673

AMENDMENT 673

Amendment: Chapter Eight is amended by striking the "Introductory Commentary" as follows:

" Introductory Commentary

The guidelines and policy statements in this chapter apply when the convicted defendant is an organization. Organizations can act only through agents and, under federal criminal law, generally are vicariously liable for offenses committed by their agents. At the same time, individual agents are responsible for their own criminal conduct. Federal prosecutions of organizations therefore frequently involve individual and organizational co-defendants. Convicted individual agents of organizations are sentenced in accordance with the guidelines and policy statements in the preceding chapters. This chapter is designed so that the sanctions imposed upon organizations and their agents, taken together, will provide just punishment, adequate deterrence, and incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct.

This chapter reflects the following general principles: First, the court must, whenever practicable, order the organization to remedy any harm caused by the offense. The resources expended to remedy the harm should not be viewed as punishment, but rather as a means of making victims whole for the harm caused. Second, if the organization operated primarily for a criminal purpose or primarily by criminal means, the fine should be set sufficiently high to divest the organization of all its assets. Third, the fine range for any other organization should be based on the seriousness of the offense and the culpability of the organization. The seriousness of the offense generally will be reflected by the highest of the pecuniary gain, the pecuniary loss, or the amount in a guideline offense level fine table. Culpability generally will be determined by the steps taken by the organization prior to the offense to prevent and detect criminal conduct, the level and extent of involvement in or tolerance of the offense by certain personnel, and the organization’s actions after an offense has been committed. Fourth, probation is an appropriate sentence for an organizational defendant when needed to ensure that another sanction will be fully implemented, or to ensure that steps will be taken within the organization to reduce the likelihood of future criminal conduct.",

and inserting the following:

" Introductory Commentary

This chapter reflects the following general principles:

First, the court must, whenever practicable, order the organization to remedy any harm caused by the offense. The resources expended to remedy the harm should not be viewed as punishment, but rather as a means of making victims whole for the harm caused.

Second, if the organization operated primarily for a criminal purpose or primarily by criminal means, the fine should be set sufficiently high to divest the organization of all its assets.

Third, the fine range for any other organization should be based on the seriousness of the offense and the culpability of the organization. The seriousness of the offense generally will be reflected by the greatest of the pecuniary gain, the pecuniary loss, or the amount in a guideline offense level fine table. Culpability generally will be determined by six factors that the sentencing court must consider. The four factors that increase the ultimate punishment of an organization are: (i) the involvement in or tolerance of criminal activity; (ii) the prior history of the organization; (iii) the violation of an order; and (iv) the obstruction of justice. The two factors that mitigate the ultimate punishment of an organization are: (i) the existence of an effective compliance and ethics program; and (ii) self-reporting, cooperation, or acceptance of responsibility.

Fourth, probation is an appropriate sentence for an organizational defendant when needed to ensure that another sanction will be fully implemented, or to ensure that steps will be taken within the organization to reduce the likelihood of future criminal conduct.

These guidelines offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program. The prevention and detection of criminal conduct, as facilitated by an effective compliance and ethics program, will assist an organization in encouraging ethical conduct and in complying fully with all applicable laws.".

Section 8A1.2(a) is amended by inserting ", Subpart 1" after "Part B".

Section 8A1.2(b)(2)(D) is amended by adding at the end the following:

"To determine whether the organization had an effective compliance and ethics program for purposes of §8C2.5(f), apply §8B2.1 (Effective Compliance and Ethics Program).".

The Commentary to §8A1.2 captioned "Application Notes" is amended in Note 3(c) in the second sentence by inserting "of the organization" after "high-level personnel".

The Commentary to §8A1.2 captioned "Application Notes" is amended by striking Note 3(k) as follows:

"(k) An ‘effective program to prevent and detect violations of law’ means a program that has been reasonably designed, implemented, and enforced so that it generally will be effective in preventing and detecting criminal conduct. Failure to prevent or detect the instant offense, by itself, does not mean that the program was not effective. The hallmark of an effective program to prevent and detect violations of law is that the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents. Due diligence requires at a minimum that the organization must have taken the following types of steps:

(1) The organization must have established compliance standards and procedures to be followed by its employees and other agents that are reasonably capable of reducing the prospect of criminal conduct.

