Chuck Connolly Comments on Periodic Testing and Review for Compliance
Akin Gump white collar defense and government investigations partner Chuck Connolly commented recently for JD Supra’s article “What's the One Thing Missing From Your Corporate Compliance Program?”
Regarding the importance of periodic testing and review in a corporate compliance program, Connolly noted:
The high profile, and high dollar, cases brought by the Department of Justice, SEC and other enforcement agencies in recent years have been successful in getting companies of all shapes and sizes to adopt compliance programs that are often well written. These programs benefit from the increased transparency by the enforcement authorities as to what constitutes a good program and by the well-publicized weaknesses in the programs of those companies who have been subject to regulatory or criminal settlements. But having a well-designed 'paper program' is not enough. In fact it is only the beginning.
Ultimately, the key question enforcement authorities ask when evaluating a company’s compliance program is 'does it work?' The only way to answer that question proactively is to review – and test – the program on a regular basis. It is this proactive review and testing of how the program is actually applied within a company that is most often missing from corporate compliance programs. And it is often missing because testing and review are not subject to formulaic design or implementation, take time, sustained effort and resources, and may vary company to company and year to year based on changes in industry, customer base, the regulatory environment and even the size and complexity of the company itself. The importance of testing and review, however, should not be discounted. The DOJ and SEC list periodic testing and review as one of the ten hallmarks of a good compliance program and recent FCPA deferred prosecution agreements have required companies to review their compliance programs annually. Beyond the focus by the enforcement authorities, it is good practice for companies to test and review their compliance programs on a regular basis because it should help the company prevent violations or discover them earlier. Furthermore, the absence of periodic testing and review may result in the company’s written program becoming a liability rather than an asset when faced with a regulatory or even criminal inquiry.