SEC and DOJ Guidance on Incentivizing Corporate Compliance and Third‑Party Due Diligence

forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance pro- gram, and rewards for ethics and compliance leadership.” Some organizations, for example, have made adherence to compliance a significant metric for management's bonuses so that compliance becomes an integral part of management's everyday concern. Beyond financial incentives, some compa- nies have highlighted compliance within their organizations by recognizing compliance professionals and internal audit staff. Others have made working in the company’s compli- ance organization a way to advance an employee’s career. SEC, for instance, has encouraged companies to embrace methods to incentivize ethical and lawful behavior: [MlJake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is short-term profitability, and that cutting ethical corners is an ac- ceptable way of getting there, they'll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but he’ll know differently if the sole focus of his contract extension talks or the decision to fire him is his win- loss record. 77! No matter what the disciplinary scheme or potential incentives a company decides to adopt, DOJ and SEC will consider whether they are fairly and consistently applied across the organization. No executive should be above com- pliance, no employee below compliance, and no person within an organization deemed too valuable to be disci- plined, if warranted. Rewarding good behavior and sanc- tioning bad behavior reinforces a culture of compliance and ethics throughout an organization. Third-Party Due Diligence and Payments DOJ’s and SEC’s FCPA enforcement actions dem- onstrate that third parties, including agents, consultants, and distributors, are commonly used to conceal the pay- ment of bribes to foreign officials in international business Guiding Principles of Enforcement transactions. Risk-based due diligence is particularly impor- tant with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s com- pliance program. Although the degree of appropriate due diligence may vary based on industry, country, size and nature of the transaction, and historical relationship with the third-party, some guiding principles always apply. First, as part of risk-based due diligence, companies should understand the qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface. Second, companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser- vices to be performed. Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business. Moreover, companies may want to confirm and document that the third party is actually performing the work for which it is being paid and that its compensation is com- mensurate with the work being provided. Third, companies should undertake some form of ongoing monitoring of third-party relationships.*”* Where appropriate, this may include updating due diligence peri- odically, exercising audit rights, providing periodic train- ing, and requesting annual compliance certifications by the third party. In addition to considering a company’s due dili- gence on third parties, DOJ and SEC also assess whether the company has informed third parties of the company’s HOUSE_OVERSIGHT_022562