Federal Sentencing Guidelines
The Federal Sentencing Guidelines - A History
In 1984, Congress established the United States Sentencing Commission as an independent agency within the judicial branch of the U.S. government. Its principal purposes are 1) to establish sentencing policies and practices for the federal courts, including guidelines prescribing the appropriate form and severity of punishment for offenders convicted of federal crimes; 2) to advise and assist Congress and the executive branch in the development of effective and efficient crime policy; and 3) to collect, analyze, research, and distribute a broad array of information on federal crime and sentencing issues, serving as an information resource for Congress, the executive branch, the courts, criminal justice practitioners, and academic community, and the public.1 Essentially the Commission’s charter is to define the parameters for federal trial judges to follow in their sentencing decisions in order to reduce the disparity in sentencing and improve the certainty of punishment for criminal activities.2
Our primary interest is in Chapter Eight – Sentencing of Organizations, the last chapter in the Guidelines which became effective November 1, 1991. In part B of chapter eight entitled Remedying Harm from Criminal Conduct, and Effective Compliance and Ethics Program, the federal standard for an effective compliance and ethics program is outlined.
Before we discuss the content of chapter eight, it is important to understand the weight of the Sentencing Guidelines themselves.
First of all, the Guidelines do not require institutions to have or maintain a compliance and ethics program. They do establish a standard for such programs that can form the basis for a judge to evaluate the degree of negligence of an institution in determining the extent of legal sanctions, such as fines, that should be applied.
Before the Guidelines were established, judges had discretion to sentence criminals according to their own judgment. This might result in a tough-minded judge sentencing a teen-age drug dealer to 20 years in prison even though this was the teen’s first offence and the amount of drugs involved was small, while a hardened dealer moving significant amounts of drugs might receive a one-year sentence if he faced a more lenient judge.
With the introduction of the U.S. Sentencing Guidelines, sentencing was based on a relatively complex table of factors such as the amount of drugs or money involved, whether or not a weapon was used, etc.
Secondly, when originally established, the guidelines carried the weight of law and judges were required to utilize them. However, in 2005, the U.S. Supreme Court ruled that the Guidelines were, in fact, guidelines and could constitutionally only be applied as such.
The Supreme Court essentially ruled that judges could use the Guidelines in their sentencing decisions, but were not required to do so, and generally could not use the guidelines to increase a sentence beyond that established by a jury.
Finally, although the Guidelines no long carry the weight of law, they represent a significant and accepted standard for the evaluation of the effectiveness of an institutional compliance and ethics program. For example, the U.S. Department of Justice has articulated a policy3 under which an effective compliance program may lead to a decision to decline criminal prosecution of an organization4.
Who Uses the Organizational Sentencing Guidelines?
In the years since the organizational sentencing chapter of the Guidelines was developed, there has been a significant increase in the development of compliance and ethics theory and practice. Several professional organizations focused on compliance and ethics professionals have arisen, all of them utilizing the organizational sentencing guidelines as their basic model. Federal regulators as well have incorporated the organizational sentencing guidelines directly or by reference into their regulations and guidelines.
Guideline Elements
Chapter eight of the Federal Sentencing Guidelines is comprised of three primary objectives and seven elements. Following is a discussion of each.
Objectives
The guidelines state that “To have an effective compliance and ethics program, …an organization shall—
(1) exercise due diligence to prevent and detect criminal conduct, and
(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
In addition, the organization should
(3) “periodically assess the risk of criminal conduct and …take appropriate steps to design, implement, or modify each [of the seven elements] to reduce the risk of criminal conduct identified through this process.” Organizations should continuously monitor and evaluate the risk of non-compliance and improve the compliance program elements as needed.
Due Diligence
The first objective, due diligence, is accomplished by implementing the seven elements we will discuss below. Evidence that due diligence has been exercised may be measured by how effectively the seven elements have been implemented.
