Advance your career
and leadership potential
on your own time.

Become a trusted expert on the critical nuances of compliance and risk management through a flexible online degree program.

Components of Effective Compliance Programs Through the Lens of the DOJ

by | Jun 16, 2021

Compliance ProgramsAs you learn in Seattle U Law’s Master of Legal Studies in Compliance and Risk Management program, guidance from the Federal Sentencing Guidelines influences the design and implementation of compliance programs. 

Although the Sentencing Guidelines apply to companies convicted of federal criminal offenses, government agencies use those guidelines to set standards for evaluating company compliance and ethics programs. And, importantly, compliance professionals use the Sentencing Guidelines to design effective programs that help avoid investigations and penalties.

You can hear about the chief components of an effective program and our MLS program in a webinar with Seattle U Law faculty member Frank DiMarino. Professor DiMarino, JD, LL.M., served as an assistant United States attorney for 18 years, presenting cases before the U.S. District and Appeals Courts while prosecuting corporations and individuals for crimes such as wire and bank fraud, money laundering, embezzlement, and tax evasion. Professor DiMarino oversaw corporate compliance programs as part of criminal sentences under the United States Sentencing Guidelines.

Five Key Functions of a Compliance Department

Every organization is engaged in compliance through their efforts to comply with laws, regulations, and industry standards. Any effective compliance department must perform five key functions. Those functions may be performed by a compliance officer, a compliance manager, or possibly a risk manager, depending on the organization. 

The same five key compliance functions form the academic competencies as program-level outcomes for the MLS curriculum. Students graduate with an understanding of these functions and, depending on their coursework and experience,  achieve an advanced level of skill mastery: 

  • To identify and assess the risks. Organizations have unique characteristics, and performing a risk assessment addresses unique organizational requirements. Risk assessments also identify the types of vulnerabilities an organization may encounter. They should include a root-cause analysis that identifies how the risk exists and how to overcome it. 
  • To design and implement controls to protect an organization from those risks. This step encompasses the creation of standards, such as reporting and approval requirements, and also establishing internal controls, such as training programs, to prevent employee misconduct.
  • To monitor and report on the effectiveness of risk management controls. Compliance professionals may achieve this through audits, through evaluation and continuous improvement, and potentially by benchmarking their organization’s performance against others in their industry.
  • To resolve compliance infractions as they occur. This function is typically performed through organizational investigations. As students learn in a specialized course devoted to this subject, investigations must adhere to the legal standards for considering relevant evidence and be conducted fairly, objectively, and thoroughly.
  • To advise an organization about rules and controls. Providing reports to the board of directors, officers, and  senior managers ensures awareness of risk-generating activities and solutions to minimize risk. 

These skill sets can be developed for a broad range of careers or advancement within current careers. Compliance and risk professionals can play a critical role in complying with the regulations and guidance of the Department of Justice and other administrative agencies. Compliance and risk professionals also may have careers within enforcing or regulatory agencies.

The Influence of U.S. Sentencing Guidelines on Compliance Programs

A 2020 update to the Federal Sentencing Guidelines provides further clarity and direction about how to measure compliance program effectiveness. The key questions prosecutors will raise when evaluating programs, and that compliance officers should consider, are:

  • Is the program well designed? A program should clearly indicate who is in control. The reporting structure should be clearly established, and the compliance officer should have adequate independence.
  • Has the program been applied earnestly and in good faith? Does a program address the unique types of risks that apply to a specific organization?
  • Does the program actually work in practice? Does it prevent misconduct? When the misconduct occurs, is it responsibly addressed, and is there a continuous improvement of the program?

A “check-the-box” approach to compliance is insufficient. Programs must demonstrate effective implementation as shown by their outcomes. 

Measuring the Effectiveness of Compliance Programs

When faced with employee misconduct in a particular organization, the Department of Justice (DOJ) and other governmental agencies look for evidence that compliance programs are substantive and that the programs truly help organizations find and appropriately remediate noncompliance or misconduct when it occurs. Results are key. 

Here are factors to assess the effectiveness of a compliance program:

  • What standards and procedures are contained in a compliance manual that are customized to meet the unique risks confronted by an organization?
  • How many employees are in a compliance department–and more importantly, what are the outcomes of this department? Are the compliance employees  actively engaged with managers at all levels of the organization?
  • How many employees attend compliance and ethics training? And, more importantly, what are the results? Do surveys or knowledge assessments document the effectiveness of such training?
  • How many organizational investigations have been performed? And, to evaluate whether such investigations were effective, what type of remediation was performed? How does the remediation ensure that misconduct will not reoccur?
  • How many employees have been dismissed for misconduct? If employees have been disciplined or dismissed for misconduct after an investigation, were the actions targeted only at lower-level staff, or did discipline and dismissals extend from lower-level staff to senior management?

An effective compliance program exercises due diligence to prevent and detect misconduct, and it promotes an organizational culture that encourages ethical conduct and a commitment to compliance with the law. 

SU Law’s MLS program is aligned with those goals: It teaches you how to build robust programs and evaluate their effectiveness. You learn how to uncover and appropriately deal with misconduct when it arises. Our “compliance with a conscience” motto teaches that moral leadership and an ethics-based approach offers organizations a sound strategy for navigating these issues and cultivating practices that protect a company’s brand or reputation.

Master of Legal Studies in Compliance and Risk Management Program

Seattle U Law’s Master of Legal Studies in Compliance and Risk Management program helps individuals who want to advance their careers and learn from respected leaders in ethics, compliance, and risk management. 

Depending on professional goals and interests, students in the fully online program can optionally choose to focus on financial compliance, healthcare compliance, corporate compliance, or data & cybersecurity compliance. The MLS program provides opportunities to solve problems through a legal lens and gain foundational knowledge of the law, but without a JD. It prepares graduates to lead compliance efforts in any organization, regardless of industry. Students graduate with a commanding knowledge of law, legal analysis, and the frameworks used to identify, assess, and respond to risk. The program’s values-based approach moves beyond a narrow sense of compliance and helps establish a sense of equity, justice, and inclusion.

For more information, contact us at lawgraduateonline@seattleu.edu