New Sentencing Guidelines for Corporate Defendants

Holly Gregory is a Corporate Partner specializing in corporate governance at Weil, Gotshal & Manges LLP. This post is based on a Weil Gotshal briefing by Thomas C. Frongillo, Lisa R. Eskow, and Caroline K. Simons.

On April 7, 2010, the United States Sentencing Commission approved significant changes to Chapter 8 of the Federal Sentencing Guidelines, which applies to organizations convicted of criminal offenses. In particular, these amendments affect the requirements for establishing an “effective compliance program” — a means of mitigating institutional punishment in the wake of criminal conduct. Barring rejection or changes from Congress, the amendments take effect automatically on November 1, 2010.

One important change expands an organization’s eligibility for a reduced sentence if it has an effective compliance and ethics program in place at the time an offense occurs. Additional amendments clarify what constitutes an appropriate response to criminal conduct as part of an effective compliance program. And, notably, the Commission rejected controversial proposals regarding independent monitors and document retention policies that some had argued would prevent flexibility in tailoring context-appropriate compliance programs and responses. On balance, the amendments reflect a give-and-take approach designed to encourage better internal and external reporting of suspected criminal conduct as a means of detecting and deterring crime, especially at the executive level.

Understanding the new Guidelines is critical not only for corporations facing criminal prosecution, but also for those seeking to avoid it. The United States Attorney considers the existence and effectiveness of compliance programs in determining whether to file charges, and the new amendments reflect the importance of independent and autonomous compliance officers to federal prosecutors and government agencies. Indeed, as Acting Deputy Attorney General Gary G. Grindler recently emphasized, “[t]hese amendments reinforce the point that having a robust compliance program is critical not only to preventing misconduct in the first place, but also [to] how your organization will be treated in the event criminal conduct does take place.” Additionally, effective compliance and ethics programs may reduce exposure to liability if civil litigation occurs. Corporations should therefore reassess their compliance programs in light of the new Guidelines to improve both their ability to comply with the law and, in the event of a violation, respond efficiently and effectively with appropriate, remedial measures.

The Importance of an Effective Compliance and Ethics Program

Implementing an effective compliance and ethics program is essential to an organization’s ability to self-monitor and, if appropriate, report discovered violations to government authorities. It also is the starting point for assessing eligibility for a reduced sentence under the Guidelines, and the amendments offer important insights into how to maximize the practical and legal benefits of this organizational risk-management tool.

Enhanced Autonomy for Compliance Personnel

The proposed Guidelines amendments expand the availability of sentencing benefits for organizations that ensure the autonomy of compliance personnel. Under the previous Guidelines, convicted organizations could receive a reduced sentence for having an effective compliance and ethics program in place at the time of the offense, but only if no “high-level personnel” were involved in, or willfully ignorant of, the crime. This per se disqualification rule proved fatal to many corporations, as the term “high-level personnel” was defined broadly by the Guidelines and applied broadly in practice. The amendments eliminate this automatic disqualification based on the offender’s organizational rank, focusing instead on the structural independence of compliance personnel, among other factors.

To be eligible for the newly expanded credit for an effective compliance and ethics program, convicted organizations must satisfy four criteria, the first of which is a direct communication channel between compliance personnel and the organization’s governing authority (e.g., a board of directors or an audit committee of the board). The Guidelines do not prescribe a rigid formula but set forth parameters for meeting this “direct reporting” criterion. Perhaps the most important requirement is “express authority” for the “individual or individuals with operational responsibility for the compliance and ethics program” to “communicate personally” with the governing authority. This personal communication must occur “promptly” on matters involving actual or potential criminal conduct, and “no less than annually on the implementation and effectiveness of the compliance and ethics program.”

In addition to the direct-reporting requirement, three other conditions must be met to remain eligible for a reduced sentence notwithstanding the involvement or willful ignorance of high level personnel: (1) the compliance program detected the offense before discovery outside the company was reasonably likely; (2) the corporation promptly reported the offense to appropriate government authorities; and (3) no individual with operational responsibility for the compliance program participated in, condoned, or was willfully ignorant of the offense.

