Why Have a Compliance Program?

I’m working on presentation for a continuing education program and decided to step back and look at the basics. I went all the way back to “why?”

You Are Required

Sometimes the answer is easy. You have to have a compliance program. Your company is in a heavily regulated industry that explicitly requires a formal compliance program. Or your industry is subject to big regulatory overhead and implicitly requires a formal compliance program.

For an example, see the SEC’s Investment Advisers Act Rule 206(4)-7. This rule explicitly requires a firm to appoint a chief compliance officer, implement a program, and it review it annually.

Defense – Federal Sentencing Guidelines

Another reason to have a compliance program is to reduce the repercussions of federal prosecution for illegal behavior. Under the Federal Sentencing Guidelines, a convicted organization is eligible for a reduced sentence if it had an effective compliance and ethics program in place at the time of the offense.  The Guidelines spell out several features that a compliance program must have for the organization to receive this credit.

Satisfying the requirements in the Guidelines for an effective compliance and ethics program is widely viewed as an important step in (i) avoiding prosecution altogether, (ii) positioning a corporation to advocate for a non-prosecution or deferred prosecution agreement, and (iii) mitigating the fine that must be paid if a non-prosecution or deferred prosecution agreement is negotiated.

Response to Crisis

Compliance programs can originate from a crisis facing an organization. Either because of prosecution or narrowly missing prosecution, the organization decides to implement a program to prevent the problem from happening again.

For an example, see the Federal Bureau of Investigation’s Integrity and Compliance Program. According to the FBI’s Patrick Kelley, the FBI’s Chief Compliance Officer in the Office of Integrity and Compliance, the Bureau’s program was modeled after corporate compliance programs. The precipitating event was a Congressional hearing on the possible abuse of National Security Letters by the Bureau. In addition to monitoring this one risk, the compliance program has been expanded to include the top 50 risks. These risks extend beyond core operations to things such as OSHA compliance.


With the passage of the Dodd-Frank Financial Reform and Consumer Protection Act, there is a new program to reward whistleblowers. Under the new program eligible whistleblowers are entitled to an award of between 10% and 30% of the monetary sanctions collected in actions brought by the Securities and Exchange Commission and related actions brought by other regulatory and law enforcement authorities.

Expect a dramatic increase in employees coming forward to report wrongdoing within their companies. The recent award of over $100 million to a whistleblower will surely increase the awareness of whistleblower financial rewards.

Reduce Risk and Deter Bad Behavior

A compliance program may not prevent all problems from occurring. If a problem arises, a good compliance program may isolate the incident and defer further prosecution.

For an example, see the SEC’s complaint against Garth Peterson. Mr. Peterson was a Managing Director of Morgan Stanley, located in Hong Kong and running the firm’s Chinese real estate investments. Mr. Peterson was accused of violating the Foreign Corrupt Practices Act and other illegal actions.  Starting in Section 23 of the complaint, the Department of Justice details many of the steps Morgan Stanley took to comply with the Foreign Corrupt Practices Act.

The program failed to prevent Mr. Peterson’s illegal behavior, but it did convince the Department of Justice not to prosecute the firm itself.


Federal Sentencing Guidelines Section 8b2 – Effective Compliance and Ethics Program

SEC’s Complaint against Garth Peterson

SEC’s Office of the Whistleblower – Frequently Asked Questions

SEC’s Investment Advisers Act Rule 206(4)-7

Federal Bureau of Investigation’s Integrity and Compliance Program

One Comment