Entity-Specific Risk Management

Government Agencies: Effective Compliance and Ethics Programs are Necessary for Public Trust

By Teri Quimby, JD, LLM[1]

Introduction

Compliance and ethics programs are a necessity, not an option, for government at all levels. Taxpayers deserve trust. They expect that government employees will work ethically and decisively, and that public funds will be used efficiently and honestly. Government agencies must assess their own specific issues and put in place meaningful programs to meet specific needs. Well-designed and effectively implemented programs that factor in lessons learned from both the private and public sectors, coupled with proper monitoring and auditing, help to prevent serious compliance and ethics failures, challenges, and related consequences, even when humans prove to be fallible.

Effective Ethics and Compliance Programs—Value Proposition

Branches and levels of government are not much different from private companies or other organizations and, accordingly, should function with many of the same compliance and ethics measures. Public and private sectors are run by employees. Employees are human, and mistakes are made. Given this unconditional part of the human condition, and like private sector counterparts, government agencies must take more action to proactively implement and maintain effective compliance and ethics programs and related infrastructures. Public opinion bears mention here, with a survey showing Americans trust Amazon and Google more than government. Politics aside, this survey makes a point about trust. When asked about confidence in certain brands doing the right thing, government was seen in 2020 as trustworthy by only 7% of those surveyed. Brands such as Amazon and Google, however, received 39% and 38%, respectively.[2] While some areas of government have already made compliance programs a priority, this is no longer a choice but a necessity to instill confidence and restore trust in the government “brand.”

Several resources exist and are available for establishing and reviewing compliance programs and the effectiveness of those infrastructures. Good starting places are the U.S. Sentencing Guidelines (USSG) for organizations[3] and the Department of Justice (DOJ) guidance.

The USSG provides a framework for the key elements that organizations should have in place to meet a threshold of effectiveness. Importantly, an overarching goal and objective of this framework is to encourage organizations to establish and maintain programs that enable the prevention and detection of wrongdoing and promote cultures that are committed to ethical conduct and compliance with the law. Effective programs not only help organizations to meet these important objectives, but they help organizations to operate more successfully on every level.

An important complement to the USSG is the revised DOJ Evaluation of Corporate Compliance Programs,[4] with insight on considerations deemed important when evaluating compliance program effectiveness when organizations are facing enforcement action or when making charging decisions. Organizations striving for compliance program effectiveness can benefit greatly from this valuable and practical insight to proactively establish better, more effective programs and frameworks from the onset, regardless of whether it involves criminal conduct or not.

Other similar guidance and insights helping organizations implement and maintain effective programs can be found in other resources, such as the revised Foreign Corrupt Practices Act guidance[5] and the DOJ Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.[6]

In general, government guidance offering compliance commentary and insights regarding program effectiveness may be aimed at corporations and organizations, but the government itself should be proactively looking to these nonregulatory “requirements” for ethical inspiration as well as compliance instruction when implementing and maintaining government programs. Effective compliance and ethics programs within government agencies that are transparent and visible can help enable more effective operations, ensure better use of taxpayer funding, mitigate risks, and increase confidence in these agencies by the public. To accomplish this, government needs to promote a high-trust culture aligned with the agency mission.

Trust Issues: Find the Root Cause

Insight gained from information gathered internationally offers this observation: “a trust deficit is a global phenomenon.”[7] While some countries rank higher than others, the US finds itself in 23rd place out of 41 countries surveyed about trust in government, citing OECD data. The need to encourage a high-trust culture in government (and elsewhere) cannot be overlooked. The importance and benefits of this, especially to promote an effective compliance and ethics program, is highlighted in a recent Ethikos article, “Building better culture and compliance with trust.”[8] Research, and work directly with governments, indicate that some type of trust issue is always linked to problems.[9]

Acting as an obstacle, low-trust culture creates impediments for much needed improvements and reforms within government. Government needs to set aside time, human resources, and money to get the work done.[10] Otherwise, expectations must be lowered to reflect preservation of the status quo. Low trust, with both internal and external stakeholders, becomes the tolerated culture. At the federal level, the White House identified areas of improvement in its budget request to encourage employee engagement and improve workplace culture. The connection of these focal points to increase public trust and better service is notable. The lack of trust in government has great impact on recruiting and retaining employees, as well as generating interest for political appointments.[11]

Research continues to exemplify this connection. The Deloitte Center for Government Insights issued a 2021 report that connects the relationship between employee engagement and trust in government. Among many observations, one finding is that the category with highest impact on building public trust is “employee skills-mission match.”[12] Data gathered from government employees suggests that the following areas of engagement promote alignment with organizational mission: enjoying their work, using their talent, and viewing their work as an important contribution. When employees are engaged in this way, trust increases and in turn builds better culture, leading to effective compliance and ethics programs.

