With regulators intensifying scrutiny, companies today face growing pressure to strengthen their compliance programs, especially in an environment where whistleblower activity is on the rise. Both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have sharpened their focus on what they expect from businesses when it comes to managing risk, ensuring ethical behavior, and maintaining transparent operations.
DOJ's Expectations: Design, Application, and Evolution of Compliance Programs
The DOJ's guidance emphasizes a three-pronged approach to compliance programs:
- Well-Designed Programs: Companies must establish clear policies, procedures, and systems that are tailored to the specific risks they face. This includes comprehensive training programs that educate employees about what constitutes misconduct and how to report it. It's not enough to have a "check-the-box" compliance system; the policies need to be robust and customized.
- Earnest Application: The DOJ wants to see whether companies genuinely enforce their policies. Are they being applied “earnestly and in good faith”? It's critical for businesses to demonstrate that their compliance programs aren't just for show—they must be actively implemented and enforced.
- Effective Execution in Practice: A compliance program is only valuable if it works. This includes continuous monitoring, testing, and improving the program as needed. Investigating reports of misconduct and following up with remediation efforts are critical to proving the program's effectiveness. The DOJ is particularly interested in whether the compliance efforts result in tangible outcomes, such as preventing future violations or fostering a culture of transparency.
SEC's Priorities: A Holistic Approach to Risk and Disclosure
The SEC also plays a pivotal role in enforcing compliance, particularly with its focus on how companies manage and disclose risk:
- Holistic Risk Management: The SEC encourages businesses to adopt a comprehensive, organization-wide approach to risk management. Companies should assess whether risks are being recognized across different departments and whether potential systemic problems are being addressed rather than isolated or ignored.
- Clear and Timely Disclosures: A company's duty to provide accurate, clear, and timely disclosures to investors is a core SEC requirement. Companies must have robust internal controls that ensure risks are appropriately identified and communicated to stakeholders in a timely manner.
What This Means for Companies
For businesses, the implications of these heightened expectations are clear: It is no longer enough to have a static compliance program. Both the DOJ and SEC are looking for companies that are proactive in creating ethical environments, reducing misconduct, and transparently managing risk.
Companies must continuously ask themselves questions like:
- Are we applying what we learn about risks across our organization?
- Are systemic issues being downplayed as isolated incidents?
- Are we truly holding individuals accountable for violations, or are we merely going through the motions?
Additionally, businesses should consider these steps to remain compliant:
- Invest in Training and Culture: Regularly update training programs to address emerging risks and ensure that employees understand the consequences of misconduct.
- Leverage Data and Technology: Implement data-driven monitoring systems to spot potential issues early and identify areas where compliance can be improved.
- Foster Open Communication: Encourage internal reporting and create safe avenues for whistleblowers, ensuring that concerns are addressed before they escalate.
Conclusion: Staying Ahead of the Curve
In an era where whistleblower activity is on the rise and regulators are demanding more from corporate compliance, companies must be vigilant. The best defense against regulatory action is a proactive, well-executed compliance program that is integrated into the core of the company's operations. By embracing continuous improvement, applying lessons learned, and fostering a culture of compliance, companies can not only avoid costly penalties but also build a stronger, more ethical foundation for long-term success.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.