SUBJECT MATTER, OBJECTIVES, AND INTERPRETATION
§ 2.01. Subject Matter 5
§ 2.02. Objectives 8
§ 2.03. Characteristics of the Organization 10
§ 2.04. Interpretation 14
§ 2.05. Nonliability 15
CHAPTER 3
GOVERNANCE
TOPIC 1. GOVERNANCE IN COMPLIANCE AND
RISK MANAGEMENT – GENERAL
§ 3.01. Governance in Compliance and Risk Management 17
§ 3.02. Governance Actors 18
§ 3.03. Governance Map for Compliance and Risk Management 20
§ 3.04. Coordination of Compliance and Risk Management in Affiliated Organizations 20
§ 3.05. Governance Accommodations for Organizational Circumstances 22
§ 3.06. Qualifications of Primary Governance Actors for Compliance and
Risk Management 23
§ 3.07. The Role of the Board of Directors and Executive Management in
Promoting an Organizational Culture of Compliance and Risk Management 29
TOPIC 2. THE BOARD OF DIRECTORS – GENERAL
§ 3.08. Board of Directors’ Oversight of Compliance, Risk Management, and Internal Audit 36
TOPIC 3. THE BOARD OF DIRECTORS – COMMITTEES
§ 3.09. Delegation of Oversight Responsibilities by the Board of Directors to a
Committee or Group of its Members 52
§ 3.10. Compliance and Ethics Committee 58
§ 3.11. Risk Committee 68
§ 3.12. Role of the Audit Committee in Compliance and Risk Management 76
§ 3.13. The Role of the Compensation Committee in Compliance and Risk Management 84
TOPIC 4. EXECUTIVE MANAGEMENT
§ 3.14. Executive Management of Compliance and Risk Management 88
TOPIC 5. INTERNAL-CONTROL OFFICERS
§ 3.15. Chief Compliance Officer 101
§ 3.16. Chief Risk Officer 116
§ 3.17. Chief Audit Officer 129
§ 3.18. Compliance and Risk-Management Responsibilities of Chief Legal Officer 140
§ 3.19. Compliance and Risk-Management Responsibilities of the
Human-Resources Officer 147
§ 3.20. Multiple Responsibilities of Internal-Control Officers 151
§ 3.21. Outsourcing, Use of Technology, and Engagement of Third-Party
Service Providers 154
CHAPTER 5. COMPLIANCE
TOPIC 1. THE COMPLIANCE FUNCTION
§ 5.01. Nature of the Compliance Function 161
§ 5.02. Goals of the Compliance Function 162
§ 5.03. General Compliance Activities of Organizations 166
§ 5.04. Enterprise Compliance 169
TOPIC 2. EFFECTIVE COMPLIANCE
§ 5.05. Elements of an Effective Compliance Function 171
§ 5.06. Compliance Program 178
TOPIC 3. SPECIFIC COMPLIANCE ACTIVITIES
§ 5.07. Compliance Risk Assessment 188
§ 5.08. Compliance Advice 192
§ 5.09. Compliance Monitoring [Reserved] 194
§ 5.10. Training and Education 194
§ 5.11. Red Flags 196
§ 5.12. Escalation Within the Organization 199
§ 5.13. Compliance Under Legal Uncertainty 201
TOPIC 4. EMPLOYEES, AGENTS, AND COUNTERPARTIES
§ 5.14. Hiring of Employees, Retention of Agents, and Selection of Counterparties 202
§ 5.15. Background Checks 203
§ 5.16. Compensation 205
§ 5.17. Discipline 207
TOPIC 5. INTERNAL REPORTING
§ 5.18. Procedures for Internal Reporting [Reserved] 211
§ 5.19. Protecting Confidentiality of Internal Reporting [Reserved] 211
§ 5.20. Nonretaliation [Reserved] 211
TOPIC 6. THIRD-PARTY SERVICE PROVIDERS
§ 5.21. The Role of Third-Party Service Providers [Reserved] 211
§ 5.22. Attorneys [Reserved] 211
§ 5.23. External Auditors [Reserved] 211
TOPIC 7. INVESTIGATIONS
§ 5.24. The Decision to Investigate [Reserved] 211
§ 5.25. Scope of Internal Investigations [Reserved] 211