(2) Specific individual(s) within high-level personnel of the organization must have been assigned overall responsibility to oversee compliance with such standards and procedures.

(3) The organization must have used due care not to delegate substantial discretionary authority to individuals whom the organization knew, or should have known through the exercise of due diligence, had a propensity to engage in illegal activities.

(4) The organization must have taken steps to communicate effectively its standards and procedures to all employees and other agents, e.g., by requiring participation in training programs or by disseminating publications that explain in a practical manner what is required.

(5) The organization must have taken reasonable steps to achieve compliance with its standards, e.g., by utilizing monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents and by having in place and publicizing a reporting system whereby employees and other agents could report criminal conduct by others within the organization without fear of retribution.

(6) The standards must have been consistently enforced through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect an offense. Adequate discipline of individuals responsible for an offense is a necessary component of enforcement; however, the form of discipline that will be appropriate will be case specific.

(7) After an offense has been detected, the organization must have taken all reasonable steps to respond appropriately to the offense and to prevent further similar offenses -- including any necessary modifications to its program to prevent and detect violations of law.

The precise actions necessary for an effective program to prevent and detect violations of law will depend upon a number of factors. Among the relevant factors are:

(i) Size of the organization -- The requisite degree of formality of a program to prevent and detect violations of law will vary with the size of the organization: the larger the organization, the more formal the program typically should be. A larger organization generally should have established written policies defining the standards and procedures to be followed by its employees and other agents.

(ii) Likelihood that certain offenses may occur because of the nature of its business-- If because of the nature of an organization’s business there is a substantial risk that certain types of offenses may occur, management must have taken steps to prevent and detect those types of offenses. For example, if an organization handles toxic substances, it must have established standards and procedures designed to ensure that those substances are properly handled at all times. If an organization employs sales personnel who have flexibility in setting prices, it must have established standards and procedures designed to prevent and detect price-fixing. If an organization employs sales personnel who have flexibility to represent the material characteristics of a product, it must have established standards and procedures designed to prevent fraud.

(iii) Prior history of the organization -- An organization’s prior history may indicate types of offenses that it should have taken actions to prevent. Recurrence of misconduct similar to that which an organization has previously committed casts doubt on whether it took all reasonable steps to prevent such misconduct. An organization’s failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective program to prevent and detect violations of law.".

Chapter Eight, Part B is amended by striking the heading as follows:

"PART B - REMEDYING HARM FROM CRIMINAL CONDUCT",

and inserting the following:

"PART B - REMEDYING HARM FROM CRIMINAL CONDUCT, AND EFFECTIVE COMPLIANCE AND ETHICS PROGRAM

1. REMEDYING HARM FROM CRIMINAL CONDUCT";

and by adding at the end the following new subpart:

"2. EFFECTIVE COMPLIANCE AND ETHICS PROGRAM

§8B2.1. Effective Compliance and Ethics Program

(a) To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation - Organizations), an organization shall—

(1) exercise due diligence to prevent and detect criminal conduct; and

(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.

(b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:

(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.

(2) (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.

(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.

(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.

(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

(5) The organization shall take reasonable steps—

(A) to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;

(B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and

(C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

(6) The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.

(c) In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.

Commentary

Application Notes:

1. Definitions.—For purposes of this guideline:

‘Compliance and ethics program’ means a program designed to prevent and detect criminal conduct.

‘Governing authority’ means the (A) the Board of Directors; or (B) if the organization does not have a Board of Directors, the highest-level governing body of the organization.

‘High-level personnel of the organization’ and ‘substantial authority personnel’ have the meaning given those terms in the Commentary to §8A1.2 (Application Instructions - Organizations).

‘Standards and procedures’ means standards of conduct and internal controls that are reasonably capable of reducing the likelihood of criminal conduct.

