Just when we thought the ethics and compliance landscape was “stable,” the Justice Department pulled the compliance profession further and announced heightened expectations for corporate compliance programs. For prognosticators like myself it is easy to predict that next year companies will have to focus on their compensations systems and data preservation capabilities.
DOJ has promised to issue additional guidance on these two important issues. However, companies should not wait for the guidance and begin to review and revise their compensation systems and data preservation.
Hopefully, chief compliance officers have been preparing to revisit these issues. Each raises real significant challenges and requires close coordination with senior management as well as human resource and information technology functions. CCOs have to push their organizations to examine what existing claw back and deferred compensation systems exist within the company and how those programs can be re-designed to create real disincentives against misconduct and supervisory failures.
On the data preservation issue, companies have to review their existing practices and policies governing use of communications devices. If companies supply employees with mobile phones and computers, companies have to adopt policies an d procedures governing use of company devices for personal purposes, and specifically whether employees can use third-party applications (such as WhatsApp or Signal). Alternatively, companies may apply BYOD policies and procedures (Bring Your Own Device) to control employee use of devices for business communications. Finally, companies have to determine what communications policies apply to their independent contractors (and even third parties) since preservation of third-party data may be necessary.
Whatever data preservation policy is crafted, companies may face further challenges on data privacy issues. Companies will have to figure out how to ensure compliance with DOJ and local country/regional requirements.
Going back to the compensation system review, compliance officers have to bring together human resources and senior management to review and revise compensation systems to ensure claw back and deferred compensation policies punish wrongdoers and supervisors who failed to exercise reasonable oversight of employees.
Such modifications implicate compensation systems, and have to be coordinated with claw back programs required by SEC rules for senior executives when a financial restatement occurs. The compliance program may apply broadly to a larger population of senior management (assuming they are eligible for a bonus program). In addition, deferred compensation and retirement programs may have to be adjusted to punish the wrongdoers and managers who are responsible for oversight.
Along with this review process, companies have to establish record-keeping and documentation requirements in order to demonstrate to the Justice Department and any other interested party how the compliance compensation system operated. DOJ has stated that it is interested in not only the written policies that are adopted, but how the program worked in practice.
Finally, compliance professionals have to re-examine what positive incentive programs exist to encourage compliance by employees. Again, companies need to coordinate with human resources and senior management to develop positive bonus and award programs that provide financial upsides to employees who meet certain compliance requirements and milestones. The compliance profession has crafted a number of positive reward programs to encourage compliant behaviors. A fresh look at these programs and a new push is needed to meet DOJ expectations in this area.