FSGO Series: Part 1
Federal Sentencing Guidelines: Key Points and Profound Changes
By Kenneth W. Johnson
Ethics Resource Center 2004
Kenneth Johnson is Director of the Ethics & Policy Integration Centre (EPIC) and Adjunct Senior Consultant to the Ethics Resource Center.
Background. Since November 1991, the U.S. Sentencing Commission's Federal Sentencing Guidelines for Organizations (FSGO) has provided the essential foundation from which practitioners have framed, debated, and researched what it means to have an effective ethics and compliance program. Though purely voluntary, the FSGO provides a powerful incentive for organizations to implement "structural safeguards designed to prevent and detect criminal conduct." This incentive includes a potentially lighter sentence and reduced risk of being placed on probation, where the organization is able to convince a federal judge that its program meets the FSGO definition of an "effective program to prevent and detect criminal conduct." Moreover, the FSGO definition of an effective program has had much wider influence, since other policy-setting bodies, such as the Department of Justice, the Inspector General of Health and Human Services, and the Chancery Court of the State of Delaware, have referred to or incorporated the guidelines with varying degrees of approval.
In 2001, a decade having passed (including years of business scandal), the Commission embarked upon a multi-year review of the organizational guidelines looking to the effectiveness of its original requirements. The Commission worked through an advisory group of noted practitioners from both the public and private sectors and its own staff to review administrative and legal requirements, conduct a literature search, catalogue model program best practices, and receive public comment and testimony. After over two years of study, the advisory group delivered an extensive report to the Commission in October 2003. Based upon that report and additional testimony from other experts and interested parties, the Commission embedded much of the distilled corporate experience in amended guidelines proposed to Congress on April 30, 2004. Unless rejected, the amended FSGO will take effect on 1 November 2004.
First in a Series. This article is the first in a series to describe and comment upon the Commission's amended requirements for an "effective program to prevent and detect violations of law." We believe this to be a subject worthy of close study: less because organizations should anticipate having problems with federal regulators or prosecutors than because the amended FSGO will provide an excellent foundation for designing ethics and compliance programs.
Today we highlight new key terms used in the amended FSGO and describe four profound changes to the definition and practice of an effective program. In articles to follow, we will (1) explore the significance of the new requirements for risk assessment and program evaluation; (2) lay out, in detail, the seven required elements of an effective program, (3) explore how an organization might approach evaluating its ethics and compliance program, (4) examine how the Commission addressed the issues of what is coming to be known as the "litigation dilemma," (5) integrate the FSGO provisions relating to small organizations; and (6) conclude with thoughts about how organizational leaders might take the notion of an effective program farther than the Commission's charter allowed it to go. Along the way, we will point the reader to resources used by the Commission, which may help the reader participate more fully in the framing, discussion, and debates about program effectiveness to come.
New Key Definitions. To emphasize the importance of structural safeguards, the Commission elevated the criteria for an effective compliance program into a separate guideline. (The definition had originally been set forth in commentary.) In the words of the Commission, "the amendment elaborates upon these criteria, introducing additional rigor generally and imposing significantly greater responsibilities on the organization's governing authority and executive leadership."
In a simple, but significant new term, the Commission consistently refers to a "compliance and ethics program." In so doing, the Commission has explicitly moved beyond "compliance" to include "ethics." For those who encourage thinking beyond mere compliance by referring to "ethics and compliance programs" (or even "corporate responsibility programs"), this is a major step in the right direction. Moreover, in its introductory language, the Commission observes that, while an "effective" compliance and ethics program will prevent and detect criminal conduct, it should also facilitate compliance with all applicable laws. This language is loaded with meaning, reflecting a sense that a program concentrating on avoiding only criminal conduct is unlikely to be effective. It may also be a subtle reference to a professional, but heated debate over whether it was wise or even authorized for the Commission to require that an effective program go beyond mere compliance with criminal law to address violations of law in general, which the advisory group had recommended.
Further expanding the reach of a compliance and ethics program is yet another meaningful "should," since the Commission provides that "as appropriate, a large organization should encourage small organizations (especially those that have, or seek to have, a business relationship with the large organization) to implement effective compliance and ethics programs" (emphasis added).
A set of terms the Commission now uses is "governing authorities" and "organizational leadership." The term "governing authorities" includes members of a board of directors for corporations, and all those who set policy for the organization as a whole at the "highest-level" for other types of organizations. The second term, "organizational leadership," defined in the amendment as "high-level personnel," establishes another category of persons having specific responsibilities under a compliance and ethics program. Moreover, while it does not use a specific new term, the Commission specifically recognizes that, where "certain individual(s) have day-to-day responsibility for the compliance and ethics program," they must "be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority." This reflects the realization that ethics or compliance officers are often not "high-level personnel," in practice, but nonetheless make significant contributions toward a program's effectiveness. By defining these terms and requiring specific, significantly greater roles and responsibilities of each category, the Commission is giving notice that an effective program must truly engage all members and agents of an organization.