Government Compliance & Ethics Programs—Challenges, Strategies, and Opportunities

While 20/20 vision is usually associated with clear perspective, the COVID-19 pandemic in 2020 offered just the opposite. A bright light shone on every part of private and public sectors, magnifying existing issues that had, until then, gone unnoticed. Employees working at home regularly create privacy and other compliance issues neither intended nor contemplated. With workers now returning to offices part time or full time, or even not at all, home offices continue to create compliance and ethics concerns. For example:

  • Personal devices used at home can be overheard by nearby nonemployees with names like Alexa and Siri, bringing forth a myriad of confidentiality concerns.

  • Paper files or even evidence can create chain of custody concerns in certain sectors.

  • Transparency can become clouded with worldwide video chats with people in places all over the world.

  • Work discussions held in public parks at a six-foot distance can unconsciously enter public airways.

  • “Public” meeting access can have technical twists as well as notice and location concerns, although on the upside, virtual meetings can increase audience participation and allow global eyes to view otherwise local (and sometimes lonely) meetings with low to no public attendance.

These examples highlight the challenges of maintaining regulatory compliance with laws requiring open meetings. Observation and scrutiny of deliberations and actions by government officials provide transparency, resulting in a more responsive and responsible government. Office closures will inevitably occur for a variety of reasons, such as power outages; regardless, government needs to be “open” and accessible.

In addition to access, government collects information and is obliged to keep private information private. Data shared with government may be subject to public access requests under “sunshine laws,” with private information redacted. At this time more than ever, public trust in government requires accountability and responsibility. Implementing and maintaining effective compliance programs may be a challenge, but it is not a choice. Governmental immunity does not make government immune from misconduct or human errors. This chapter looks at examples of proactive compliance program initiatives as well as government conduct where effective programs, if in place, may have minimized or prevented incidents.

Examples of Government Initiatives

Governmental entities have taken steps to initiate compliance and ethics programs for many reasons. Whether to provide structures similar to those demanded for corporate compliance or to implement changes from lessons learned, all levels of government and all branches can learn from others how to initiate, review, and maintain programs. In addition to regular compliance issues, government faces issues with public trust and regulatory compliance involving transparency.

Federal Bureau of Investigation

One area of government tackling compliance head-on is the Federal Bureau of Investigation (FBI). The FBI established the Integrity and Compliance Program in 2007 to mitigate legal compliance risks within the FBI. This program is managed by the FBI’s Office of Integrity and Compliance (OIC). In a 2011 report, the DOJ concluded and recommended that “the concept of the FBI’s OIC program has been beneficial to its efforts to monitor and enhance compliance with legal requirements, and that other agencies may wish to consider implementing a similar kind of program.”[13] Implementing a compliance program in every area of government is not a novel idea and should be seriously considered. The very entities doling out punishments and taking away licenses and other approval need to shine a bright light on internal practices. Government needs to take the same responsibility as it requires from those under its power. Constructing a compliance program has never been easier with generally available compliance resources.

Well-designed programs start with an understanding of the business (or government area), how the risk profile has developed, and whether appropriate scrutiny and resources are devoted to risks. The revised 2020 DOJ guidance related to effective compliance programs recommends prosecutors understand why the program was set up the way it was, and why and how the program has evolved over time.[14] Starting with the question “why?” is important, but having answers is more important. It sounds so simple, yet it compounds into complexity—especially for government agencies. The FBI continues to take compliance responsibility seriously and devotes resources to its program. Other branches and levels of government need to do the same.

Further, the FBI continues to take oversight seriously, with routine reviews by the Office of the Inspector General. Feedback and recommendations should not be viewed in a negative light, even if bringing bad news. Assessments identify areas for improvement that informs organizational change.

One example is the OIG’s review of the FBI’s process for adjudicating misconduct investigations. These investigations are conducted by the FBI’s Office of Professional Responsibility. Focusing solely on this area, the OIG found room for improvement and the FBI concurred with the recommendations. The OIG observed that potential disciplinary outcomes were not addressed; documentation of decisions involving resignation or retirement were not addressed; and reliance on paper files and outdated systems were continuing concerns.[15] Regular reviews by an external source are required to promote and demonstrate commitment to an effective compliance and ethics program. In addition to independent audits, reviews and debriefs must be part of regular internal agency activity.

