By Teri Quimby, J.D.[1]
Introduction
Compliance programs are a necessity, not an option, for government at all levels. Taxpayers deserve trust, and they expect that government employees will work ethically and decisively, and that public funds will be used efficiently and honestly. Government agencies must assess their own specific issues and put in place meaningful compliance programs to meet specific needs. Well-designed and effectively implemented compliance programs that factor in lessons learned from both the private and public sectors, coupled with proper monitoring and auditing, help to prevent serious compliance failures, challenges, and related consequences, even when humans prove to be fallible.
Effective Ethics and Compliance Programs—Value Proposition
Branches and levels of government are not much different from private companies or other organizations and, accordingly, should function with many of the same compliance measures. Public and private sectors are run by employees. Employees are human, and mistakes are made. Given this unconditional part of the human condition, and like private sector counterparts, government agencies must take more action to proactively implement and maintain effective compliance programs and related infrastructures. Public opinion bears mention here, with a survey showing Americans trust Amazon and Google more than government. Politics aside, this survey makes a point about trust. When asked about confidence in certain brands doing the right thing, government was seen as trustworthy by only 7% of those surveyed. Brands such as Amazon and Google, however, received 39% and 38% respectively.[2] While some areas of government have already made compliance programs a priority, this is no longer a choice but a necessity to instill confidence and restore trust in the “government” brand.
Several resources exist and are available for establishing and reviewing compliance programs and the effectiveness of those infrastructures. Good starting places are the U.S. Sentencing Guidelines for Organizations[3] (USSG) and the Department of Justice (DOJ) guidance.
The USSG provides a framework for the key elements organizations should have in place to meet a threshold of effectiveness. Importantly, an overarching goal and objective of this framework is to encourage organizations to establish and maintain programs that enable the prevention and detection of wrongdoing, and promote cultures that are committed to ethical conduct and compliance with the law. Effective programs not only help organizations to meet these important objectives, but also they help organizations to operate more successfully on every level.
An important complement to the USSG is the recently released DOJ Evaluation of Corporate Compliance Programs,[4] with insight on considerations deemed important when evaluating compliance program effectiveness when organizations are facing enforcement action and/or when making charging decisions. Organizations striving for compliance program effectiveness can benefit greatly from this valuable and practical insight to proactively establish better, more effective programs and frameworks from the onset, regardless of whether it involves criminal conduct or not.
Further, other similar guidance and insights helping organizations to implement and maintain effective programs can be found in other resources such as the newly revised Foreign Corrupt Practices Act guidance[5] and the DOJ Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.[6]
In general, government guidance offering compliance commentary and insights regarding program effectiveness may be aimed at corporations and organizations, but the government itself should be proactively looking to these nonregulatory “requirements” for ethical inspiration as well as compliance instruction when implementing and maintaining government programs. Effective compliance programs within government agencies that are transparent and visible can help to enable more effective operations, ensure better use of taxpayer funding, mitigate risks, and increase confidence in these agencies by the public.
Government Compliance Programs—Challenges, Strategies, and Opportunities
While 20/20 vision is usually associated with clear perspective, the COVID-19 pandemic in 2020 offered just the opposite. A bright light shone on every part of private and public sectors, magnifying existing issues that had, until then, gone unnoticed. Employees working at home regularly create privacy and other compliance issues neither intended nor contemplated. For example:
-
Personal devices used at home can be subject to listening ears of nearby nonemployees with names like Alexa and Siri, bringing forth a myriad of confidentiality concerns.
-
Paper files or even evidence can create chain of custody concerns in certain sectors.
-
Transparency can become clouded with worldwide video chats with people in places all over the world.
-
Public parks host six-foot distanced discussions about work topics can unconsciously enter public airways.
-
“Public” meeting access can have technical twists as well as notice and location concerns, although on the upside, virtual meetings can increase audience participation and allow global eyes to view otherwise local (and sometimes lonely) meetings with low to no public attendance.
