How Revised Sentencing Guidelines Impact CCOs

Earlier this month, the U.S. Sentencing Commission voted to propose revisions to Chapter 8 of the U.S. Sentencing Guidelines. The amendments (which will go into effect in November, unless Congress votes to rescind them) focus on how compliance professionals report to the audit committee of a company’s board of directors, and the company’s response to uncovering criminal conduct—including hiring an outside adviser to examine the compliance program.

These changes could carry some profound implications for the daily lives of chief compliance officers, so let’s explore the history behind them and how significant they truly are.

First, the history. Chapter 8 was adopted in 1991 to give federal judges a framework to determine a fine for a corporate defendant based on the company’s criminal history and nature of the criminal activity. The Sentencing Commission then revised Chapter 8 in 2004, adding the criteria of an effective compliance and ethics program as a significant factor in reducing a corporation’s ultimate fine. The notion of an effective compliance program was not a novel concept for corporations, but the guidelines did provide a basic framework for what most company lawyers viewed as a necessary ingredient to ensure that company employees adhere to a company’s code of conduct and comply with the law.

The next year, in United States v. Booker, the Supreme Court said that the federal sentencing guidelines (including Chapter 8) are only advisory, but judges must consider a properly calculated guideline range before imposing sentence. After considering a company’s guideline fine, a judge can deviate from that amount and impose a fine sufficient (but no greater than necessary) to satisfy the sentencing factors set forth in Section 3553(a) of the U.S. Criminal Code.

Along with Booker, the importance of Chapter 8 has diminished in recent years for another reason: the increased use of deferred prosecution agreements and non-prosecution agreements (DPAs and NPAs, respectively). Under these agreements, charges are filed and later dismissed (or in the case of an NPA, never filed at all), provided that the company adheres to the agreement’s other terms. With either agreement, no conviction ever occurs—which means that a federal judge never renders a sentence, and Chapter 8 is never judicially applied.

Compliance as a Charging Consideration

Despite Booker and the rise of DPAs/NPAs, Chapter 8 remains a critical consideration for corporate compliance programs because every corporate criminal prosecution (regardless of any conviction) begins with a charging decision and a fine calculation under the guidelines. Moreover, the Justice Department’s corporate charging policies and principles of federal prosecution (both outlined in the U.S. Attorneys’ Manual) instruct federal prosecutors to consider Chapter 8 in deciding whether to charge a corporation and which charges to select.

These policies command federal prosecutors to consider a company’s compliance program in deciding whether to charge a corporation. Indeed, three of the nine corporate charging principles set forth in the U.S. Attorneys’ Manual focus on compliance programs. In fact, Section 9-28.800 of the manual specifically instructs prosecutors to ask:

Is the corporation’s compliance program well designed?

Is the program being applied earnestly and in good faith?

Does the corporation’s compliance program work?

To answer these questions, federal prosecutors are directed to the definition of an effective compliance program found in Chapter 8 of the sentencing guidelines at Section 8B2.1. This policy has existed in one form or another since 1999 when it bore the name of the current attorney general, Eric Holder.

Currently—that is, before the just proposed amendments go into effect in November—Section 8B2.1 provides that an effective compliance program shall have the following features:

The company shall (a) establish standards and procedures to prevent and detect crime; (b) not include wrongdoers in upper management; (c) periodically communicate compliance standards and procedures to the board of directors, management, employees, and agents; (d) ensure compliance program is followed, effective, and monitored and audited; and (e) respond to compliance deficiencies once criminal conduct is detected.

The board of directors shall be knowledgeable of and oversee the company’s compliance and ethics program using a compliance professional.

The compliance officer shall regularly report to upper management, the board of directors, or the audit committee.

The compliance program shall be consistently enforced, with incentives for compliance conduct and discipline for criminal conduct or failing to reasonably prevent criminal conduct.

In addition, Section 8B2.1 provides that to have an effective compliance and ethics program for sentencing purposes, the company must exercise due diligence to prevent and detect criminal conduct and to promote an organizational culture to encourage ethical conduct and commitment to compliance. Application Note 3(k) reminds judges: “The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.”

What the Proposed Amendments Mean

All this brings us to the U.S. Sentencing Commission’s meeting on April 7, where it amended the definition of an effective compliance program to state that a company’s compliance program may be viewed as “effective” even if high-level employees were involved in the wrongdoing, provided that:

the compliance professional has “direct reporting obligations” to the governing authority such as the audit committee of the board of directors;

the compliance program is effective at ferreting out wrongdoing;

the misconduct is self-reported; and

no individual with operational responsibility for the program participated in, condoned, or ignored the illegal conduct.

The amendments explain that “direct reporting obligation” means that the compliance professional has express authority to communicate personally with a body such as the audit committee, both whenever actual or potential criminal conduct may be afoot, and at least annually once the compliance program is operating. Assuming all that is in place, and a corporation’s compliance program is thus “effective,” the sentencing guidelines apply a three-step downward adjustment from the table used to calculate corporate fines, resulting in a lower guideline fine for the entity.

The Commission’s approach on a compliance professional’s line of reporting finds support in recent prosecution agreements. A recent trend in DPAs and NPAs over the past few years is to revise the compliance structure so that the company’s compliance officer can report directly to the audit committee. This reporting line overlaps with existing Section 8B2.1(b)(2)(C) of the guidelines, which specify that an effective compliance program has a “specific individual within the organization … delegated day-to-day … responsibility … [who] report[s] periodically to high-level personnel and, as appropriate, to the governing authority … and [has] direct access to the governing authority or an appropriate sub-group of the governing authority.”

The Commission rejected additional language which would have said that “appropriate responses [to criminal conduct] may include self-reporting, cooperation with authorities, and … retaining an independent monitor to ensure adequate assessment and implementation of the modifications” to test business reforms designed to address misconduct. The Commission also rejected proposed language suggesting that an independent monitor should be a condition for a company placed on probation following a conviction. That idea seemed to contemplate a smaller role for the U.S. Probation Office, shifting oversight responsibility after sentencing to an independent monitor and the cost to the company. Instead, the Commission settled on a company hiring outside counsel to review its compliance program in the wake of criminal conduct, but left oversight of a company after conviction in the hands of the U.S. Probation Office.

Finally, the Commission decided not to incorporate language into the definition of effective compliance programs requiring that senior personnel understand the company’s document retention policies and criminal laws dealing with document destruction.

The U.S. Sentencing Guidelines provide minimum standards that compliance officers should adapt to their organization and risk environment. The amendments reemphasize that an open line of communication and an independent review of the compliance program following criminal conduct are important compliance themes. The guidelines also provide uniform guidance on compliance as a charging consideration for federal prosecutors—a consideration that should not be lost on compliance professionals.