Getting Compliant on a Healthy Diet of Consent Agreements

Whether you’re new to compliance or consider yourself to be an advanced practitioner, there’s one technique that’s sure to motivate your learning curve:  reading Consent Agreements.

“Consent Agreements” are those often quietly released court documents that spell out in detail the requirements to which a company has agreed, generally without admission of guilt, in order to cut their losses in a battle with the government over company compliance.  Standard terms include an independent auditor monitoring the company for a period of time at company expense and financial penalties.

So what’s a Consent Agreement worth to you?

First, it gives you insight into current enforcement objectives by the government.  Is it a case involving the Foreign Corrupt Practices Act, the Arms Export Control Act, ATF regulations?  With only so many investigators and lawyers on staff at government offices like the Department of Justice, cases that make headlines involve considerable resource expenditures over a period of years.  Even the government press release issued with the posting of the Consent Agreement can contain nuggets of quotes that read like signs warning you about the road ahead.

Second, and more importantly, Consent Agreements are the perfect supplement to the Federal Sentencing Guidelines Manual, defining the “Effective Compliance and Ethics Program.”  We discuss this section from the Federal Sentencing Guidelines Manual in our book “The Four Pillars of Compliance,” as the federal government’s minimum criteria set by which to measure company compliance programs.

What the Consent Agreements provide is a description of what a company was doing in an effort to comply, how it was found to be inadequate, and the steps that must now be undertaken to come into compliance.  In other words, it’s as good as a two-part benchmark against which you can compare your own company compliance efforts.

Let’s look at one together.  In June 2012, United Technologies Corporation signed off on a Consent Agreement that cost them $55 million in civil penalties, of which $20 million was to be applied to remedial compliance measures over a 4-year period.  In its income statement for quarterly period ending June 29, 2012 (two weeks after the Order was signed approving the Consent Agreement), United Technologies Corp. declared total revenue of $13.8 trillion.  Pulling these two sets of numbers into the same measures, the cost of remedial compliance was set at approximately 9% of the company’s total, annual revenue.

If you read the detail in the Consent Agreement, that $5 million/year is to fund:

  • establish policies and procedures to address lines of authority, staffing increases, performance evaluations, career paths, promotions and compensation;
  • use of compliance cross-trained employees to perform specified compliance functions;
  • policies and procedures for the identification and marking of defense articles and defense services;
  • policies and procedures for maintenance and protection of and access to technical data stored and transferred electronically;
  • policies and procedures for preventing, detecting, and reporting statutory violations;
  • policies and procedures for encouraging employee reporting without fear of reprisal, with corresponding documentation of management response and action

Indeed, the Consent Agreement goes on for several, single-spaced pages of the specific expectations of what, when, and how United Technologies will spend their mandatory compliance budget with consultant oversight and reporting.  

If there’s a simple lesson we can pull out of the wealth of information in Consent Agreements it is the level of detail in real life applications that may well provide the best lessons we could learn about compliance.