2. Factors to Consider in Meeting Requirements of this Guideline.—

(A) In General.—Each of the requirements set forth in this guideline shall be met by an organization; however, in determining what specific actions are necessary to meet those requirements, factors that shall be considered include: (i) applicable industry practice or the standards called for by any applicable governmental regulation; (ii) the size of the organization; and (iii) similar misconduct.

(B) Applicable Governmental Regulation and Industry Practice.—An organization’s failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective compliance and ethics program.

(i) In General.—The formality and scope of actions that an organization shall take to meet the requirements of this guideline, including the necessary features of the organization’s standards and procedures, depend on the size of the organization.

(ii) Large Organizations.—A large organization generally shall devote more formal operations and greater resources in meeting the requirements of this guideline than shall a small organization. As appropriate, a large organization should encourage small organizations (especially those that have, or seek to have, a business relationship with the large organization) to implement effective compliance and ethics programs.

(iii) Small Organizations.—In meeting the requirements of this guideline, small organizations shall demonstrate the same degree of commitment to ethical conduct and compliance with the law as large organizations. However, a small organization may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations. In appropriate circumstances, reliance on existing resources and simple systems can demonstrate a degree of commitment that, for a large organization, would only be demonstrated through more formally planned and implemented systems.

Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guideline include the following: (I) the governing authority’s discharge of its responsibility for oversight of the compliance and ethics program by directly managing the organization’s compliance and ethics efforts; (II) training employees through informal staff meetings, and monitoring through regular ‘walk-arounds’ or continuous observation while managing the organization; (III) using available personnel, rather than employing separate staff, to carry out the compliance and ethics program; and (IV) modeling its own compliance and ethics program on existing, well-regarded compliance and ethics programs and best practices of other similar organizations.

(D) Recurrence of Similar Misconduct.—Recurrence of similar misconduct creates doubt regarding whether the organization took reasonable steps to meet the requirements of this guideline. For purposes of this subdivision, ‘similar misconduct’ has the meaning given that term in the Commentary to §8A1.2 (Application Instructions - Organizations).

3. Application of Subsection (b)(2).—High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program, shall perform their assigned duties consistent with the exercise of due diligence, and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

If the specific individual(s) assigned overall responsibility for the compliance and ethics program does not have day-to-day operational responsibility for the program, then the individual(s) with day-to-day operational responsibility for the program typically should, no less than annually, give the governing authority or an appropriate subgroup thereof information on the implementation and effectiveness of the compliance and ethics program.

4. Application of Subsection (b)(3).—

(A) Consistency with Other Law.—Nothing in subsection (b)(3) is intended to require conduct inconsistent with any Federal, State, or local law, including any law governing employment or hiring practices.

(B) Implementation.—In implementing subsection (b)(3), the organization shall hire and promote individuals so as to ensure that all individuals within the high-level personnel and substantial authority personnel of the organization will perform their assigned duties in a manner consistent with the exercise of due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law under subsection (a). With respect to the hiring or promotion of such individuals, an organization shall consider the relatedness of the individual’s illegal activities and other misconduct (i.e., other conduct inconsistent with an effective compliance and ethics program) to the specific responsibilities the individual is anticipated to be assigned and other factors such as: (i) the recency of the individual’s illegal activities and other misconduct; and (ii) whether the individual has engaged in other such illegal activities and other such misconduct.

5. Application of Subsection (b)(6).—Adequate discipline of individuals responsible for an offense is a necessary component of enforcement; however, the form of discipline that will be appropriate will be case specific.

6. Application of Subsection (c).—To meet the requirements of subsection (c), an organization shall:

(A) Assess periodically the risk that criminal conduct will occur, including assessing the following:

(i) The nature and seriousness of such criminal conduct.

