The U.S. Sentencing Commission's original federal sentencing guidelines listed seven components of an "effective program to prevent and detect violations of law." However, those elements were listed in the "commentary"

(footnotes) of a section on the application of the guidelines. In the new guidelines proposed by an Ad Hoc Advisory Group, those footnotes would become a stand-alone guideline.

Original Seven

According to the original document, the hallmark of an effective compliance program included—at a minimum—the following seven components:

Establish Procedures—The organization must establish compliance

standards and procedures to be followed by its employees and other agents that are "reasonably capable of reducing the prospect of criminal conduct";

High-Level Oversight—At least one "high-level" individual must be

assigned overall responsibility to oversee compliance with such standards and procedures.

Use Due Care—The organization must use due care not to delegate

"substantial discretionary authority" to individuals whom the organization knew—or should have known—had a propensity to engage in illegal activities;

Communicate Standards—The organization must take steps to

communicate effectively its standards and procedures to all employees and other agents;

Monitor—The organization must take "reasonable steps to achieve

compliance with its standards." Examples include using monitoring systems to detect criminal conduct, and implementing a whistleblower system for employees;

Enforce Consistently—The standards must be enforced consistently

through appropriate disciplinary mechanisms (including, potentially, the discipline of "individuals responsible for the failure to detect an offense");

Response And Prevention—After offense is detected, the

organization must take all reasonable steps to respond appropriately, and to prevent further similar offenses.

Ten Modifications

The new guideline proposed by the Advisory Group recommended 10 modifications to the guidelines. Each item is intended to eliminate ambiguities from the list above, and to synchronize the guidelines with Sarbanes-Oxley and "emerging public and private regulatory requirements." The 10 recommended modifications are:

Tone At The Top—Emphasize the importance within the guidelines of

an organizational culture that encourages a commitment to compliance with the law;

Conduct And Internal Control—Provide a better description of

"compliance standards and procedures;" namely—"standards of conduct and internal control systems that are reasonably capable of reducing the likelihood of violations of law";

Leadership Accountability—Specify the responsibilities of an

organization's governing authority and organizational leadership for compliance;

Resources And Authority—Emphasize the importance of adequate

resources and authority for individuals with the responsibility for implementation of the program;

History Of Violations—Replace the current terminology of

"propensity to engage in violations of law" with a more objective requirement of determining if there is a "history of engaging in violations of law";

Conduct Training—Include training and the dissemination of

training materials and information within the definition of an "effective program";

Evaluate Programs—Add "periodic evaluation of the effectiveness

of a program" to the requirement for monitoring and auditing systems;

Whistleblower System—Require a mechanism for anonymous reporting;

Encourage Employees—Establish system for employees not only to

report actual violations, but to "seek guidance about potential" violations, in order to more specifically encourage prevention and deterrence of violations;

Risk Assessment—Provide for the conduct of ongoing risk assessments as part of the implementation of an "effective program."