A Culture of Compliance
The second objective, promoting an organizational culture that encourages ethical conduct and a commitment to compliance with the law, or a culture of compliance, is more difficult to demonstrate.
Fundamentally, a culture of compliance exists when complying with the law is seen by an institution’s employees as a positive institutional expectation rather than a constraint imposed by the regulators.
One definition of corporate culture is “the set of values, beliefs, and relationships between individuals and functions that guide the decisions of the [university] in order to achieve its objectives. It results in behaviour that has been learned within a group or transferred between individuals over time5.”
Corporate cultures are notoriously difficult and time consuming to change. The CEO of a Fortune 500 company once noted that changing a corporate culture would take eight to ten years or a significant change-over in personnel.
Discussing how to change corporate culture is beyond the scope of this text; however, some simple considerations might be helpful.
When discussing corporate culture, it is useful to consider culture in the context of a continuum or maturity model. The following five-step model developed by the Open Compliance and Ethics Group (OCEG) provides a useful basis to discuss your compliance culture and to evaluate where your culture is in its maturity.
OCEG® CORPORATE COMPLIANCE MATURITY MODEL™
Culture and Consistency1
| FORMING | DEVELOPING | NORMALIZED | ESTABLISHED | MATURE |
· Organization is indifferent to compliance · Stakeholders perceive hypocrisy in the organization’s statements about commitment to compliance · Organization routinely finds out about non-compliance from official complaints rather than audit, inquires or internal reporting · Discipline is inconsistently applied to employees at similar levels in the organization | · Organization is concerned about fixing non-compliance · Stakeholders perceive inconsistency between the organization’s statements and execution of compliance · Stakeholders usually report violations and misconduct but do not seek out preventative advice · Discipline may not be consistently applied across positions | · Organization continuously monitors for compliance · Employees perceive consistency between the organization’s statements and execution of compliance · Stakeholders are consistent in reporting violations and misconduct, but may not consistently seek preventive advice · Discipline is consistently applied without regard to position | · Organization plans controls to sustain compliance · Employees share the organization’s commitment to compliance in work processes · Stakeholders are comfortable in both seeking advice and reporting violations and misconduct · Discipline is consistently applied with those in positions of authority disciplined in a manner that communicates higher expectations | · Organization incorporates compliance controls into processes as they are designed and changed · Employees share and extend the organization’s commitment to compliance beyond work processes · Stakeholders are comfortable in providing appropriate advice to one another and preventing violations and misconduct as opportunities present themselves · Discipline is anticipated such that it serves as a deterrent |
1 Degree to which the action and practices of the organization are, and are perceived to be, highly committed to compliance and integrity through embedding compliance into processes and applying consistent discipline.
Note: The complete OCEG Corporate Compliance Maturity Model can be accessed at the OCEG web site: http://www.oceg.org/.
Continuous Improvement
The final objective is to evaluate the effectiveness of the compliance and ethics program in preventing non-compliance and improve the seven elements as needed to reduce the risk of non-compliance. Essentially, this requires a continuous improvement program to monitor the effectiveness of the program and to adjust and improve it where necessary.
