Harry Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Richard L. Cassin Editor at Large

Elizabeth K. Spahn Editor Emeritus 

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« Rumblings From Oz | Main | The Eight Year Itch »

Why Boards Should Listen

By Jeffrey M. Kaplan and Rebecca Walker

As discussed in Part One of this post, the U.S. Sentencing Commission approved changes to the compliance-and-ethics (“C&E”) program-related provisions of the Federal Sentencing Guidelines for Organizations in April, one of which concerns steps companies should take after the discovery of criminal conduct.

The second important modification concerns reporting to the board of directors, and specifically would permit a reduction in an organization’s criminal fine despite the culpable involvement of “high-level personnel“ so long as (among other things) those individuals with operational responsibility for the C&E program have “direct reporting obligations” to the board or committee thereof. A newly-added application note clarifies that an individual has “direct reporting obligations” to the board if he or she has “express authority to communicate personally” to the board “(A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the C&E program.”

Board oversight of a C&E program has long been considered essential to a robust program, and this is particularly true in the FCPA realm. This is, in part, because anti-bribery compliance programs can be resource-intensive and board oversight can help ensure that a program gets the resources it needs. In addition, under the logic of the Delaware Supreme Court’s decision in Stone v. Ritter, companies with significant FCPA (or any other specific type of C&E) risk should provide information to the board regarding efforts to mitigate such risk.

In practice, reporting to the board on FCPA compliance typically includes a discussion of each element of the FCPA compliance program, with particular emphasis on (i) risk assessment; (ii) FCPA training and communication efforts; (iii) due diligence for third parties and other controls; and (iv) FCPA audit plans and results. With respect to notifying the board of actual or potential criminal conduct, the person with operational responsibility for the program should have the express authority (i.e., set forth in program governance documentation) to report to the board regarding allegations of wrongdoing (not only regarding the FCPA but of any type). Companies may also want to consider providing the person with operational responsibility for compliance with the opportunity to meet with the audit committee in executive session on a periodic basis.

The Sentencing Commission has sent the proposed amendments to Congress, and, so long as Congress does not act to the contrary (which it is unlikely to do), they will become effective on November 1.

Jeffrey M. Kaplan and Rebecca Walker are partners at Kaplan & Walker LLP. They are currently writing a chapter for the BNA/ACC Compliance Manual on Compliance with the Foreign Corrupt Practices Act. He can be reached at Rebecca Walker's book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. She can be reached at

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.