Overview of Compliance and Ethics Program Meeting the Standards of the United States Sentencing Commission Manual

In 1992 the United States Sentencing Commission (“USSC”) Guidelines for Organizations established guidelines for effective compliance programs. Since 1992, organizations in virtually every sector of the economy, including colleges and universities have established compliance programs, also know as ethics programs.

In general, compliance and ethics programs have three purposes: (1) to help prevent the organization from violating applicable laws and internal policies and procedures; (2) to detect such violations if they occur notwithstanding the compliance and ethics program; and (3) to correct situations that violate laws or internal policies and procedures.

Comprehensive compliance and ethics programs begin at the top of the organization and include: articulating standards of compliance and ethical conduct for everyone associated with the organization; creating awareness of these standards among everyone in the organization; providing a means to report exceptions (i.e., possible misconduct); monitoring and auditing performance in areas of compliance risk; establishing organizational supports for the entire effort.

Organizations that have implemented compliance and ethics programs, including universities, report that they have derived numerous benefits from their compliance and ethics programs including:

• Providing the governing body with assurances that the organization has established control systems to ensure regulatory compliance; Assisting the organization in achieving its mission in full accordance with organizational values;
• Providing additional sources of information to management on how the organization is actually operating;
• Establishing clear behavior expectations for everyone associated with the organization;
• Reducing the vulnerability to whistle blowing complaints;
• Improving internal communication and feedback from employees and others (i.e. students, independent contractors, et. al.);
• Defining organizational performance benchmarks;
• Reducing the risk of criminal and civil wrongdoing, and other misconduct;
• Reducing federal financial penalties if violations occur;
• Protecting the reputation of the organization.

Program, the Manual provides commentary elaborating on each of the seven elements (The exact language of each of the seven elements is noted in italic.):

ESTABLISHED COMPLIANCE STANDARDS

The organization must have established compliance standards and procedures to be followed by its employees and other agents that are reasonably capable of reducing the prospect of criminal conduct.

• Organizations need to have a compliance and ethics program designed to prevent and detect criminal conduct and other
• The compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct and other
• The organization shall establish standards of conduct that are reasonably capable of reducing the likelihood of criminal conduct and other
• The organization shall establish policies, procedures, and internal controls to prevent and detect criminal conduct and other
• The compliance and ethics program should address and incorporate factors that include applicable industry practice or the standards called for by any applicable governmental
• Organizations should encourage those that have, or seek to have, a business relationship with them to implement effective compliance and ethics programs.

ASSIGNED COMPLIANCE RESPONSIBILITIES

Specific individuals(s) within high-level personnel of the organization must have been assigned overall responsibility to oversee compliance with such standards and procedures.

• Specific individual(s) within high-level personnel shall be assigned overall responsibility for the day-to-day operational responsibility for the compliance and ethics program. [here in after referred to as the Compliance Officer(s)]
• The Compliance Officer must ensure that the organization has an effective compliance and ethics
• The Compliance Officer must takes steps to oversee compliance with standards and
• The Compliance Officer must have substantial authority to carry out their responsibilities.
• The Compliance Officer must be knowledgeable about the content and operation of the compliance and ethics
• Compliance Officer(s) must perform their assigned duties consistent with the exercise of due
• Compliance Officer(s) must promote an organizational culture that encourages ethical conduct and a commitment to compliance with the
• The Compliance Officer shall report directly to the governing authority, or an appropriate subgroup of the governing authority, on the implementation and effectiveness of the compliance and ethics
• The Compliance Officer shall be given adequate resources to be able to carry out their
• The Compliance Officer shall be given appropriate authority to be able to carry out their

Ill. DELEGATING AUTHORITY

The organization must have used due care not to delegate substantial discretionary authority to individuals whom the organization knew, or should have known through the exercise of due diligence, and a propensity to engage in illegal activities.

• The organization shall make reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics
• The organization needs to ensure that all individuals within the high-level personnel and substantial authority personnel of the organization will perform their assigned duties in a manner consistent with the exercise of due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the

1. COMPLIANCE COMMUNICATION

The organization must have taken steps to communicate effectively its standards and procedures to all employees and other agents, !UL by requiring participation in training programs or by disseminating publications that explain in a practical manner what is required.

• The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.
• Governing authority (Board of Directors; or the highest-level governing body of the organization) must become knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics
• Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the

1. AUDITING AND MONITORING

The organization must have taken reasonable steps to achieve compliance with its standards, §:iL. by utilizing monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents and by having in place and publicizing a reporting system whereby employees and other agents could report criminal conduct by others within the organization without fear of retaliation.

• The organization shall take reasonable steps to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct and other
• An organization shall exercise due diligence to prevent and detect criminal conduct; and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the
• The organization shall evaluate periodically the effectiveness of the organization’s compliance and ethics
• The organization needs to assess periodically the risk that criminal conduct and other misconduct will occur, including assessing the nature and seriousness of such conduct and likelihood that certain criminal conduct and other misconduct may occur because of the nature of the organization’s business.
• The organization shall have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct or other misconduct without fear of retaliation.
• The prior diligence of an organization in seeking to prevent and detect criminal conduct and other misconduct has a direct bearing on the appropriate penalties and probation terms for the organization if it is convicted and sentenced for a criminal offense.
• The organization should prioritize periodically, as appropriate, in order to focus on preventing and detecting the criminal conduct and other misconduct identified as most serious, and most likely, to

1. CONSISTENT COMPLIANCE ENFORCEMENT

The standards must have been consistently enforced through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals

responsible for the failure to detect an offense. Adequate discipline of individuals responsible for an offense is a necessary component of enforcement; however, the form of discipline that will be appropriate will be case specific.

• The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through appropriate incentives to perform in accordance with the compliance and ethics program; and appropriate disciplinary measures for engaging in criminal conduct and other misconduct and for failing to take reasonable steps to prevent or detect criminal conduct and other
• After criminal conduct and other misconduct has been detected, the organization shall take reasonable steps to respond appropriately to the conduct and to prevent further similar conduct, including making any necessary modifications to the organization’s compliance and ethics program.
• In implementing taking corrective action on detected misconduct, the organization shall periodically assess the risk of criminal conduct and other misconduct and shall take appropriate steps to design, implement, or modify measures to reduce the risk of criminal conduct and other misconduct identified through this
• Organization shall take adequate discipline of individuals responsible for an offense is a necessary component of enforcement; however, the form of discipline that will be appropriate will be case

VII. RESPONDING TO DETECTED OFFENSE

After an offense has been detected, the organization must have taken all reasonable steps to report appropriately to the offense and to prevent further similar offenses-including any necessary modifications to its program to prevent and detect violations of law.

• Where a substantial risk is identified for certain types of criminal conduct occurring, the organization must take reasonable steps to prevent and detect that type of criminal
• The organization needs to modify, as appropriate, the actions taken pursuant to any corrective action to reduce the risk of criminal conduct as most serious, and most likely, to occur.
• Corrective actions must be intended to achieve reasonable prevention and detection of criminal conduct for which the organization would be vicariously liable.
• Organization shall periodically set priorities for actions taken to any requirement to reduce the risk of criminal conduct and other

Effective November 1, 2005 , the USSC published the USSC Guidelines Manual (“Manual”). In addition to restating the seven basic elements of a compliance