Print


Building a World-Class Compliance Program: Best Practices and Strategies for Success

By Martin T. Biegelman with Daniel R. Biegelman

Published by John Wiley & Sons, Inc., March 2008; ISBN: 978-0-470-11478-0; 298 pages (hardcover); $45

Reviewed by Anthony S. Chan

AUGUST 2008 - This book is well-organized, well-written, and easy to read. Although it is not meant to be a user guide or handbook, the authors have succeeded in bringing together helpful hints and best practices that are critical to developing a practical compliance program. Readers are reminded right from the start of the importance of proper “tone at the top” and how the CEO can make a difference. The authors correctly point out that: “Compliance is more than just following laws, regulations, and policy. It is often about doing the right thing when faced with compliance challenges.”

The book is divided into 13 chapters, and it contains a good discussion of the following:

  • History, growth, and evolution of corporate compliance;
  • Case studies of companies that emerge from compliance failures;
  • Federal sentencing guidelines for organizations (FSGO) and the seven steps to an effective compliance program;
  • The U.S. Department of Justice’s McNulty Memorandum and the revised principles of federal prosecution of business organizations;
  • The SEC’s seaboard criteria (such as self-policing, self-reporting, remediation, and cooperation) in mitigating enforcement actions;
  • Anti–money laundering enforcement; and
  • The risk of corruption and the expanding reach of the Foreign Corrupt Practices Act (FCPA).

Readers who are pressed for time but want to learn how to develop an effective compliance program should find the following sections of the book extremely useful:

  • Chapters 5 and 6, where the authors describe how companies addressed their compliance failures (such as accounting fraud and FCPA violations involving bribery and corruption) with positive remedial actions. According to the authors, an effective FCPA programs should include, at a minimum, the following elements:
    • FCPA-based policy that establishes compliance standards and practices to be followed by employees, consultants, and agents;
    • Implementation of appropriate disciplinary measures;
    • A reporting system whereby suspected criminal conduct may be reported.
  • Chapter 7, which includes a good discussion of “red flags” that could signal potential suspicious activity, including the following:
    • Activity inconsistent with the customer’s business;
    • Avoidance of reporting or record-keeping requirements;
    • Frequent, large, round number wires; and
    • Insufficient or suspicious information provided by a customer.
  • Chapters 9 and 10, which include a comprehensive discussion of the seven steps to an effective compliance program. These steps, listed below, are adapted from the federal sentencing guidelines:
    • Establish compliance standards and procedures that are reasonably capable of reducing the likelihood of criminal conduct;
    • Assign overall responsibility for compliance to a specific high-level officer;
    • Exercise reasonable efforts to exclude prohibited persons—do not delegate discretionary authority to individuals with a history of illegal conduct or other conduct inconsistent with a compliance program;
    • Provide training and communication of standards and procedures to employees and agents;
    • Establish monitoring, auditing, and reporting systems to evaluate program effectiveness;
    • Enforce standards with discipline and incentives; and
    • Respond to criminal conduct and remedial action—take reasonable steps to respond to discovered criminal conduct.

Because no two compliance programs are alike, the examples in this book should provide great insight to readers in designing their own compliance programs. Readers are also reminded of the key role internal audit should play in the ongoing monitoring for compliance. Chief compliance officers should properly integrate internal audit in their compliance program.

For this book to be equally useful to the boards and managements of smaller public companies or other privately held organizations, the authors should include other relevant examples or case studies, whereby the same underlying principles of good corporate governance could be applied. Most small businesses lack the resources to hire a dedicated chief compliance officer, and they must find the right balance, given pressing priorities and limited resources.

In summary, this book is a “must read” for those in the business of compliance and risk management, and I would highly recommend it to audit committees and senior management. In fact, I have already recommended it to colleagues and clients.

Anthony S. Chan, CPA, is a partner of Berdon LLP in New York, N.Y., and a leader of its Sarbanes-Oxley compliance and corporate governance practice. He is vice chair of the NYSSCPA’s SEC Practice Committee.

Close