(ii) The likelihood that certain criminal conduct may occur because of the nature of the organization’s business. If, because of the nature of an organization’s business, there is a substantial risk that certain types of criminal conduct may occur, the organization shall take reasonable steps to prevent and detect that type of criminal conduct. For example, an organization that, due to the nature of its business, employs sales personnel who have flexibility to set prices shall establish standards and procedures designed to prevent and detect price-fixing. An organization that, due to the nature of its business, employs sales personnel who have flexibility to represent the material characteristics of a product shall establish standards and procedures designed to prevent and detect fraud.

(iii) The prior history of the organization. The prior history of an organization may indicate types of criminal conduct that it shall take actions to prevent and detect.

(B) Prioritize periodically, as appropriate, the actions taken pursuant to any requirement set forth in subsection (b), in order to focus on preventing and detecting the criminal conduct identified under subdivision (A) of this note as most serious, and most likely, to occur.

(C) Modify, as appropriate, the actions taken pursuant to any requirement set forth in subsection (b) to reduce the risk of criminal conduct identified under subdivision (A) of this note as most serious, and most likely, to occur.

Background: This section sets forth the requirements for an effective compliance and ethics program. This section responds to section 805(a)(2)(5) of the Sarbanes-Oxley Act of 2002, Public Law 107–204, which directed the Commission to review and amend, as appropriate, the guidelines and related policy statements to ensure that the guidelines that apply to organizations in this chapter ‘are sufficient to deter and punish organizational criminal misconduct.’

The requirements set forth in this guideline are intended to achieve reasonable prevention and detection of criminal conduct for which the organization would be vicariously liable. The prior diligence of an organization in seeking to prevent and detect criminal conduct has a direct bearing on the appropriate penalties and probation terms for the organization if it is convicted and sentenced for a criminal offense.".

The Commentary to §8C2.4 captioned "Application Notes" is amended in Note 2 by striking "(Larceny, Embezzlement, and Other Forms of Theft)" and inserting "(Theft, Property Destruction, and Fraud)".

Section 8C2.5 is amended by striking subsection (f) as follows:

"(f) Effective Program to Prevent and Detect Violations of Law

If the offense occurred despite an effective program to prevent and detect violations of law, subtract 3 points.

Provided, that this subsection does not apply if an individual within high-level personnel of the organization, a person within high-level personnel of the unit of the organization within which the offense was committed where the unit had 200 or more employees, or an individual responsible for the administration or enforcement of a program to prevent and detect violations of law participated in, condoned, or was willfully ignorant of the offense. Participation of an individual within substantial authority personnel in an offense results in a rebuttable presumption that the organization did not have an effective program to prevent and detect violations of law.

Provided, further, that this subsection does not apply if, after becoming aware of an offense, the organization unreasonably delayed reporting the offense to appropriate governmental authorities.",

and inserting the following:

"(f) Effective Compliance and Ethics Program

(1) If the offense occurred even though the organization had in place at the time of the offense an effective compliance and ethics program, as provided in §8B2.1 (Effective Compliance and Ethics Program), subtract 3 points.

(2) Subsection (f)(1) shall not apply if, after becoming aware of an offense, the organization unreasonably delayed reporting the offense to appropriate governmental authorities.

(3) (A) Except as provided in subdivision (B), subsection (f)(1) shall not apply if an individual within high-level personnel of the organization, a person within high-level personnel of the unit of the organization within which the offense was committed where the unit had 200 or more employees, or an individual described in §8B2.1(b)(2)(B) or (C), participated in, condoned, or was willfully ignorant of the offense.

(B) There is a rebuttable presumption, for purposes of subsection (f)(1), that the organization did not have an effective compliance and ethics program if an individual—

(i) within high-level personnel of a small organization; or

(ii) within substantial authority personnel, but not within high-level personnel, of any organization, participated in, condoned, or was willfully ignorant of, the offense.".

