By: Karla Pascarella, Partner, and Jerry P. Brodsky, Director – Latin America, Peckar & Abramson, P.C.
Compliance programs are a necessity across most industries due to the current, increasingly complex regulatory environment and increasingly prevalent calls for implementation of “soft law” addressing human rights.i The construction industry is no exception.
Any construction company that wants to conduct its business in compliance with the host of laws and regulations that apply to the industry and business in general (Federal and state prevailing wage laws, false claims with both civil and criminal implications, occupational safety and health laws (OSHA), environmental regulations, building codes, set aside programs) and thus avoid costly mistakes and damage to its reputation, has little choice but to put a compliance program into place. Further, the growing recognition that labor rights are human rights has prompted a call to action for the alignment of operations and strategies with recognized human rights principles.ii Any construction company that does not recognize the value of a robust compliance program must consider that the costs of noncompliant conduct can reach levels that, in some instances, may result in dire consequences. Those costs can include the loss of business opportunities, the inability to work for government entities, civil lawsuits, and perhaps individual criminal prosecution. Companies whose names appear in the media for the wrong reasons, or those that do not appear to do business in an honest and compliant way, pay a high price for their failure to avoid non-compliance. Further, contractors who hope to compete for contracts with any federal agency must have a compliance program that satisfies the rigorous and specific requirements of the Federal Acquisition Regulation (FAR), among others.
The reasons for developing and implementing a program may stem from two different but not unrelated approaches. The first relates to a company’s decision to define itself as a responsible corporate citizen that is rooted in the leadership’s belief that that is the appropriate way to conduct business. The other is self-protective and relates to a company’s understanding and realization that it benefits if its employees are aware of the risk of non-compliance and committed to avoiding the consequences of that risk.
Companies that actively train their employees to comply with specific policies; obtain those employees’ written acknowledgment that they have read and understood the policies; and record their attendance at training sessions can have an advantage when an employee uses bad judgment and causes the company to undergo regulatory scrutiny or criminal investigation. Such a compliance program may enable the company to persuade a regulator or prosecutor (or in some cases, even a judge) that the company should not be penalized for the improper action of a properly trained rogue employee who committed a non-compliant act despite the extensive efforts of the company to ensure none of its employees did so. The protection of the company is directly linked to the protection of all its employees.
A culture of compliance
Compliance programs that are championed by management, professionally executed, and regularly updated provide a high level of protection from legal risk to a company and its employees. Through clarity of policy, company education, and active involvement in key regulatory issues, companies can save money and time, and protect their reputation. When each member of the company knows and understands the applicable rules, there is a significantly greater likelihood that the company will act in a compliant manner.
A culture of compliance is one that unconditionally recognizes that compliance is as much a part of the business of the company as is any other routine aspect of its operations. Without both, the company will not survive in a competitive and highly regulated construction market. Executive management must ensure that all levels of the company’s management “buy in” to the program and take ownership of it, along with the employees. That means pushing down the expectation of a culture of compliance to everyone from the top level of the company to the bottom. Any disparagement of the policy among management will be quickly detected by the employees and the program will almost certainly be doomed to failure.
Any genuine compliance program and policy must be properly tailored to the individual company and the business it conducts. So called “off the shelf” programs are rarely effective and are quickly seen by employees for what they are—a haphazard and insincere solution that solely addresses appearances and has little to do with the actual business of the construction company. Such programs will not be taken seriously by the employees.
An effective compliance program should begin with a risk assessment by the company, working with competent counsel, to determine potential legal risk based upon the company’s line of business. A risk assessment is best performed by interviewing management at all levels to gain a complete understanding of the company’s business and where its business intersects with compliance issues.
Following the assessment, the company should adopt a written compliance policy that summarizes the company’s compliance goals. In broad terms, the policy should meet the following criteria:
1. Clearly state that meeting the expectations in the compliance policy is an obligation of every employee at every level.
2. Be concisely written in plain English, without excessive legalese.
3. Set forth succinct policy rules and cross-reference other policy rules as necessary.
4. Include the expectation that business will be done honestly, carefully, transparently, and in full compliance with all applicable laws and regulations.
5. Specifically state that all employees are representatives of the company and expected to act accordingly and to be compliant.
