Letters to the Editor

  • May 30, 2000

Carl Peckinpaugh's May 1 column ["Beware of Rotten Apples," Federal Computer Week, May 1, 2000] may have sent the wrong message to government contractors by indicating that "adoption of a compliance program will not be of much value to a company." Far more important was Carl's hint that effective implementation is the sine qua non of a good compliance program.

Unstated in the column is the well-recognized fact that a government contractor's diligently implemented compliance program is a company's first line of defense against wrongdoing by its own employees. This is particularly true for contractors selling off of schedule contracts or indefinite delivery, indefinite quantity contracts, where there are so many opportunities for employees to stray afoul of the law or regulations.

Seven years ago, a large service contractor asked me to examine its existing compliance program. The company had just pleaded guilty to the felony of cost mischarging, or making false statements charging costs to the wrong contract. The company had an ethics code, had carefully trained its employees and even had a strong videotape, starring its CEO, that every employee was required to watch.

I found one important "rotten apple" in the barrel. The compliance program had "winked" at wrongdoing in its implementation, and the senior managers knew it. Despite all of the fine words in the program, advancement in the company was based exclusively on sales volume, creating a disincentive to follow the proper cost charging rules where such rules impeded the manager's promotion.

Compliance programs must be implemented with more than a wink, and a company only gets credit for a program that is effectively implemented. But the credit is significant — potentially up to a 95 percent reduction in corporate fines. Remember that although individuals can be jailed, companies can only be fined or put out of business for criminal wrongdoing.

The U.S. Sentencing Guidelines define an effective program to prevent and detect violations of law (a compliance program) as one that has "been reasonably designed, implemented and enforced so that it generally will be effective in preventing and detecting criminal conduct."

The hallmark of a compliance program is that "the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents," and due diligence requires that a company take these seven key steps: place a compliance officer in charge, implement an ethics program, exercise due care in delegation of authority, effectively train its personnel, conduct reasonable audits, enforce its program through appropriate disciplinary measures, and correct any problems detected in order to prevent future violations.

Although a company's adoption of an effective compliance program cannot insulate it from responsibility for its employees' bad acts, it can accomplish two critical things: prevent problems or violations before they start or detect them very early, when they can be corrected; and reduce company fines if the violations are discovered and criminally prosecuted.

Unfortunately, between 1995 and 1998, the U.S. Sentencing Commission found that only one out of 325 organizations sentenced under the Organizational Sentencing Guidelines had an effective compliance program. This is a pretty poor record, especially in light of the Delaware Chancery Court's statement in a seminal 1996 case, In Re Caremark International Inc. Derivative Litigation (698 A. 2d 959 (Del. Ch. 1996), that the sentencing guidelines offered powerful incentives for corporations to have compliance programs and that "a director's obligation includes a duty to attempt in good faith to assure that [an effective compliance program exists] and failure to do so may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards."

The Department of Health and Human Services inspector general believes in compliance programs and has issued and urged government contractors to adopt no fewer than seven model compliance programs (for hospitals, clinical laboratories, home health agencies, durable medical equipment companies, hospices, Medicare organizations and nursing facilities) to prevent and detect fraud. Other inspectors general believe in compliance programs just as fervently.

You can find and get rid of the rotten apples in your company by implementing an effective compliance program. Do it diligently, and the offenders are likely to be caught before they perpetrate any wrongdoing. Even if you don't weed them out, your company's compliance with laws and regulations is likely to be greater, and your corporate fines are likely to be lower.

Richard D. Lieberman

Former deputy inspector general for the Defense Department

Partner in the law firm of McCarthy, Sweeney and Harkaway P.C.

Washington, D.C.

WRITE US

We welcome your comments.

To send a letter to the editor, e-mail us at letters@fcw.com. Please include your full name and a phone number for verification. We can withhold yourname upon request.

Letters may be edited for clarity and for space constraints in the printversion of FCW.

May 30, 2000

More Related Links

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.