§ 5.26. The Investigator [Reserved] 211
§ 5.27. Privilege in Investigations [Reserved] 211
§ 5.28. Responding to Government Investigations [Reserved] 211
§ 5.29. Fairness to Employees During Investigations [Reserved] 211
§ 5.30. Responding to the Investigator’s Report [Reserved] 211
§ 5.31. Lessons Learned [Reserved] 211
TOPIC 8. COMPLIANCE BEYOND THE ORGANIZATION
§ 5.32. Responsibility of Parent Companies for Compliance in Subsidiaries [Reserved] 211
§ 5.33. Supply-Chain Due Diligence [Reserved] 211
§ 5.34. Vendor and Business-Partner Due Diligence [Reserved] 211
§ 5.35. Customer Due Diligence [Reserved] 211
TOPIC 9. ETHICS AND SOCIAL RESPONSIBILITY
§ 5.36. Commitment to Ethical Behavior [Reserved] 211
§ 5.37. Codes of Ethics [Reserved] 211
TOPIC 10. SPECIAL CONSIDERATIONS FOR NONPROFITS AND INTERNATIONAL FIRMS
§ 5.38. Special Considerations for International Firms [Reserved] 211
§ 5.39. Special Considerations for Nonprofit Organizations [Reserved] 211
Appendix. Black Letter of Tentative Draft No. 1 213
Tentative Draft No. 1 contains Chapter 1, Definitions (excluding reserved definitions); Chapter 2, Subject Matter, Objectives, and Interpretation; Chapter 3, Governance; and §§5.01-5.08 and 5.10-5.17 of Chapter 5, Compliance. The draft was approved by the membership at the 2019 Annual Meeting, subject to the discussion at the Meeting and to the usual editorial prerogative. This material may be cited as representing the Institute’s position until the official text of the entire project is published.
274 pages, 2019, #1PLCERTD1ETABLE OF CONTENTS
Project Status at a Glance xiii
Foreword xv
Reporters’ Memorandum xxi
CHAPTER 1
DEFINITIONS
§ 1.01. Definitions 1
CHAPTER 2
SUBJECT MATTER, OBJECTIVES, AND INTERPRETATION
§ 2.01. Subject Matter 5
§ 2.02. Objectives 8
§ 2.03. Characteristics of the Organization 10
§ 2.04. Interpretation 14
§ 2.05. Nonliability 15
CHAPTER 3
GOVERNANCE
TOPIC 1. GOVERNANCE IN COMPLIANCE AND
RISK MANAGEMENT – GENERAL
§ 3.01. Governance in Compliance and Risk Management 17
§ 3.02. Governance Actors 18
§ 3.03. Governance Map for Compliance and Risk Management 20
§ 3.04. Coordination of Compliance and Risk Management in Affiliated Organizations 20
§ 3.05. Governance Accommodations for Organizational Circumstances 22
§ 3.06. Qualifications of Primary Governance Actors for Compliance and
Risk Management 23
§ 3.07. The Role of the Board of Directors and Executive Management in
Promoting an Organizational Culture of Compliance and Risk Management 29
TOPIC 2. THE BOARD OF DIRECTORS – GENERAL
§ 3.08. Board of Directors’ Oversight of Compliance, Risk Management, and Internal Audit 36
TOPIC 3. THE BOARD OF DIRECTORS – COMMITTEES
§ 3.09. Delegation of Oversight Responsibilities by the Board of Directors to a
Committee or Group of its Members 52
§ 3.10. Compliance and Ethics Committee 58
§ 3.11. Risk Committee 68
§ 3.12. Role of the Audit Committee in Compliance and Risk Management 76
§ 3.13. The Role of the Compensation Committee in Compliance and Risk Management 84
TOPIC 4. EXECUTIVE MANAGEMENT
§ 3.14. Executive Management of Compliance and Risk Management 88
TOPIC 5. INTERNAL-CONTROL OFFICERS
§ 3.15. Chief Compliance Officer 101
§ 3.16. Chief Risk Officer 116
