Corporate Compliance Program Guide
A Sample Guide Developed by the USDOT/ AGC / ARTBA / AASHTO Suspension & Debarment Work Group
Elements of a Corporate Compliance Program
The Corporate Compliance Program is the mechanism a company uses to implement, administer, and enforce a Code of Ethical Conduct. An effective Corporate Compliance Program is one that is reasonably designed, implemented, and enforced so that the Program is effective in educating and training employees on their ethical and legal responsibilities and in preventing, detecting, and deterring criminal conduct or other unethical behavior. In structuring a Corporate Compliance Program, a company should consider the following general elements:
- The company's governing authority and top management must fully support all elements of the Program. This includes being knowledgeable about the content and operation of the Program and exercising oversight with respect to the implementation and effectiveness of the Program.
- A specific individual within the company is appointed as the Corporate Compliance Officer, who is responsible for the day-to-day administration and implementation of the Program. This position should be a separate, independent position within the company that only reports to the company's top executive officer and board of directors. If a separate position is not created, then the position should be delegated to only high-level management within the company and must have the authority to operate independently and to administer and implement the Program company-wide.
- The Program should include regular training regarding the Program and Code of Ethical Conduct. The Program should also include legal training on compliance with specific regulatory areas that are directly applicable to the company, such as antitrust, claims, and environmental compliance.
- The Program should include procedures for employees and others to confidentially report suspected violations and to safeguard the confidentiality of the source. The Program should also prohibit any form of retaliation for reporting a suspected violation.
- The Program should require investigations of all suspected violations and should include procedures to safeguard the confidentiality of such investigations.
- The Program should include requirements to regularly audit the company's internal accounting controls and other procedures to ensure their effectiveness in safeguarding against inaccuracies, fraud, or other misconduct.
- The Program should commit to providing sufficient resources, including the hiring of consultants and outside auditors, investigators, and legal counsel, in the administration and implementation of the Program.
- The Program should ensure that appropriate steps will be taken whenever a violation occurs or whenever deficiencies are found in the company's control systems or whenever recommendations are otherwise made to improve the company's ethical and legal compliance.