Federal Contracts Report™ delivers concise, authoritative reports covering the complete spectrum of issues affecting the federal acquisition of goods and services, to keep you abreast of policies and...
This article discusses the importance of establishing an effective, sustainable and scalable ethics and compliance program, and how such a program can benefit both growing and well-established companies. The author suggests a potential framework for developing and maintaining an effective program, highlighting certain specific compliance areas of focus, discusses the key characteristics of effective programs and offers design tips.
By Jeniffer M. De Jesus Roberts
Jeniffer M. De Jesus Roberts is a Partner in the Government Contracts practice in Dentons' Washington, D.C., office. She has a multidisciplinary practice, including extensive experience designing, implementing and enhancing ethics and compliance programs for new and established major government contractors.
Contracting with the U.S. federal government is not for the weak-hearted. Government contracting is a highly regulated business, and government contractors face a tremendous amount of scrutiny and increasing government oversight. The government has established certain ethical and compliance standards which dictate what, at a minimum, should be included in an ethics and compliance program.
These compliance requirements go beyond compliance with contract terms and conditions, and require that government contractors address how the company will comply with a plethora of statutes and regulations, including those aimed at ensuring competition and integrity in the procurement process; preventing corruption; and achieving certain socioeconomic goals, as well as evaluating whether a company has appropriate protocols in place to prevent and detect criminal conduct.
The extent to which these obligations apply to a particular company varies depending on, among other things, what type of agreement the company enters into with the government, and whether the company is a small business or commercial item contractor.
The diversity of contracting opportunities with the government, coupled with the uniqueness of the companies that enter into such contracts, makes a “one-size fits-all” approach to establishing an effective ethics and compliance program impossible. Defining what constitutes an “effective” ethics and compliance program for a particular company requires thoughtful consideration of a company's business, overall risk profile, and the contractual and regulatory obligations to which it is subject.
Indeed, what constitutes an effective ethics and compliance program for a small business, commercial item or service provider or a new entrant to government contracting is vastly different from what constitutes an effective ethics and compliance program for a major government contractor.
This article begins with a discussion about the importance of establishing an effective, sustainable and scalable ethics and compliance program, and how such a program can benefit both growing and well-established companies. This article then suggests a potential framework for the development and maintenance of an effective ethics and compliance program, highlighting certain specific compliance areas of focus. Next, it discusses the key characteristics of effective ethics and compliance programs and concludes by offering a few design tips to consider to enhance an ethics and compliance program.
The risks associated with failing to establish and maintain an effective ethics and compliance program are substantial. Lack of an effective ethics and compliance program may result in violations of applicable laws, regulations and contractual requirements. In turn, noncompliance may lead to claims for breach of contract and termination for default, negative past performance ratings, and the potential for suspension and disbarment proceedings, which could result in preclusion from working as a government contractor.
Noncompliance could also pose significant financial risks to a company, including cost disallowance or delays in payment and civil penalties, as well as having to pay the government the costs associated with the reprocurement of the goods or services at issue. For example, an ill-designed ethics and compliance program may result in inaccurate billings and potential overcharging to the government, which may lead to fraud allegations and civil and criminal penalties for knowing concealment of facts and false representations under various laws including the False Claims Act (FCA), the False Statements Act and Obstruction of a Federal Audit.
More importantly, however, establishing an effective, sustainable and scalable ethics and compliance program promotes business growth. Structured optimally, a company's ethics and compliance program can be a strategic value differentiator when bidding on opportunities and can be one of a company's best assets to grow its government business. To be effective as a business driver, an ethics and compliance program must: (1) address the actual compliance and regulatory requirements of the company; (2) have alignment with the company's culture and be aimed at achieving the highest standards of integrity and fair dealing; (3) be scalable to support business growth in line with the company's objectives; and (4) strive to achieve customer confidence and satisfaction while protecting the business and legal interests of the company. An effective ethics and compliance program will yield high customer confidence and satisfaction, resulting in positive past performance ratings, and the potential expansion of current work and referrals to other customers for additional business opportunities.
To be effective, a company's ethics and compliance program must go beyond reciting the rules and regulations that apply to it. Rather, the ethics and compliance program must be uniquely tailored to consider the company's industry, customer base, overall growth strategy and risk tolerance. In addition, a company's ethics and compliance program must not only be meaningful to the individuals charged with managing the ethics and compliance program, but, to achieve optimal success and effectiveness, it must be meaningful to everyone in the company, including leadership, managers on the ground and all employees, especially those who are being asked to take ownership over various aspects of compliance.