The Seven Elements
Chapter eight of the Guidelines states that “Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law…minimally require the following…”:
| ELEMENT | DISCUSSION | |
| 1 | The organization shall establish standards and procedures to prevent and detect criminal conduct. | Generally, this refers to the development and promotion of policies and procedures that, taken as a whole, would help prevent and/or detect instances of non-compliance. |
| 2a | The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program. | This element makes the organization’s governing authority responsible to understand the compliance and ethics program and to provide effective oversight. The Guidelines define the governing authority as the “highest level governing body of the organization,” which is likely the Board of Directors or Board of Trustees. The expectation is that the Board is knowledgeable about the content and operation of the compliance and ethics program and exercises oversight of the program and its effectiveness. In the event of a compliance failure, the governing authority cannot simply say they were not aware of the problems or were too far removed from the operations to be culpable; this element makes them accountable. |
| 2b | High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program. | This element makes the executives of the organization, the president and vice-presidents, responsible for ensuring it has an effective compliance and ethics program. The Guidelines define high-level personnel of the organization as “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization. The term “high level personnel” includes: a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest. At least one of these individuals is to be assigned overall responsibility for the compliance and ethics program. |
| 2c | Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority. | This element essentially defines the compliance and ethics structure. One or more specific individuals should be assigned responsibility for the day-to-day operation of the program. This would be what most organizations call a compliance officer. The compliance officer should report to the president and vice-presidents, or to an appropriate committee of the Board of Directors, regarding the effectiveness of the compliance and ethics program. The compliance officer should be provided with adequate resources and access to the Board of Directors or a subcommittee of the Board. |
| 3 | The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program. | This element requires the organization to take the steps (i.e., background checks) necessary to ensure it does not hire or promote individuals into positions of substantial authority who have a history of illegal activity or other conduct that would indicate they should not be trusted to comply with the law. Persons with substantial authority are defined by the Guidelines as “individuals …[who] exercise a substantial measure of discretion in acting on behalf of an organization. [This] includes high-level personnel of the organization, individuals who exercise substantial supervisory authority (e.g., a plant manager, a sales manager), and any other individuals who, although not a part of an organization’s management, nevertheless exercise substantial discretion when acting within the scope of their authority (e.g., an individual with authority in an organization to negotiate or set price levels or an individual authorized to negotiate or approve significant contracts). Whether an individual falls within this category must be determined on a case-by-case basis6.” |
| 4a/b | a) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (b) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities. b) The individuals referred to in subdivision (a) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents. | This element requires the organization to provide training on the aspects of the compliance and ethics program, as appropriate, to all members of the organization, from the Board of Directors down to its employees and agents. |
| 5a | The organization shall take reasonable steps— to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; | This element requires that the compliance and ethics program include procedures to ensure the program is followed. These procedures should include monitoring programs (entity-level monitoring) and auditing programs (independent internal and external auditors) designed to verify the effective operation of the individual components of the program and compliance with its policies and procedures. |
| 5b | to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and | The compliance and ethics program should include procedures to periodically evaluate the overall effectiveness of the compliance and ethics program. |
| 5c | to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation. | The organization should provide a means for its employees and agents to report potential or actual events of non-compliance in a manner that will encourage their coming forward with information. Typically, achieving this element involves some form of compliance and ethics hotline reporting mechanism. |
| 6 | The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct. | This element requires the compliance and ethics program to be facilitated not only by disciplinary sanctions when criminal conduct is identified but by promoting the program through appropriate employee incentives. |
| 7 | After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program. | This element requires the organization to take corrective action after criminal conduct had been identified to prevent further similar criminal activities. |
Resources
Following are resources that assist in understanding this element of the BYU–Hawaii Compliance Program.
| RESOURCE | DESCRIPTION |
| Chapter 8 – Effective Compliance and Ethics Program | Text of Chapter 8 of the Federal Sentencing Guidelines regarding the requirements for an effective compliance and ethics program. |
| Thompson Memo | Memo from Larry Thompson, Deputy Attorney General regarding the application of Chapter 8 of the Federal Sentencing Guidelines by federal prosecutors. |
| An Overview of the United States Sentencing Commission | A summary of the structure and purposes of the U.S. Federal Sentencing Commission. |
[1] An Overview of the United States Sentencing Commission, United States Sentencing Commission, pg. 1 (last accessed 5/27/2022).
[2]Ibid.
[3] See Thompson Memo in reference portion of this section.
[4] Report of the Ad Hoc Advisory Group on the Organizational Sentencing Guidelines, 2003, pg. 34 (last accessed 5/27/2022).
[5] Quantum iii, Vernon Prior, https://www.quantum3.co.za/Intelligence-Glossary/
[6] Federal Sentencing Guidelines, pg. xxx