The Commentary to §8C2.5 captioned "Application Notes" is amended by striking Note 1 as follows:

"1. ‘Substantial authority personnel,’ ‘condoned,’ ‘willfully ignorant of the offense,’ ‘similar misconduct,’ ‘prior criminal adjudication,’ and ‘effective program to prevent and detect violations of law,’ are defined in the Commentary to §8A1.2 (Application Instructions - Organizations).",

and inserting the following:

"1. Definitions.—For purposes of this guideline, ‘condoned’, ‘prior criminal adjudication’, ‘similar misconduct’, ‘substantial authority personnel’, and ‘willfully ignorant of the offense’ have the meaning given those terms in Application Note 3 of the Commentary to §8A1.2 (Application Instructions - Organizations).

‘Small Organization’, for purposes of subsection (f)(3), means an organization that, at the time of the instant offense, had fewer than 200 employees.".

The Commentary to §8C2.5 captioned "Application Notes" is amended in Note 3 in the last sentence by striking "entire organization" and inserting "organization in its entirety".

The Commentary to §8C2.5 captioned "Application Notes" is amended in Note 10 by striking "The second proviso in subsection (f)" and inserting "Subsection (f)(2)"; and by striking "this proviso" and inserting "subsection (f)(2)".

The Commentary to §8C2.5 captioned "Application Notes" is amended in Note 12 by adding at the end the following:

"Waiver of attorney-client privilege and of work product protections is not a prerequisite to a reduction in culpability score under subdivisions (1) and (2) of subsection (g) unless such waiver is necessary in order to provide timely and thorough disclosure of all pertinent information known to the organization.".

Section 8C2.8(a) is amended in subdivision (9) by striking "and"; in subdivision (10) by striking the period at the end of the subdivision and inserting "; and"; and by adding at the end the following:

"(11) whether the organization failed to have, at the time of the instant offense, an effective compliance and ethics program within the meaning of §8B2.1 (Effective Compliance and Ethics Program).".

The Commentary to §8C2.8 captioned "Application Notes" is amended in Note 4 in the first sentence by inserting "within high-level personnel of" after "organization or".

Section 8C4.10 is amended by striking "(Effective Program to Prevent and Detect Violations of Law)" and inserting "(Effective Compliance and Ethics Program)"; and by adding at the end the following paragraph:

"Similarly, if, at the time of the instant offense, the organization was required by law to have an effective compliance and ethics program, but the organization did not have such a program, an upward departure may be warranted.".

Chapter Eight, Part D, is amended in the "Introductory Commentary" by striking "8D1.5" and inserting "8D1.4, and §8F1.1,".

Section 8D1.1(a) is amended by striking subdivision (3) as follows:

"(3) if, at the time of sentencing, an organization having 50 or more employees does not have an effective program to prevent and detect violations of law;",

and inserting the following:

"(3) if, at the time of sentencing, (A) the organization (i) has 50 or more employees, or (ii) was otherwise required under law to have an effective compliance and ethics program; and (B) the organization does not have such a program;".

Section 8D1.4(b)(4) is amended by striking "(1)" and inserting "(A)"; by striking "(2)" and inserting "(B)"; and by striking "(3)" and inserting "(C)".

Section 8D1.4(c) is amended by striking subdivision (1) as follows:

"(1) The organization shall develop and submit to the court a program to prevent and detect violations of law, including a schedule for implementation.",

and inserting the following:

"(1) The organization shall develop and submit to the court an effective compliance and ethics program consistent with §8B2.1 (Effective Compliance and Ethics Program). The organization shall include in its submission a schedule for implementation of the compliance and ethics program.";

and in subdivisions (2), (3), and (4) by striking "to prevent and detect violations of law" each place it appears and inserting "referred to in subdivision (1)".

The Commentary to §8D1.4 captioned "Application Notes" is amended by striking "Notes" in the heading and inserting "Note"; and in Note 1 by striking "a program to prevent and detect violations of law" and inserting "a compliance and ethics program"; and by striking the last sentence of the first paragraph as follows:

"The court should approve any program that appears reasonably calculated to prevent and detect violations of law, provided it is consistent with any applicable statutory or regulatory requirement.",

and inserting the following:

"The court should approve any program that appears reasonably calculated to prevent and detect criminal conduct, as long as it is consistent with §8B2.1 (Effective Compliance and Ethics Program), and any applicable statutory and regulatory requirements.".

