Recently we posted an article about a defense contractor who “self-disclosed” cost accounting problems that led to overbilling the Department of Defense.  We noted that “Because the company had voluntarily reported its misconduct and cooperated with the DOJ in the investigation, its settlement was limited to damages actually incurred by the government. Had the circumstances been different, up to treble damages might have been sought.”

During 2007 and 2008, the FAR was revised to enhance requirements related to contractor ethics and business conduct policies.  Among the various changes was the addition of a new subpart at § 3.10 (Contractor Code of Ethics and Business Conduct) and significant revisions to the contract clause 52.203-13 (“Contractor Code of Ethics and Business Conduct”).  Our recent article in the May 2010 edition of West’s Government Contract Costs, Accounting & Pricing Report (entitled “Government Audits of Contractor Ethics and Business Conduct Compliance Programs”) discussed those changes and issues related to DCAA audits of the contractor policies.  Importantly, the FAR revisions eliminated the former “voluntary disclosure program” and implemented a new “mandatory disclosure program” (which DOD simply calls “contractor disclosure”).  Contractors who fail to timely disclose wrongdoing face suspension or debarment from federal contracting.

To be clear:  disclosure of certain acts of wrongdoing related to a contractor’s government contract(s) is no longer a matter within management’s discretion; it is now a contractual requirement.  Although Bell Helicopter Textron apparently benefited from the voluntary disclosure program, it is doubtful that another contractor in a similar situation would reap similar benefits today.

Moreover, it is questionable whether voluntary disclosure was always the wisest course of action.  It is poorly remembered today, but Arthur Andersen originally self-disclosed its document shredding to the Department of Justice during the Enron litigation.  That gesture of goodwill was insufficient to overcome the audit firm’s prior acts of wrongdoing, and the firm was eventually convicted of a crime related to obstruction of justice, and ceased to exist as a viable entity.  That the conviction was eventually overturned by the U.S. Supreme Court was a hollow victory to the roughly 26,000 U.S. employees who lost their jobs as a result of the original conviction.  One is left to wonder what Andersen gained—if anything—from its self-disclosure to the DOJ.

From that question, one might inquire whether having a robust compliance program is truly a value-added proposition.  Sure, a contractor must comply with the letter of the FAR requirements, but is there any value to going beyond the minimum necessary program requirements, and creating a truly robust compliance program that is designed to detect employee wrongdoing—one that deters wrongdoing by its very existence?  Do the U.S. Sentencing Guidelines provide contractors with a tangible reward for having effective compliance programs?  (Readers may recall that we discussed recent changes to the USSG in this article.)

That question was on the minds of attendees at the 2010 Compliance Week Conference in Washington, D.C., as they discussed the role and value of compliance programs.  Acting Deputy Attorney General Gary Grindler spoke to the attendees on May 25, 2010.  Among other topics, ADAG Grindler said—

Now, how can you best advise your clients in light of the Department’s enforcement priorities and given the climate we are in where there is so much distrust of corporate America.

First, you can make sure that your clients have robust, effective compliance programs and internal controls. A company’s compliance program continues to be one of the most important factors that we consider under the Principles of Federal Prosecution of Business Organizations. … Compliance programs must not exist only on paper.

In this context, I want to point out that the United States Sentencing Commission recently amended the Sentencing Guidelines on the issue of compliance programs. Specifically, the Commission clarified the importance of assessing and modifying compliance programs after you discover criminal conduct at your company. The current Guidelines provide that, following the discovery of criminal conduct, a company should, among other things, make ‘any necessary modifications to the organization’s compliance and ethics program.’

In addition, the latest Guideline amendments clarify the circumstances under which an effective compliance and ethics program can entitle an organization to a 3-level reduction in its culpability score. Specifically, the amendment allows an organization to receive the decrease if the organization meets four criteria: (1) the individual or individuals with operational responsibility for the compliance and ethics program have direct reporting obligations to the organization’s governing authority or appropriate subgroup thereof; (2) the compliance and ethics program detected the offense before discovery outside the organization or before such discovery was reasonably likely; (3) the organization promptly reported the offense to the appropriate governmental authorities; and (4) no individual with operational responsibility for the compliance and ethics program participated in, condoned, or was willfully ignorant of the offense. These amendments reinforce the point that having a robust compliance program is critical not only to preventing misconduct in the first place, but also how your organization will be treated in the event criminal conduct does take place.

According to the article (link above), “some in the compliance industry have expressed doubts about the importance of a pre-existing compliance program, asserting that prosecutors will simply wrangle as many concessions out of a company facing a criminal action as they can, regardless of the state of its compliance efforts… Some of the uncertainty seems to stem from the lack of concrete examples in which compliance systems netted a better outcome for a defendant. …”

ADAG Grindler spoke directly to the skeptics when he said—

‘I want to emphasize… that having an effective compliance program will be taken under consideration when you have to talk to the government about a criminal violation.  I’ve reviewed … a number of negotiated resolutions where effective and solid compliance programs did make a difference.  Now I have heard that we don’t talk about the impact of compliance programs on our decision to absolve a matter, and at least when I was in the Fraud Section, I emphasized the importance of doing that. What we can’t do is get into all the details about it because … each case is different.’

Our position at Apogee Consulting, Inc. is that robust, effective compliance programs make good business sense.  The cost of a compliance failure—in terms of fines and penalties, litigation expense, opportunity cost of internal resources, loss of market capitalization, and even brand devaluation—clearly indicates a business case where the potential damages far outweigh the cost of a compliance detection and prevention program.  Regardless of whether you believe that the Department of Justice really will take a company’s compliance program into account when considering culpability, having that compliance program in place is simply good business.