Profound Changes. While there are many significant changes to the FSGO, there are four, in our minds, that are profound: (1) broadening of the purpose of an effective program to include developing an ethical organizational culture, (2) specific requirements to design a program around identified risks and regular program evaluation, (3) recognition of a disincentive to having an effective program, often called the "litigation dilemma," and (4) attention to the challenges of the small (less than 200 employees) organization.
The foremost change broadens the purpose of having an effective program from the existing requirement that an organization exercise due diligence to prevent and detect criminal conduct to include the requirement that an organization "otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law." This expansion is a major, and welcome, step forward.
Addressing organizational culture, in the words of the Commission, is intended "to reflect the emphasis on ethical conduct and values incorporated into recent legislative and regulatory reforms, such as those provided by the [Sarbanes-Oxley Act of 2002]." This provision reflects current research and experience that suggests that the principal predictor of success in any compliance and ethics program is the culture of the organization itself. It also reflects scholarship that suggests that, with rare exceptions, effective programs must strike an appropriate balance between rules, values, and meeting reasonable stakeholder expectations: that an emphasis on compliance alone is often a self-defeating approach to preventing and detecting violations of law.(1)
The second profound change is the twin requirements of risk assessment and regular program evaluation. While these two requirements reside in two different sections of the FSGO, they can be best understood, in our view, as an integrated requirement that the organization be able to explain the underlying rationale for its program design and demonstrating its effectiveness in practice.
Practitioners sometimes forget that the guidelines are not promulgated to advise organizations on how to design an effective program so much as they are aimed at "guiding" the sentencing judge on whether to exercise leniency in sentencing. In other words, an organization will not truly know that its program is "effective" until a sentencing judge decides that its program is designed, implemented, and operated as the Commission defines effectiveness.
With these in mind, the amendments require that an organization must periodically assess the risk of occurrence of criminal conduct, bearing in mind the Commission's observation that a truly effective program should facilitate compliance with all applicable laws. Then, resident in another section of the FSGO, the Commission now requires that the organization "periodically evaluate the effectiveness of its compliance and ethics program." It is helpful to read these two provisions together with the newly broadened purpose of a compliance and ethics program to promote a certain organizational culture and the expanded roles and responsibilities provisions. Read together, these new provisions imply that the organization must be prepared, at all times, to demonstrate that it:
- Did an effective job of assessing the actual risks faced by the organizations, including the strengths and weaknesses of its organizational culture;
- Made explicit the outcomes its program was to achieve;
- Allocated adequate resources to its compliance and ethics program; and
- Evaluated program effectiveness often enough to reasonably believe it was making progress toward those outcomes.(2)
The third change is recognition that there is a downside to the organization if it establishes a truly effective compliance and ethics program. A truly effective program -- one having effective monitoring and auditing systems, training programs that engage employees and agents on real workplace issues, and an internal reporting mechanism that encourages and agents to report criminal conduct -- generates lots of information that the organization would not normally take public. If organization reports an offense to the proper authorities, a program requirement often not fully appreciated, that information may become public knowledge and used against it by potential litigants. Known as the "litigation dilemma," we will treat this in detail in the series to follow.
Finally, the Commission specifically recognized the challenges of the small organization in the guidelines. The amended guidelines note that the compliance and ethics program of a small organization can have less formality and fewer resources applied. Perhaps most important, the amended guidelines allow a small organization to argue that it has an effective program despite the general provision that an organization cannot get credit for having an effective program where high-level personnel are involved. The small organization can now rebut that presumption where it is able to argue that it had an otherwise effective program. This had been a major disincentive for small organizations since it was more likely for them to have high-level personnel involved because of their size.
Conclusion. In conducting the multi-year review and amending the guidelines, the Commission has taken major steps advancing the cause of the compliance and ethics program as an essential strategy of an organization. In this article, we pointed to a number of new key terms and four profound changes to the guidelines by way of introduction. In the articles to follow, we will discuss each provision in more detail, comment where appropriate, and point to readily available resources.
1. See, e.g., Linda Klebe Treviño, et al., "Managing Ethics and Legal Compliance: What Works and What Hurts" 41 California Management Review 131-151 (Winter 1999).
2. Recognizing the value of transparency, the author urged the Commission to bundle these provisions together explicitly, in his testimony before the Commission in March 2004, which the Commission declined to do.
ERC now offers federal agencies GSA contracts, contact us for more information.
If You Are Interested in Participating Please Contact Us For More Information:
Moira McGinty Klos
Participating companies have the opportunity to conduct an employee survey using ERC’s metrics in order to better understand the impact of ethics and compliance programs, measure ethical culture strength, and compare against peer organizations.
Get Email Updates
Subscribe to receive periodic updates from ERC. Join our email list.
ERC President Pat Harned launches new blog; she welcomes discussion on ethics issues facing American workers and executives. Check out the blog!
Connect with ERC
ERC's Benchmarking Services
ERC's team can help you design and administer an ethics survey to fit your organization.