So what is a good program for a small company or any company that doesn’t want to spend a lot of money on compliance? The key is a compliance program that outlines the company’s policy as well as various internal procedures to implement the policy and having a solid set of documents to evidence the compliance activities at all levels of the company.
A good compliance policy should include a statement of the prohibition that it seeks to enforce and should state that it is every employee’s responsibility to be vigilant in identifying and reporting potential violations. Clearly identifying the name of the compliance officer is another must. Short questionnaires and certifications protect the company and ensure that new employees, agents, partners, distributors, and other third parties understand the policy. They also identify any red flags related to those parties. Indemnification language and appropriate dispute resolution provisions in third party contracts will give force to such certifications and representations.
Internal forms and standard form contracts offer opportunities to include compliance verification mechanisms in existing procedures and to regularly remind employees of compliance obligations. For example, a form that a business development manager completes to report the engagement of a new agent abroad can include answers to questions intended to elicit red flags for bribery. A form contract for the sale of software can require the buyer to agree that it is not in violation of and will not violate any U.S. export controls laws.