An ethics and compliance program that “looks good on paper” but is difficult to implement or is out of touch with the current business environment is meaningless. Successful ethics and compliance programs are achieved when companies establish and promote a “culture of compliance” that consistently demonstrates that the company is an ethical actor in the marketplace, rewards ethical behavior and has zero tolerance for improper or illegal behavior.
Following is a potential four-part framework for the development and maintenance of an effective compliance program. This framework is intended to assist a company in thinking through how to design its ethics and compliance program.
Step 1: Conduct a Compliance Risk Assessment. The first step is for a company to identify its specific compliance areas of focus. This will dictate which policies and training programs are created, how the internal control and internal audit programs will function, and what communications and leadership messaging will need to be developed. Identifying a company's specific compliance areas of focus is done, in large part, by taking an inventory of and reviewing the company's contractual and other regulatory obligations. If a company already has government contracts, it should review and analyze its existing contracts to assess its contractual compliance obligations. Companies that have no current government contracts but are contemplating becoming government contractors should review sample solicitations to become familiar with the types of requirements likely to be included in government contracts. All companies also will want to undertake a review of the current government contracting regulatory environment to understand areas of general industry risk and high enforcement.
Below is a list of specific substantive areas of focus that may be included in an ethics and compliance program. The list is by no means exhaustive, and should not substitute for a detailed review of a company's specific contractual and other regulatory requirements. It is included merely as a guide to assist in thinking through the various compliance areas of focus to which a company may be subject.
The desired outcome of Step 1 is to obtain a solid understanding of the various laws and regulations to which the company is subject as a government contractor.
Step 2: Develop an Ethics and Compliance Risk Profile. Armed with the knowledge of the applicable contractual requirements and the various rules and regulations to which a company is subject, a company can now begin to develop an ethics and compliance risk profile. It should address the following three distinct areas:
The desired outcome of Step 2 is a written, customized ethics and compliance risk profile tailored to the company's business interests. The risk profile will allow the company to (i) identify high-priority areas of focus (both for enhancing the ethics and compliance program and addressing business needs), (ii) establish priority-based timelines for completion of tasks, and (iii) identify staffing and budget needs.
Step 3: Design and Implement the Ethics and Compliance Program. The third step in the framework is to leverage the customized government compliance risk profile created in Step 2 to develop the company's ethics and compliance program, and then implement it. The major components of the ethics and compliance program should include policies, toolkits, processes, internal controls and audit procedures to ensure effective monitoring of the program, and a robust training and communication plan (including leadership messaging).
As the final design of the ethics and compliance program is developed, there are various questions that can be asked to assess the strength of the design of the ethics and compliance program. These include:
Fundamental to the effectiveness, sustainability and scalability of any ethics and compliance program is ensuring that the highest level of leadership within the company is engaged and has set the appropriate tone at the top by promoting a culture of success through ethical behavior and compliant business practices. Further, the program must include clear, consistent and easily understood standards and lay out requirements to which employees are held to comply.
In addition, the program should maintain up-to-date, relevant training and a clear communication on the policy and training requirements for each employee. Training curricula should be customized for each employee depending on his or her level of responsibility and functional role within the company. It also should have adequate monitoring, auditing and response mechanisms in place to verify compliance and procedures in place to address noncompliances.
Last, the ethics and compliance program must be treated as a living and fluid program with periodic assessment of the effectiveness of the current program and continuous enhancements to keep pace with the changing regulatory landscape.
Step 4: Establish a Risk Management Framework to Support the Periodic Assessment of the Ethics and Compliance Program. It is not enough to draft and release policies, and develop and then launch training. Companies that have truly effective, sustainable and scalable ethics and compliance programs will make the systematic review of the program's efficacy in managing the company's compliance obligations an integral part of the ethics and compliance program. Periodic assessment of the ethics and compliance program (either with an internal team or with external consultants) provides a fresh perspective on the strengths and weaknesses of the program. Systematic reviews conducted on a regular, periodic basis are important because federal compliance requirements constantly change depending upon new or updated statutes, changing enforcement trends and contractual obligations. These reviews can either be time-based (e.g., annually) or event-based (e.g., award of a new contract) and should review all aspects of the ethics and compliance program. In conducting a periodic review, a company should be self-reflective and ask various questions, including:
Establishing an ethics and compliance program that is continually reviewed provides a company with the ability to establish its baseline risk profile, prioritize its risk, track its leading indicators of risk mitigation (e.g., resources, training, audits, etc.) and evolve its ethics and compliance program to not only protect the company, but also allow it to achieve business growth by addressing ethics and compliance issues before these issues become impediments to doing business.