Lessons Learned

  • Establish a compliance and ethics program with a compliance office or designated manager.

  • Provide adequate resources for effective program functions.

  • Build a high-trust culture through employee engagement to increase program effectiveness.

  • Assess risks present in government operations.

  • Review program on a routine basis, involving both internal and external sources, and prepare to make changes as needed.

Federal Websites & ADA Accessibility: Compliance Concerns

According to the Centers for Disease Control and Prevention, 61 million adults in the US live with a disability.[16] This means more than one-quarter of the US adult population (26%) may not be able to easily access government (or other) websites. More familiarity may exist with mobility obstacles, although barriers in website design may also prevent access to government services, government information, and government participation.[17] The Information Technology & Innovation Foundation (ITIF) tested federal websites, with 30 percent failing the automated accessibility test performed on the most popular homepages and almost 50 percent failing tests on the most popular pages.[18] The federal Rehabilitation Act (Section 508) and the Communications Act set standards for accessibility to information and communication devices.[19] Government website design at the federal level is clearly missing marks in compliance, according to these ITIF findings. Federal websites are likely not the only ones. The White House, however, has set the stage for compliance with laws and standards at the federal level.

Tone at the top has been demonstrated by the White House with the issuance of the “Accessibility Statement.” Clearly articulated, this message begins with, “This commitment to accessibility for all begins with this site.”[20] The ITIF findings confirm this conviction, noting that “the White House website is an example of how prioritizing accessibility in the design process pays off.”[21] The ITIF findings show that this website not only meets, but exceeds, requirements in Section 508. With the White House leading the federal compliance efforts for effectiveness in this area, other government agencies—at all levels—should take note and strive for statutory compliance for website accessibility.

Also, the Americans with Disability Act (ADA) is applicable to government websites, requiring equal access to programs with remedies typically available in federal courts.[22] A notable change to this occurred in 2021, when Colorado became the first US state to enact a law requiring web accessibility for both state and local government websites.[23] This law requires accessibility plans in 2022, with implementation due in 2024. This state law paves the path for compliance, as well as litigation, at the state and local levels.

Whether mandated or not, all governments should be planning for legal and regulatory compliance in this area. Otherwise, instead of explaining why taxpayer dollars were spent on compliance, governments may be explaining why taxpayer money was spent responding to litigation or complaints concerning accessibility to websites. In 2020, the number of all lawsuits filed in this area in federal court passed the 2,500 mark.[24] While this statistic does not specifically separate out government website cases, the importance of the increase in all lawsuits filed is that litigation in this area continues to greatly increase. The lack of accessibility is a compliance concern that may be overlooked by some governments, although not overlooked by some users of government websites or elected officials.

The DOJ was recently called out by political leaders for failure to issue statutorily required biennial reports concerning accessibility of federal websites.[25] Appearing to be out of regulatory compliance with this law, the DOJ biennial reports have been missing for almost 10 years. In addition to asking about this reporting lapse, the next logical question is, why did it take 10 years to ask? Monitoring and auditing need to occur on a regular basis.

Lessons Learned

  • Use resources such as the World Wide Web Consortium (W3C) accessibility standards for web design as a benchmark for monitoring and auditing web pages.[26]

  • Test government websites regularly for accessibility, through automated tests and other known testing methods such as actual users; review results and plan compliance updates accordingly.

  • Monitor and audit the timely submission and content of required reports routinely.

State Action: Idaho Legislature Hotline

Encouraging a speak-up culture to report waste, fraud, abuse, and other personnel issues, the Idaho Legislature recently included $79,200 to operate a new employee hotline. The implementation of this compliance essential element came after a whistleblower settlement for $545,000. The state department retaliated against and fired an employee for sending anonymous emails with reports of alleged purchasing rules misconduct.[27] Far too often, though, such measures are instituted by government only after a problem appears.

Lessons Learned

  • Create a hotline or other method to encourage a speak-up culture.

  • Establish policies on retaliation; audit and monitor records to review reported incidents and terminations.

  • Manage reputation concerning public expenditures for settlements involving ineffective compliance programs, and failure to implement and maintain essential elements of compliance.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings