Letters to the Editor
Carl Peckinpaugh's May 1 column ["Beware of Rotten Apples," Federal Computer
Week, May 1, 2000] may have sent the wrong message to government contractors
by indicating that "adoption of a compliance program will not be of much
value to a company." Far more important was Carl's hint that effective implementation
is the sine qua non of a good compliance program.
Unstated in the column is the well-recognized fact that a government
contractor's diligently implemented compliance program is a company's first
line of defense against wrongdoing by its own employees. This is particularly
true for contractors selling off of schedule contracts or indefinite delivery,
indefinite quantity contracts, where there are so many opportunities for
employees to stray afoul of the law or regulations.
Seven years ago, a large service contractor asked me to examine its
existing compliance program. The company had just pleaded guilty to the
felony of cost mischarging, or making false statements charging costs to
the wrong contract. The company had an ethics code, had carefully trained
its employees and even had a strong videotape, starring its CEO, that every
employee was required to watch.
I found one important "rotten apple" in the barrel. The compliance program
had "winked" at wrongdoing in its implementation, and the senior managers
knew it. Despite all of the fine words in the program, advancement in the
company was based exclusively on sales volume, creating a disincentive to
follow the proper cost charging rules where such rules impeded the manager's
promotion.
Compliance programs must be implemented with more than a wink, and a
company only gets credit for a program that is effectively implemented.
But the credit is significant potentially up to a 95 percent reduction
in corporate fines. Remember that although individuals can be jailed, companies
can only be fined or put out of business for criminal wrongdoing.
The U.S. Sentencing Guidelines define an effective program to prevent
and detect violations of law (a compliance program) as one that has "been
reasonably designed, implemented and enforced so that it generally will
be effective in preventing and detecting criminal conduct."
The hallmark of a compliance program is that "the organization exercised
due diligence in seeking to prevent and detect criminal conduct by its employees
and other agents," and due diligence requires that a company take these
seven key steps: place a compliance officer in charge, implement an ethics
program, exercise due care in delegation of authority, effectively train
its personnel, conduct reasonable audits, enforce its program through appropriate
disciplinary measures, and correct any problems detected in order to prevent
future violations.
Although a company's adoption of an effective compliance program cannot
insulate it from responsibility for its employees' bad acts, it can accomplish
two critical things: prevent problems or violations before they start or
detect them very early, when they can be corrected; and reduce company fines
if the violations are discovered and criminally prosecuted.
Unfortunately, between 1995 and 1998, the U.S. Sentencing Commission
found that only one out of 325 organizations sentenced under the Organizational
Sentencing Guidelines had an effective compliance program. This is a pretty
poor record, especially in light of the Delaware Chancery Court's statement
in a seminal 1996 case, In Re Caremark International Inc. Derivative Litigation
(698 A. 2d 959 (Del. Ch. 1996), that the sentencing guidelines offered powerful
incentives for corporations to have compliance programs and that "a director's
obligation includes a duty to attempt in good faith to assure that [an effective
compliance program exists] and failure to do so may, in theory at least,
render a director liable for losses caused by non-compliance with applicable
legal standards."
The Department of Health and Human Services inspector general believes
in compliance programs and has issued and urged government contractors to
adopt no fewer than seven model compliance programs (for hospitals, clinical
laboratories, home health agencies, durable medical equipment companies,
hospices, Medicare organizations and nursing facilities) to prevent and
detect fraud. Other inspectors general believe in compliance programs just
as fervently.
You can find and get rid of the rotten apples in your company by implementing
an effective compliance program. Do it diligently, and the offenders are
likely to be caught before they perpetrate any wrongdoing. Even if you don't
weed them out, your company's compliance with laws and regulations is likely
to be greater, and your corporate fines are likely to be lower.
Richard D. Lieberman
Former deputy inspector general for the Defense Department
Partner in the law firm of McCarthy, Sweeney and Harkaway P.C.
Washington, D.C.