Chapter Eight, Part D is amended by striking §8D1.5 and its accompanying commentary as follows:

"§8D1.5. Violations of Conditions of Probation - Organizations (Policy Statement)

Upon a finding of a violation of a condition of probation, the court may extend the term of probation, impose more restrictive conditions of probation, or revoke probation and resentence the organization.

Commentary

Application Note:

1. In the event of repeated, serious violations of conditions of probation, the appointment of a master or trustee may be appropriate to ensure compliance with court orders.".

Chapter Eight is amended by adding at the end the following Part:

"PART F - VIOLATIONS OF PROBATION - ORGANIZATIONS

§8F1.1. Violations of Conditions of Probation - Organizations (Policy Statement)

Commentary

Application Notes:

1. Appointment of Master or Trustee.—In the event of repeated violations of conditions of probation, the appointment of a master or trustee may be appropriate to ensure compliance with court orders.

2. Conditions of Probation.—Mandatory and recommended conditions of probation are specified in §§8D1.3 (Conditions of Probation - Organizations) and 8D1.4 (Recommended Conditions of Probation - Organizations).".

Reason for Amendment: This amendment modifies existing provisions of Chapter Eight and provides a new guideline at §8B2.1 (Effective Compliance and Ethics Program). Most notably, §8B2.1 strengthens the existing criteria an organization must follow in order to establish and maintain an effective program to prevent and detect criminal conduct for purposes of mitigating its sentencing culpability for an offense. This amendment is the culmination of a multi-year review of the organizational guidelines, implements several recommendations issued on October 7, 2003, by the Commission’s Ad Hoc Advisory Group on the Organizational Sentencing Guidelines (Advisory Group), and responds to the Sarbanes-Oxley Act ("the Act"), Pub. L. 107–204, which in section 805 directed the Commission to review and amend the organizational guidelines and related policy statements to ensure that they are sufficient to deter and punish organizational misconduct.

Consistent with the Act’s focus on deterring criminal misconduct, this amendment revises the introductory commentary to Chapter Eight to highlight the importance of structural safeguards designed to prevent and detect criminal conduct. First and foremost among these safeguards is a regime of internal crime prevention and self-policing ("an effective compliance and ethics program"). While Chapter Eight derives its authority and content from the federal criminal law, an effective compliance and ethics program not only will prevent and detect criminal conduct, but also should facilitate compliance with all applicable laws.

Under §8C2.5(g) (Culpability Score), an effective compliance and ethics program is one of the mitigating factors that can reduce an organization’s fine punishment under Chapter Eight. The absence of an effective program may be a reason for the court to place an organization on probation, and the implementation of an effective program may be a condition of probation for organizations under §8D1.4(c) (Recommended Conditions of Probation-Organizations).

In order to emphasize the importance of compliance and ethics programs and to provide more prominent guidance on the requirements for an effective program, the amendment elevates the criteria for an effective compliance program previously set forth in the Commentary to §8A1.2 (Application Instructions - Organizations) into a separate guideline. Furthermore, the amendment elaborates upon these criteria, introducing additional rigor generally and imposing significantly greater responsibilities on the organization’s governing authority and executive leadership.

Section 8B2.1(a)(1) sets forth the existing requirement that an organization exercise due diligence to prevent and detect criminal conduct, but adds the requirement that an organization "otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law." This addition is intended to reflect the emphasis on ethical conduct and values incorporated into recent legislative and regulatory reforms, such as those provided by the Act.

Section 8B2.1(b) provides that due diligence and the promotion of desired organizational culture are indicated by the fulfilment of seven minimum requirements, which are the hallmarks of an effective program that encourages compliance with the law and ethical conduct. While the framework of requirements is derived from the existing criteria for an effective compliance program at Application Note 3(k) to §8A1.2, significant additional guidance is provided.

