What is a Compliance Program
A generally accepted definition of 'compliance program' comes from the Federal Sentencing Guidelines for Organizations: "a program designed to prevent and detect criminal conduct" and to have an effective compliance program, an organization must establish and maintain an organizational culture that “encourages ethical conduct and a commitment to compliance with the law.”-(U.S. Federal Sentencing Guidelines §8B2.1(a)(2))
A portion of the guidelines outlines seven minimum and specific elements that are needed to form an effective compliance program.
SEVEN ELEMENTS OF AN EFFECTIVE COMPLIANCE PROGRAM
According to Chapter 8 of the Federal Sentencing Guidelines, the elements of an effective Compliance Program are as follows:
1. Standards and Procedures - Establish compliance standards and procedures to be followed by employees and other agents to prevent and detect criminal conduct (via a Code of Ethical Conduct or some other means). Examples we use are:
- SUNY's Code of Ethical Conduct for University Officers Policy (Doc. #6000)
- SUNY's Conflicts of Interest Policy (Doc. #6001)
- SUNY's Oath of Office Policy (Doc. #8150)
- SUNY's Outside Activities of University Policy Makers Policy (Doc. #8151)
- SUNY's State Administrative Procedure Act Compliance Policy (Doc. #6605)
2. Organizational Leadership and Culture - High level company/ University personnel shall exercise reasonable oversight with respect to the implementation and effectiveness of a compliance and ethics program, and must be knowledgeable about the content and operation of the program. Individuals with day-to-day responsibility must have the authority/ability to report directly to senior management or an appropriate sub-committee at least annually regarding the effectiveness of the compliance program, and also when criminal conduct is discovered.
3. Training and Education - Take reasonable steps to communicate its standards and procedures, and other aspects of the compliance and ethics program to members of the institution, including the governing authority, high level personnel, substantial authority personnel, organization employees, and the organization's agents (when appropriate). The communication should include establishing a compliance and ethics training and education that effectively communicates the standards and procedures to all employees by requiring participation in training and disseminating publications that explain in clear language WHAT is required. Information on individual's roles and responsibilities should also be disseminated.
- The Statewide Learning Management System (SLMS), an effort of the Government Office of Employee Relations (GOER), has training modules available on many Compliance subjects, and is available through the SUNY Faculty/Staff Portal.
- The SUNY Compliance website offers information, guidance and resources on various compliance topics.
- The SUNY Policies and Procedures webpage offers a full listing of policies and procedures organized by topic, and is searchable.
4. Monitoring, Auditing, Evaluation of Program Effectiveness and Risk Assessment - Take reasonable steps to ensure the compliance and ethics program is followed by monitoring and auditing to detect criminal activity or non-compliance, periodically evaluating the effectiveness of the compliance and ethics program through periodic risk assessment to identify criminal conduct, and to establish and publicize a mechanism that allows for anonymous and confidential reporting that allows for employees and agents to report or seek guidance regarding actual or criminal conduct without fear of retaliation.
- Reporting Mechanisms:
- Binghamton University's Fraud / Compliance Hotline: (607) 777-5049 - can be anonymous
- The SUNY System Hotline to Report Fraud allows for anyone to report anonymously through a variety of means (e-mail, phone, letter, web). The fraud hotline webpage makes it clear that retaliation against fraud reporters who are acting in good faith is strictly prohibited.
- Campuses maintain Fraud hotlines. A listing of the campus hotlines is available on the SUNY Compliance website.
- SUNY's Monitoring and Auditing Activities: Two SUNY System areas provide oversight for the campuses, University Audit and Internal Controls.
- SUNY's Risk Assessments: University Audit completes annual University-wide risk assessments. Various System Administration offices complete periodic risk assessments, and Compliance Initiative Workgroups conduct continued risk assessments of the compliance areas within their purview.
5. Performance Incentives and Disciplinary Measures - Standards shall be promoted and enforced consistently through well-publicized and accessible disciplinary guidelines. Further, establish a response to detected offenses and corrective action plans and consistently enforce standards through appropriate disciplinary mechanisms to prevent similar conduct. If criminal conduct is detected, the organization restitution or other reparations must be made, if appropriate; The criminal conduct should be reported and the organization should cooperate with the government officials. The compliance program should be assessed and amended as necessary to ensure further criminal conduct does not occur.
The SUNY Fraud Committee reviews and investigates each and every fraud submitted using the SUNY Procedures for Suspected Fraud or Irregular Activities (Doc. #9001). These procedures set forth the University's responsibilities for investigation, notification and response to suspected fraudulent activities and provide specific instructions regarding appropriate action in case of suspected improprieties of this nature.
6. Appropriate Remedial Measures - When criminal conduct / non-compliance has been detected, the institution should take reasonable steps to respond appropriately to the conduct, and to prevent further similar conduct from occurring in the future, including any modifications to the organizations compliance and ethics program.
7. Reasonable Efforts to Exclude Bad Actors from Managerial Ranks - Use reasonable efforts not to include any individual who the organization knew or should have known (through due diligence) to be engaged in illegal activities or conduct inconsistent with an effective compliance and ethics program.