Rebecca Walker – Compliance Building

A Benchmarking Survey on Third-Party Codes of Conduct

Rebecca Walker of Kaplan & Walker LLP is the author of a report on A Benchmarking Survey on Third-Party Codes of Conduct (register to download) sponsored by The Society of Corporate Compliance and Ethics. The SCCE received survey results from more than 400 compliance professionals on how they deal with third-party compliance policies. As Rebecca point out in the report: “Organizations are also subject to risks of misconduct by virtue of the actions of agents and other third parties who act on their behalf or partner with the organization in some way.”

Among the relevant findings in the survey:

Only 47% of companies disseminate their internal employee code of conduct to to third parties.
Only 26% of companies require that third parties certify to their codes of conduct.
Of those 26%, 92% did not have a threshold as when they required certifications.
Only 17% of organizations have a code of conduct that is applicable to third parties.

Rebecca points out the U.S. Sentencing Guidelines provide incentives to have your compliance programs reach out to third parties:

Sentencing Guideline §8B2.1(4):

(A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

One of the problems with pushing out your compliance program to third parties is that they may have the may have their own which differs with your program. The bigger problem is you setting the compliance standards but not enforcing them. Rebecca offers some ways to extend compliance and ethics requirements to third-parties. These are some highlights:

Conduct due diligence regarding business partners’ compliance and ethics programs.
Incorporate language into contracts with third parties requiring compliance.
Train third parties on the ethics and compliance program or on particular company policies or procedures.

Thanks to Corporate Compliance Insights for pointing out this survey: Third Party Controls Lacking In Ethics and Compliance Expectations Says SCCE Survey.

The Implications of Stone v. Ritter

In 1996, Delaware’s Court of Chancery stated in the Caremark case that a director’s duty of good faith includes a duty to attempt to assure that a corporate information and reporting system exists, and that failure to do so may, under some circumstances, render a director liable for losses caused by the illegal conduct of employees. In 2006 the Delaware Supreme Court applied and clarified the Caremark language in the case of Stone v. Ritter.

Rebecca Walker of Walkercompliance.com wrote a summary of the Implications of Stone v. Ritter on Board Oversight of a Compliance Program.

The Stone decision formalizes the discussion that appeared in Caremark regarding potential liability of directors into a holding that directors may be liable for the damages resulting from legal violations committed by employees of a corporation, if directors fail to implement a reporting or information system or controls or fail to monitor such systems. The court places this duty of directors squarely within the duty of loyalty. The decision also provides a view of those factors that the court will use in deciding whether the board oversight of the company’s compliance program was adequate to prevent liability to the directors.

In Re Caremark Int’l Inc. Derivative Litigation, 698 A.2d 959, 970 (Del. Ch. 1996).
Stone v. Ritter, 911 A.2d 362 (Del. 2006).

Thinking About Training

Jeffrey M. Kaplan and Rebecca Walker, partners in the law firm of Kaplan & Walker LLP wrote an article Thinking About Training in the March/April 2008 edition of Ethikos.

The goals of training—to enhance employees’ understanding of the law and company policy and promote ethical business conduct—will not be achieved if training is not comprehensible and interesting enough to be heard and remembered. The Sentencing Guidelines highlight this notion by providing that companies must not only provide training—they must do so in an effective manner.