Notwithstanding the thoughtful customization that is required to design an effective ethics and compliance program, there are a handful of common characteristics that should be present in any well-designed and effective ethics and compliance program. These characteristics include a fundamental understanding and awareness of the compliance regime to which a company will be held, together with an understanding of the company's business and growth and sales strategy. To be most effective, ethics and compliance programs must be business-minded, agile and scalable.
The program must not only assist the company to avoid compliance issues and prevent, detect and deter improper conduct; it also must be designed to support the company in its efforts to increase its sales and expand its customer base. Similarly, effective compliance programs recognize that a company's compliance obligations will continue to change over time as the government's priorities shift and the company's core offerings to the government change and expand.
Below is a set of “design tips” to keep in mind in creating and/or enhancing an ethics and compliance program.
To be successful, one must seek and receive input from the business and functional groups in designing the program and also in conducting periodic reviews of the program so that the company can assess the sustainability and practicality of its ethics and compliance initiatives. Collaboration must exist across all functions including finance, human resources, sales, procurement, quality, operations, marketing, communications, strategy and business development. Each function must “own” and be held accountable for ethical and compliant practices and behavior. The company needs to ensure the correct individuals are involved in developing solutions to address enterprise risk and that the ethics and compliance function is appropriately staffed. Company leaders and all employees must be proactive about advocating for ethical and compliant behavior and business practices. Create a culture of compliance by ensuring everyone from the CEO to the entry-level analysts, as well as suppliers and business partners, are aware of the ethics and compliance program, understand it and recognize their role in helping the company be an ethical and responsible government contractor.
If the integrity of the company were ever to be questioned, the company will have to demonstrate it has: (1) meaningful written policies and procedures that make clear that the company understands its compliance obligations and has a plan in place to comply; (2) an effective training and communication program that ensures that all ethics and compliance policies and procedures are socialized to all relevant employees and suppliers and that these individuals have been trained on what those policies and procedures mean and how to raise a compliance concern; and (3) procedures in place for the periodic monitoring, auditing and review of its compliance program to ensure it is working according to plan and addressing ethics and compliance risks and issues appropriately.
As noted above, an important aspect of an ethics and compliance program is monitoring the actions of the company, its employees, subcontractors and agents to ensure all actions on behalf of the company are compliant with the relevant statutes and regulations and consistent with a company's code of business ethics and conduct. A review of the ethics and compliance program should be conducted periodically, and feedback should be provided regarding any trends, actions or behaviors that expose the company to risk, as well as if there are any necessary enhancements required to be made to the program to account for changes in the company's business and the ever-evolving regulatory landscape. Company leaders should take action to address any compliance deficiencies in addition to assessing whether any identified deficiencies have a broader potential impact on the company as a whole.
Given today's regulatory environment, a company seeking to ensure that its ethics and compliance program is effective should get involved in the government contracts community as a way to learn how other contractors are tackling compliance issues and to network with fellow government contractors. It should also know when to call in the experts. By seeking support from consultants, accountants or attorneys familiar with the government's procurement process, the company will be well-positioned to take advantage of the prime opportunities to sell its products and services to the government.
In sum, a well-designed and effective ethics and compliance program is one that is tailored to the company's specific compliance obligations, understands and supports the company's business and sales strategy, and is scalable, adaptable and consistently monitored so that the ethics and compliance program can adjust and evolve in response to changes in government regulations and the company's business focus. Through increased regulation, it is clear the government is focused on doing business with companies that are consistent ethical actors and that strive to do business fairly, ethically and in compliance with all laws and regulations. Given today's regulatory landscape, a well-structured ethics and compliance program can be a strategic value differentiator and can provide a company with the edge it needs to beat its toughest competition. With successful implementation and maintenance of an effective, sustainable and scalable ethics and compliance program, the sky's the limit.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)