First, §8B2.1(b)(1) provides that organizations must establish "standards and procedures to prevent and detect criminal conduct." Application Note 1 establishes that "standards and procedures" encompass "standards of conduct and internal controls that are reasonably capable of reducing the likelihood of criminal conduct."

Second, the new guideline replaces the requirement in Application Note 3(k)(2) to §8A1.2 that "specific individual(s) within high-level personnel of the organization must have been assigned overall responsibility to oversee compliance" with more specific and exacting requirements. Section 8B2.1(b)(2) defines the specific roles and reporting relationships of particular categories of personnel with respect to compliance and ethics program responsibilities. Specifically, the Commission has determined that the organization’s governing authority must "be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program." Application Note 1 defines "governing authority" as the "(A) Board of Directors, or (B) if the organization does not have a Board of Directors, the highest-level governing body of the organization."

Section 8B2.1(b)(2) provides that it is the organizational leadership, defined in the guidelines as "high-level personnel," who must ensure that the organization’s program is effective. The accompanying commentary at Application Note 1 retains existing definitions for the terms "high-level personnel" and "substantial authority personnel" of the organization. Section 8B2.1(b)(2)(B) provides that the organization must assign someone in high-level personnel "overall responsibility" for the program. This prescription makes explicit that, while another individual or individuals may be assigned operational responsibility for the program, someone within high-level personnel must be assigned the ultimate responsibility for the program’s effectiveness.

Section 8B2.1(b)(2)(C) requires that certain individual(s) have day-to-day responsibility for the compliance and ethics program and adequate resources to carry out the associated tasks. Specifically, §8B2.1 requires that the individual assigned day-to-day operational responsibility for the program, whether it be a high-level person or an employee to whom this task is assigned, report to organizational leadership and the governing authority on the program. If authority is delegated, the governing authority must receive reports from such individuals at least annually, according to the commentary in Application Note 3. In order to carry out such responsibility, the new guideline mandates that such individual or individuals, no matter the level, must "be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority."

Third, §8B2.1(b)(3) replaces the previous requirement that substantial authority personnel be screened for their "propensity to engage in violations of law" with the requirement that the organization "use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program." Application Note 4(A) makes explicit that this provision does not require any "conduct inconsistent with any Federal, State, or local law, including any law governing employment or hiring practices." Application Note 4(B) provides that the organization shall hire and promote individuals so as to ensure that all individuals within the organizational leadership will perform their assigned duties in a manner consistent with the exercise of due diligence and the promotion of an organizational culture that encourages a commitment to compliance with ethics and the law. If an individual has engaged in illegal activities, the organization has an obligation to consider the relatedness of the individual’s illegal activities and other misconduct to the specific responsibilities such individual is expected to be assigned. The recency of the individual’s illegal activities and other misconduct also should be considered.

Fourth, §8B2.1(b)(4) makes compliance and ethics training a requirement, and specifically extends the training requirement to the upper levels of an organization, including the governing authority and high-level personnel, in addition to all of the organization’s employees and agents, as appropriate. Furthermore, subsection (b)(4) establishes that this communication and training obligation is ongoing, requiring "periodic" updates.

Fifth, §8B2.1(b)(5) expands the existing requirement regarding reasonable steps to achieve compliance. Specifically, the amendment mandates that organizations use auditing and monitoring systems designed to detect criminal conduct. It also adds the specific requirement that the organization periodically evaluate the effectiveness of its compliance and ethics program. Significantly, the new guideline expands the focus of internal reporting from simply reporting "the criminal conduct . . . of others" to using internal systems to either "report or seek guidance regarding potential or actual criminal conduct." The addition of "seeking guidance" is consistent with the increased focus of this guideline on the prevention and deterrence of wrongdoing within organizations. This section also replaces the existing reference to "reporting systems without fear of retribution" with the more specific requirement that the organization must have "a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation."

