Compliance & Ethics Professional - Society of Corporate ...

Featureby Emil MoschellaDOJ review: FBI’s Integrityand Compliance Program»»The FBI implemented a corporate-style compliance program to allow for the early detection of internal control weaknesses.»»The DOJ OIG reported that the FBI’s program has been beneficial to its efforts to monitor and enhance compliance.»»The DOJ OIG suggested that other agencies may wish to consider implementing a similar kind of program.»»Remedial legislation, policies, and processes are inadequate.»»An integrated compliance and ethics program in government agencies is important.Compliance & Ethics Professional March/April 2012In March 2007, the Department of Justice(DOJ) Office of Inspector General (OIG)issued a highly critical report regardingthe Federal Bureau of Investigation’s (FBI)implementation of a statutorily authorizedinvestigative tool called “National SecurityLetters” (NSLs). These are demandletters provided to telephone companies,financial institutions, Internetservice providers, and consumercredit agencies for “transactional,” asopposed to “content,” information.The DOJ OIG found, among otherMoschella things:··that faulty recordkeeping understatedthe total number of NSLs issued by about20% less than the number that had beenreported to Congress.··failure to self-report non-compliance to thePresident’s Intelligence Oversight Board, asrequired by Section 4 of Executive Order12334. This section requires: “InspectorsGeneral and General Counsel of theIntelligence Community shall, to the extentpermitted by law, report to the Board concerningintelligence activities that theyhave reason to believe may be unlawful orcontrary to Executive order or Presidentialdirective.”The OIG report resulted in CongressionalOversight Committee hearings, 1 andnumerous press editorials critical of the FBIand calling for change. 2Of course, the FBI moved quickly to fix theproblems identified by the OIG. In addition,and without prompting from the DOJ OIG, theFBI notified the OIG that it would put in place acorporate-style compliance program that wouldallow for the early detection of internal controlweaknesses that could lead to non-compliantactivity in the future. The private sector generallyadapts the process suggested by FederalSentencing Guidelines for Organizations(FSGO), 3 and similarly, the FSGO formed thebasis for the FBI effort, together with corporatebest practices. The FBI effort was, and continuesto be, a pioneering experiment in managing thegovernment’s duty to comply with the law andan example of a functionally integrated complianceand ethics program.The DOJ’s reviewOIG, as part of its responsibility to follow-upwith the FBI on the NSL fixes, reviewed theFBI’s Integrity and Compliance program (ICP).Since there was no law, rule, or other mandaterequiring the FBI to internally adapt thecorporate-style compliance programs, and nomodel for it in government, it was a first of itskind in terms of FBI implementation and theOIG review. The questions for the DOJ OIG: Isit a worthwhile effort? Is it working?36 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977