Docket Entries Since Last Update
NOTE: This court's RSS feed does not list MOTION entries, so Bloomberg Law cannot detect them and thus they will not be listed here. However, motions will be included if you update the docket.
Adapted from Corporate Practice Portfolio Series No. 103A, Corporate Compliance: Practice Tools for Your Program, by Suzanne Rich Folsom, Senior Vice President and General Counsel, Philip Morris International Inc., et al.
Once a compliance program is created, continuous monitoring is necessary to ensure that the program is functioning as intended to detect and prevent violations of law or company policy. Without monitoring, compliance programs run the risk of being “paper tigers,” ignored or outdated.
Compliance program monitoring is generally achieved through a series of ongoing controls and procedures aimed at specific business transactions or processes. For example, if a company makes large and frequent charitable contributions, an organization may set up a monitoring process whereby certain contributions are reviewed each quarter to assess whether they were made in compliance with company policies and procedures for charitable giving.
The first step to setting up an effective monitoring program is to decide how to allocate the monitoring efforts. This should be a risk-based analysis, where the higher the risk associated with a certain transaction or process, the greater monitoring that area should have. A risk assessment will help organizations make this determination.
Once the risk assessment is complete, organizations will be able to categorize their transactions and business processes into high-, medium- and low-risk areas. The organization should then decide, based on its individual risk profile, what areas should be monitored, the method and frequency for monitoring, who will perform the monitoring and goals for the monitoring process.
As a general rule, high-risk areas should be reviewed regularly (e.g., daily, weekly or monthly). Medium risk areas should be reviewed quarterly and low risk areas reviewed annually. Note, however, that aspects of the compliance program that would need to be updated simultaneously because of a large-scale unexpected crisis such as the Covid-19 pandemic must be identified and cross-linked in the program inventory. Any policy, procedure, or reporting line updates as a result of a crisis requiring immediate response must remain consistent with all other processes.
The monitoring program can be automated, manual or a combination of both. While automation is preferred, the important thing is that the process is documented, methodical, effective and consistently enforced. In some cases, a “checklist” approach to monitoring will be the most effective—ensuring that, in the example of engaging a new third party, due diligence, training and compliance certifications are timely completed.
When a company is putting together a monitoring program, it should leverage existing programs and technology to its advantage. For example, some systems allow users to “flag” certain transactions for additional review or run transactional reports with pre-defined thresholds. These types of tools can be very helpful in a compliance monitoring program, especially in the abovementioned situations of global crisis.
Another important aspect to monitoring is documenting results (e.g., via quarterly or monthly reports) and taking action when needed. If weaknesses or failures are discovered, corrective action in the form of additional procedures, training or discipline may be appropriate. Some issues may require straightforward action (e.g., training for one or two employees about a company policy). Severe issues, however, may be appropriate for escalation to senior management or the board for their consideration and action. Keeping track of monitoring results and using them to gauge whether an activity is meeting, exceeding or failing to meet its goals allows a company the opportunity to continually make adjustments to approve its compliance processes. Do not neglect regularly scheduled compliance program monitoring and metrics collection in a crisis.
Finally, companies should make sure that their monitoring incorporates recent legal developments as well as evolving international and industry standards.