The Commission is aware that both anonymous and confidential mechanisms have inherent value and limitations. For example, anonymous mechanisms may hinder an organization from engaging in an effective dialogue with the potential whistleblower to discover additional information that might lead to a more efficient detection of the wrongdoing. Confidential mechanisms may permit the dialogue and development of maximum information, but the ability of organizations to ensure total confidentiality may be limited by legal obligations relating to self-disclosure, law enforcement subpoenas, and civil discovery requests. The Commission intends for an organization to have maximum flexibility in implementing a system that is best suited to its culture and conforms to applicable law. A responsible organization is expected, as appropriate, to communicate to its employees any applicable limitations of its internal reporting mechanisms.

Sixth, §8B2.1(b)(6) broadens the existing criterion that the compliance standards be enforced through disciplinary measures by adding that such standards also be encouraged through "appropriate incentives to perform in accordance with the compliance and ethics program." This addition articulates both a duty to promote proper conduct in whatever manner an organization deems appropriate, as well as a duty to sanction improper conduct.

Finally, §8B2.1(b)(7) retains the requirement that an organization take reasonable steps to respond to and prevent further similar criminal conduct. This dual duty underscores the organization’s obligation to address both specific instances of misconduct and systemic shortcomings that compromise the deterrent effect of its compliance and ethics program.

In addition to the seven requirements for a compliance and ethics program, §8B2.1(c) expressly provides, as an essential component of the design, implementation, and modification of an effective program, that an organization must periodically assess the risk of the occurrence of criminal conduct. The new guideline includes at Application Note 6 various factors that should be addressed when assessing relevant risks. Specifically, organizations should evaluate the nature and seriousness of potential criminal conduct, the likelihood that certain criminal conduct may occur because of the nature of the organization’s business, and the prior history of the organization. To be effective, this process must be ongoing. Organizations must periodically prioritize their compliance and ethics resources to target those potential criminal activities that pose the greatest threat in light of the risks identified.

The amendment also provides additional guidance with respect to the implementation of compliance and ethics programs by small organizations by including frequent references to small organizations throughout the commentary of §8B2.1 and providing illustrations (see e.g., Application Note 2(C)(ii)). It also encourages larger organizations to promote the adoption of compliance and ethics programs by smaller organizations, including those with which they conduct or seek to conduct business.

This amendment also changes the automatic preclusion for compliance program credit provided in §8C2.5(f) (Culpability Score) for "small organizations." A "small organization" is defined, for this subsection only, as an organization having fewer than 200 employees. This modification is intended to assist smaller organizations that previously may have been automatically precluded, because of their size, from arguing for a culpability score reduction based upon an effective compliance and ethics program that fulfills all of the guideline requirements. Rather than precluding absolutely these small organizations from obtaining the reduction if certain categories of high-level personnel are involved in the offense of conviction, §8C2.5(f)(3) establishes that an offense by an individual within high-level personnel of the organization results in a rebuttable presumption for a small organization that it did not have an effective program. The small organization, however, can rebut that presumption by demonstrating that it had an effective program, despite the involvement in the offense of a person high in the organization’s structure.

This amendment also addresses concerns about the relationship between obtaining credit under §8C2.5(g) and waiver of the attorney-client privilege and the work product protection doctrine. Pursuant to §8C2.5(g)(1) and (2), an organization’s culpability score will be reduced if it "fully cooperated in the investigation" of its wrongdoing, among other factors. The Commission’s Ad Hoc Advisory Group on the Organizational Sentencing Guidelines studied the relationship between waivers and §8C2.5(g) by obtaining testimony and conducting its own research, including a survey of United States Attorneys’ Offices (all of which are described at Part V of the Advisory Group Report of October 7, 2003). The Commission addresses some of these concerns by providing at Application Note 12 that waiver of the attorney-client privilege and of work product protections "is not a prerequisite to a reduction in culpability score under subdivisions (1) and (2) of subsection (g) unless such waiver is necessary in order to provide timely and thorough disclosure of all pertinent information known to the organization." The Commission expects that such waivers will be required on a limited basis. See "United States Attorneys’ Bulletin", November 2003, Volume 51, Number 6, pp. 1, 8.

Effective Date: The effective date of this amendment is November 1, 2004.

Sign Up for Email Updates