Additionally, the policy should require maintenance of honest records; accurate recording and allocation of costs; transparency in dealing with clients and potential clients; definitions of a conflict of interest and an expectation of undivided loyalty to the company by all employees; special care on any publicly funded project with detailed guidance, as necessary; precise rules on the giving and receiving of gifts and other things of value to or from all categories of persons; policies on dealing with public officials and public employees including public clients, their representatives, and law enforcement; a detailed description of who employees should approach with compliance questions; and a requirement that any and all misconduct, violation of law, or violation of the compliance policy by anyone in the company or anyone doing business with the company be reported to the company immediately.
Of course, specific additional policies and guidance will be necessary, depending upon the needs and business of the company. The fact that the United Nations has endorsed a study that shows “companies are increasingly expected to ‘know and show’ compliance with human rights standards throughout their operations by implementing measures similar to those already prescribed for anti-corruption compliance” is worth considering in the evaluation of these needs.iii
Managers and employees must also understand why a compliance program is necessary. Simply imposing a set of rules is not an effective way to encourage support for a policy and is less likely to result in a company that accepts a genuine culture of compliance. The reasons for the program and the underlying culture of compliance should be explained in a training program specifically designed for the company.
Training programs should be carefully thought out. The training materials should be closely related to the compliance concerns applicable to the company and address actual risks facing the company and the employees. At the outset, training should be provided in person by competent trainers in the presence of respected members of management, who in turn show their support with their attendance and participation, as appropriate.
Once training is completed, the sessions should be well documented, and all employees should be required to “sign off” on the compliance policy in writing or electronically, stating that they understand and agree to follow the policy and that they understand there is zero tolerance for violations, emphasizing accountability.
Addressing compliance questions
Once a compliance program is in effect, employees must be encouraged to ask questions. There should be a designated venue for employees to seek guidance or advice when they have a compliance question. The answers can be supplied by a well-trained compliance officer or an attorney, who should always be the one answering legal questions.
The process may be as simple as walking into the designated person’s office and having a conversation or by phone or by email. Regardless, it must be easy to get a timely answer; the question and answer should be documented so it is clear the inquiry was addressed; and there should be no recriminations for asking a question. All questions should be taken seriously and answered appropriately, without exception. It is critical that the company encourage all employees to feel comfortable asking all questions so employees may be less likely to make mistakes that could prove costly to the company.
Questions that are asked before action that might constitute a violation is taken must be encouraged. Delivery of clear, concise, and prompt responses from those responsible for compliance is equally important.
An employee who asks, “May I take this government employee out for dinner this week?” and receives an answer three weeks later saying, “No, you may not” will not be in a position to avoid violating policies, perhaps violating the law, and will be unable to undo the harm. The lack of prompt responses will inevitably result in little respect for the value of the compliance program.
Discipline and corrective actions
Once the compliance program is in place, there must be a system by which employees of the company will be held accountable for compliance policy violations and where prompt corrective action will be taken. In addition, this prompt corrective action must apply to all employees at all levels.
Disciplinary action may involve retraining, an oral or written reprimand, or, at worst, termination of employment for serious violations. Disciplinary action should be imposed by a respected, higher level manager so as to convey a strong message that the company takes violations seriously and will hold everyone accountable. The lack of credible discipline could haunt the company someday, in the event of a violation that becomes the subject of a regulatory investigation or criminal prosecution. One of the first questions posed about the efficacy of the company’s compliance program is “And what did you do to the employees who violated your policy?” Lack of discipline among lower-tier employees gains little respect from regulators and prosecutors.
Finally, while management is wise to listen to concerns from employees about the compliance program and perhaps make changes based upon reasonable concerns, comments that elements of the policy “don’t make sense” or “are completely unrealistic” should never be tolerated. It should be made clear that this is the company’s policy and it must be followed – like it or not. Similarly, complaints about compliance at “water cooler meetings” should be strongly discouraged.
When compliance programs do not work
A P&A partner and former public prosecutor observed many occasions when compliance programs ultimately failed and offers the following circumstances to look out for:
• The most obvious policy failures were those in which the compliance program was itself a fraud as in the cases of boiler room “pump and dump” operations designed to separate unsophisticated, would-be investors from their money by unlawful manipulation of penny stocks and thinly capitalized companies. Those compliance programs were merely a front to fool regulators. Proof that the compliance program was a fraud was used to persuade a jury of the guilt of the company and its employees.