§ 3.17. Chief Audit Officer 129
§ 3.18. Compliance and Risk-Management Responsibilities of Chief Legal Officer 140
§ 3.19. Compliance and Risk-Management Responsibilities of the
Human-Resources Officer 147
§ 3.20. Multiple Responsibilities of Internal-Control Officers 151
§ 3.21. Outsourcing, Use of Technology, and Engagement of Third-Party
Service Providers 154
CHAPTER 5. COMPLIANCE
TOPIC 1. THE COMPLIANCE FUNCTION
§ 5.01. Nature of the Compliance Function 161
§ 5.02. Goals of the Compliance Function 162
§ 5.03. General Compliance Activities of Organizations 166
§ 5.04. Enterprise Compliance 169
TOPIC 2. EFFECTIVE COMPLIANCE
§ 5.05. Elements of an Effective Compliance Function 171
§ 5.06. Compliance Program 178
TOPIC 3. SPECIFIC COMPLIANCE ACTIVITIES
§ 5.07. Compliance Risk Assessment 188
§ 5.08. Compliance Advice 192
§ 5.09. Compliance Monitoring [Reserved] 194
§ 5.10. Training and Education 194
§ 5.11. Red Flags 196
§ 5.12. Escalation Within the Organization 199
§ 5.13. Compliance Under Legal Uncertainty 201
TOPIC 4. EMPLOYEES, AGENTS, AND COUNTERPARTIES
§ 5.14. Hiring of Employees, Retention of Agents, and Selection of Counterparties 202
§ 5.15. Background Checks 203
§ 5.16. Compensation 205
§ 5.17. Discipline 207
TOPIC 5. INTERNAL REPORTING
§ 5.18. Procedures for Internal Reporting [Reserved] 211
§ 5.19. Protecting Confidentiality of Internal Reporting [Reserved] 211
§ 5.20. Nonretaliation [Reserved] 211
TOPIC 6. THIRD-PARTY SERVICE PROVIDERS
§ 5.21. The Role of Third-Party Service Providers [Reserved] 211
§ 5.22. Attorneys [Reserved] 211
§ 5.23. External Auditors [Reserved] 211
TOPIC 7. INVESTIGATIONS
§ 5.24. The Decision to Investigate [Reserved] 211
§ 5.25. Scope of Internal Investigations [Reserved] 211
§ 5.26. The Investigator [Reserved] 211
§ 5.27. Privilege in Investigations [Reserved] 211
§ 5.28. Responding to Government Investigations [Reserved] 211
§ 5.29. Fairness to Employees During Investigations [Reserved] 211
§ 5.30. Responding to the Investigator’s Report [Reserved] 211
§ 5.31. Lessons Learned [Reserved] 211
TOPIC 8. COMPLIANCE BEYOND THE ORGANIZATION
§ 5.32. Responsibility of Parent Companies for Compliance in Subsidiaries [Reserved] 211
§ 5.33. Supply-Chain Due Diligence [Reserved] 211
§ 5.34. Vendor and Business-Partner Due Diligence [Reserved] 211
§ 5.35. Customer Due Diligence [Reserved] 211
TOPIC 9. ETHICS AND SOCIAL RESPONSIBILITY
§ 5.36. Commitment to Ethical Behavior [Reserved] 211
§ 5.37. Codes of Ethics [Reserved] 211
TOPIC 10. SPECIAL CONSIDERATIONS FOR NONPROFITS AND INTERNATIONAL FIRMS
§ 5.38. Special Considerations for International Firms [Reserved] 211
§ 5.39. Special Considerations for Nonprofit Organizations [Reserved] 211
Appendix. Black Letter of Tentative Draft No. 1 213
Tentative Draft No. 1 contains Chapter 1, Definitions (excluding reserved definitions); Chapter 2, Subject Matter, Objectives, and Interpretation; Chapter 3, Governance; and §§5.01-5.08 and 5.10-5.17 of Chapter 5, Compliance. The draft was approved by the membership at the 2019 Annual Meeting, subject to the discussion at the Meeting and to the usual editorial prerogative. This material may be cited as representing the Institute’s position until the official text of the entire project is published.