These examples highlight the challenges of maintaining regulatory compliance with laws requiring open meetings. A critically important core function in government, observation and scrutiny of deliberations and actions by government officials provide transparency, resulting in a more responsive and responsible government. Office closures will inevitably occur for a variety of reasons, such as power outages; regardless, government needs to be “open” and accessible.
In addition to access, government collects information and is obliged to keep private information private. Data shared with government may be subject to public access requests under “sunshine laws,” with private information redacted. At this time more than ever, public trust in government requires accountability and responsibility. Implementing and maintaining effective compliance programs may be a challenge, but it is not a choice. Governmental immunity does not make government immune from misconduct or human errors. This chapter looks at examples of proactive compliance program initiatives as well as government conduct where effective programs, if in place, may have minimized or prevented incidents.
Examples of Government Initiatives
Government at many levels have taken steps to initiate compliance programs for many reasons. Whether to provide structures from corporate compliance or to implement changes from lessons learned, all levels of government and all branches can learn from the others how to initiate, review, and maintain programs. In addition to regular compliance issues, government faces additional issues with public trust and regulatory compliance involving transparency.
Idaho Legislature Hotline
Encouraging a speak-up culture to report waste, fraud, abuse, and other personnel issues, the Idaho Legislature recently included $79,200 to operate a new employee hotline. The implementation of this compliance essential element came after a whistleblower settlement for $545,000. The state department retaliated against and fired an employee for sending anonymous emails, with reports of alleged purchasing rules misconduct.[7]
Lessons Learned
-
Create a hotline or other method to encourage a speak-up culture.
-
Establish policies on retaliation; audit and monitor records to review reported incidents and terminations.
-
Manage reputation concerning public expenditures for settlements involving ineffective compliance programs, and failure to implement and maintain essential elements of compliance.
New York State Ethics, Risk, and Compliance Initiative
In 2015, the first-ever statewide ethics, risk, and compliance initiative was created in the state of New York. The goal was to bring a private sector risk management model to New York agencies and authorities, with a mission of identifying, reducing, and eliminating risks and promulgating statewide best practices. Recognizing risk management as an effective tool for government resources, this idea is a great step toward public trust in government.[8] Projects undertaken include a comprehensive initiative to enhance online public access to state records and litigation risk reduction measures for state agencies.
Lessons Learned
-
Establish policies and procedures similar to those used in the private sector.
-
Use risk management for regulatory compliance, public trust, and integrity.
Federal Bureau of Investigation
One area of government tackling compliance head-on is the Federal Bureau of Investigation (FBI). The FBI established the Integrity and Compliance Program in 2007 to mitigate legal compliance risks within the FBI. This program is managed by the FBI’s Office of Integrity and Compliance (OIC). In a 2011 report, the DOJ concluded and recommended that “the concept of the FBI’s OIC program has been beneficial to its efforts to monitor and enhance compliance with legal requirements, and that other agencies may wish to consider implementing a similar kind of program.”[9] Implementing a compliance program in every area of government is not a novel idea and should be seriously considered. The very entities doling out punishments and taking away licenses and other approval need to shine a bright light on internal practices. Government needs to take the same responsibility as it requires from those under its power. Constructing a compliance program has never been easier with generally available compliance resources.
Well-designed programs start with an understanding of the business (or government area), how the risk profile has developed, and whether appropriate scrutiny and resources are devoted to risks. The recent 2020 DOJ guidance related to effective compliance programs recommends prosecutors understand why the program was set up the way it was, and why and how the program has evolved over time.[10] Starting with the question “why?” is important, but having answers is more important. It sounds so simple, yet it compounds into complexity, especially for government agencies. The FBI has taken compliance responsibility seriously and devoted resources to the program. Other branches and levels of government need to do the same.
Lessons Learned
-
Establish a compliance program with a compliance office or designated manager.
-
Provide adequate resources for effective compliance program functions.
-
Assess risks present in government operations.