• Cases in which employees do not perceive management’s strong support for a company’s compliance programs are similarly problematic. For example, managers will often sympathize with their employees’ complaints that the program is a nuisance and makes it more difficult to do business. However, these kinds of complaints should be rejected immediately and firmly.
• Compliance programs also fail when the executive managers responsible for implementation and enforcement of the rules fail to recognize the perception among employees that compliance rules are counterintuitive, unfair, and inappropriately limit an employee’s freedom to apply their own set of personal “ethical standards” to situations.
• Managers should explain to employees that 1) the compliance program is an important part of doing business and is no less important than the other parts of the company’s overall approach to running a successful business; and 2) the compliance program saves the company money in the form of reduced legal fees for dealing with compliance violations.
In the construction industry some companies have recognized that employees who accept meals, gifts, and other items of value create legal risk for themselves and the company. For example, if a mistaken or fraudulent change order proposed by a subcontractor is recommended by the construction manager (CM) or general contractor (GC) to the owner, the owner will be very suspicious of the motivations for the CM/GC’s recommendation if the owner learns that the subcontractor has given things of value to the employees of the CM/GC. When the compliance policy says that employees cannot accept such things, it naturally creates some resentment at the concept that otherwise ethical employees would allow themselves to be “bought off” with a meal. Accordingly, there should be a detailed explanation of the legal risks to both the company and the employees when such gifts are accepted. This explanation should be provided anytime there is a chance that employees perceive that something is being taken away by a compliance rule.
Some companies also denigrate the effectiveness of their compliance programs by treating compliance training as a chore and appointing lower-level employees to conduct the training. Ideally, the trainers should be well-respected within the company who know and understand the company’s business. When time, money, or resources are a concern, such that a senior person cannot perform the training, a respected manager should attend the training session as a participant and lead by example.
Perhaps one of the most important factors that cause a compliance program to fail is the lack of consequences and accountability for employees who violate the compliance policy. Failure to exercise prompt corrective action in response to a compliance violation will send an implicit message to its employees that the program and the policy are mere window dressing, and they will not be held accountable for violations, thus ensuring the policy’s failure.
The failure to maintain a zero-tolerance policy for compliance violations, combined with a failure to have documented reasonable disciplinary action for those violations, also guarantees that the program will be of little use as a defensive mechanism and will be viewed by regulators, prosecutors, and judges as being in bad faith.
Disciplinary action must be fairly imposed upon all employees, management and non-management, for violations of the compliance policy. Enforcement of the compliance policy upon the lower-level employees without holding all employees (including managers) at all levels accountable for their compliance violations will breed cynicism, and a regulator or prosecutor will spot such unfairness immediately. That unfairness will be held against the company, especially if the person whose actions are in question is a manager who has a track record of not following the rules and not being held accountable. In such situations, regulators, prosecutors, and judges will view the compliance program as ineffective.
Final thoughts
Compliance programs, by necessity, have to consider that every employee has a unique set of values that may allow innocent enough actions that still constitute a violation of regulations and law, placing the company at legal risk. A genuine culture of compliance recognizes the employees’ prior life experience and the existence of personal ethical codes, and emphasizes that the company’s compliance rules, and not individual standards of ethics, must guide employee actions in conducting the business of the company.
Compliance programs are far more likely to be effective if the basic approaches suggested here are adopted by a company that is serious about its compliance program and creating a culture that incorporates all elements of compliance into its daily operations.
i Joanna Drewert and Kaustuv Banerjee. Linking Human Rights And Anti-Corruption Compliance (2016), available at https://www.globalcompact.de/wAssets/docs/Korruptionspraevention/Publikationen/Human_Rights_and_Anti_Corruption_Compliance.pdf.
ii Id.
iii Id.
Long known for leadership and innovation in construction law, Peckar & Abramson’s Results FirstSM approach extends to a broad array of legal services — all delivered with a commitment to efficiency, value and client service since 1978.Now, with more than 100 attorneys in eleven U.S. offices and affiliations around the globe, our capabilities extend farther and deeper than ever. Find Peckar & Abramson’s newsletter here.
The views expressed in this article are not necessarily those of ConsensusDocs. Readers should not take or refrain from taking any action based on any information without first seeking legal advice.