The U.S. Department of Justice released updated guidelines for prosecutors to assess the effectiveness of compliance programs during the time of an offense, and when making a decision on charges. This is a helpful tool for businesses looking to better understand compliance expectations and avoid penalties, but the new guidelines may not benefit every company.
Compliance standards often are set in response to U.S. federal criminal prosecutions involving large corporations. This may make small- and medium-sized organizations fall behind on policies that were mainly intended to penalize businesses with lager budgets and more extensive resources, according to a Bloomberg Law article by Hui Chen, the Justice Department's former compliance counsel.
This guidance has the potential to affect a lot of companies and employees. There are 30.2 million small businesses in the U.S. employing 58.9 million people, or 47.5% of U.S. employees, according to a 2018 report from the U.S. Small Business Administration's Office of Advocacy.
Program design and application, and how a program works in practice, are the main criteria covered by the DOJ. The guidelines address a range of compliance program components, including risk assessment; policies and procedures; training and communications; confidential reporting and investigations processes; third-party management, if applicable; and procedures for M&A.
The most difficult practices to implement include risk assessment, confidential reporting and investigation processes. Small- and medium-sized businesses that lack internal audit and legal teams should prioritize managing compliance issues to save the costs incurred by offenses. They can work with external compliance experts to develop a risk management process to mitigate potential violations.
Companies must prove their compliance programs work in practice. The process typically occurs after an offense was committed, and may be particularly difficult for smaller businesses, since program updates and revisions may require extensive resources, including complex auditing systems, updated risk evaluations, and the assessment of company culture. That often will require use of outside resources.
An ongoing investigation may require legal counsel, an additional cost to businesses that do not have a legal department. A company’s reaction to a violation–considered the most important component by the DOJ--also may require the use of outside guidance.
Smaller companies face additional challenges. Chen lists the development of written policies and procedures, training, and whistleblower systems as other potential obstacles. Investment in official policies, trainings, and sophisticated internal reporting systems may be difficult or awkward formalities for family-run businesses, or companies with few employees.
These requirements may impose disproportionately large financial and organizational burdens on small- and medium-sized businesses, potentially hampering their compliance programs and limiting their productivity.
Smaller companies need to keep this in mind, and find reasonably priced resources to stay compliant.