Of the four criteria, the direct-reporting requirement is likely to have the most significant impact on the structure of organizations’ compliance and ethics programs. While a direct line of communication may already exist in some organizations, others may want to reassess compliance procedures, particularly if they rely on general counsel or other officers to relay selective compliance information and reports to the board.

Organizations should bear in mind, however, that a direct-reporting channel is required for sentencing credit only if high-level personnel are involved in the offense. In other circumstances, it may be possible for an organization to demonstrate an effective compliance and ethics program without direct reporting in place. But, as it may be difficult to predict who will commit an offense, organizations may wish to implement procedures that most faithfully advance the Commission’s objective of expanding direct communication between compliance personnel and an organization’s governing authority. Such measures also may reflect favorably on an organization when federal prosecutors and government agencies evaluate how to respond to an offense. As with all decisions concerning corporate governance, organizations will want to evaluate their options and weigh the risks and benefits of different compliance models.

Effective Response to Detected Criminal Conduct

The amendments add commentary to clarify the existing Guidelines requirement that an organization take “reasonable steps” after detecting criminal conduct. To qualify as having an effective compliance and ethics program, an organization must respond appropriately in two specific ways that the Commission has now set forth: first, the company must take reasonable steps to remedy the harm caused by the criminal conduct; second, the company must take appropriate measures to prevent further similar criminal conduct, which includes assessing the compliance program and modifying it as needed to ensure its effectiveness.

Regarding the remedial component of an effective response, the Commission rejected an earlier proposal that effectively would have required payment of presentencing restitution to victims of the criminal conduct that an organization detects. After hearing testimony from groups such as the American Bar Association and the National Association of Criminal Defense Lawyers, the Commission opted to include restitution as merely one of several permissible “reasonable steps” to remedy harm from criminal conduct. Because organizations retain discretion to pay restitution “where appropriate” and when “warranted under the circumstances,” greater flexibility exists to investigate suspected criminal conduct and to assess whether remedial steps, including restitution, are appropriate. This approach also avoids placing organizations in the predicament of paying restitution in an attempt to qualify for Guidelines credit without knowing whether restitution will be ordered at sentencing or whether the organization will have to pay the same victims twice if civil litigation proceeds. In addition to restitution, other “reasonable steps” in an appropriate response to a detected crime “may” include self-reporting and cooperation with federal authorities.

Regarding the prevention prong of an effective response, the Commission again rejected an earlier proposal that critics claimed would have imposed unwarranted financial and corporate governance costs. The controversial language here involved retention of an “independent monitor” as part of an effective compliance program, which some feared would be ordered even in circumstances that did not warrant such an intrusive measure. The Commission opted instead for language specifying that the preventative steps an organization takes “may include the use of an outside professional advisor” to assess modifications to the organization’s compliance program.

No Requirements for Document Retention Policies

Electing, again, to promote flexibility over specificity, the Commission declined to adopt a proposed amendment focusing on the role of document retention policies in an effective compliance program. The proposed language would have required a broad range of employees to “be aware of” and to “conform” document retention policies to meet the goals of an effective compliance program under the Guidelines. Critics protested that the “awareness” standard was ambiguous, that the scope of covered employees was overbroad, and that the language unjustifiably exalted document retention policies over other components of an effective compliance program.

Although the Guidelines do not contain specific directives on document retention, an organization nonetheless should consider reassessing its document retention policy to determine whether modifications might improve the policy’s role in establishing the overall effectiveness of the organization’s compliance program.


The amendments provide organizations with important insights into how to create and implement an effective compliance and ethics program. In particular, the amendments reflect the Commission’s confidence in independent and autonomous compliance officers who report directly to an organization’s governing authority. To reduce the risk of prosecution, civil exposure, and maximum penalties should criminal misconduct occur, companies may wish to reassess compliance reporting practices, to review company policies to facilitate appropriate responses to criminal conduct, and to consider consulting with independent advisors on updates or modifications to compliance and ethics programs.

Both comments and trackbacks are currently closed.