In our previous bulletins on the duties and responsibilities of directors we looked at the extent of these obligations both from a general point of view1 and in certain specific situations2. These initial articles sought to simplify the norms that govern the work of directors, and to illustrate how they apply in specific contexts. We have already identified some of the risk zones directors have to contend with3. These zones contain pitfalls that must be avoided in conducting the day-to-day business of an organization. It is however extremely difficult to do this effectively if prevention and monitoring measures are not in place. That is the raison d'être of compliance programs4.
An organization should have a compliance program for its major risk zones. Corporations whose securities are traded on public exchanges are subject to particularly strict rules, and the implementation of compliance programs in securities matters is part of their daily reality, to the point where very often compliance departments with a manager and a team of professionals are dedicated to this endeavour on a full-time basis. We clearly see a trend requiring organizations to put in place compliance programs in different areas. For example, to this effect, in June 2018, amendments were adopted under the Act Respecting Labour Standards (section 81.19) to prevent sexual harassment behavior; or agreements with regulatory authorities or court orders.5
Other sectors of activity can also justify putting such programs in place. For example, the importance of a compliance program can be readily understood for:
- mining companies regarding environmental matters;
- corporations doing business abroad, for the purpose of taking anti-corruption precautions;
- preventing unfair competition practices.
Benefits
The benefits of compliance programs are manifold, and their key components are easy to understand. However, it is important to avoid certain pitfalls when designing such programs. The primary benefit of a compliance program is avoiding contraventions of the law. An organization is made up of a multitude of individuals acting on its behalf. Their decisions and actions can render not only themselves liable, but also the organization that employs them or who they represent as agents and mandataries. The same goes for directors who fail to ensure that appropriate measures are in place to prevent illegal behaviour. Their degree of fault will be that much greater if it is shown that they were passive in the face of recurrent contraventions and failed to take corrective measures. The existence of a compliance program will allow it to be shown that the directors were not passive and that the organization had rules of sound corporate practice in place. It will then be possible to demonstrate that the contravention was a delinquent act, an anomaly in the conduct of the organization's affairs. Such a demonstration can serve to convince regulatory authorities not to take legal actions against the organization and its directors, or at least lead to a reduction in the penalty or in the amount of any damages claimed. These same benefits can be lost if allegations or lawsuits are brought by third-party victims. Having a compliance program in place helps being able to prove due diligence, as discussed in our previous bulletins.
But merely creating a compliance program on paper is not sufficient for it to be an effective shield against legal action. It must be adequately conceived and properly applied. Otherwise, it is merely a screen that will provide no comfort level and resist not even a cursory examination.
We have prepared the following summary of the principal components of a compliance program.
Components
The program should be implemented in the following four main stages:
1. Identify the risk zones specific to the organization (norms to be complied with) and devise an organizational process for preventing any contravention of these norms.
2. Prepare and distribute a document describing the compliance program. This document should contain a description of:
- the applicable legislative/regulatory norms;
- the sanctions for non-compliance;
- the monitoring system and the rules that targeted staff members must respect in order to meet statutory requirements.
3. Initial and ongoing periodic training (where relevant) of targeted staff in order to:
- explain the statutory requirements;
- promptly advise them of statutory changes;
- promote the implementation of a monitoring system (including the designation of an individual responsible for its application – the monitor – and a whistle-blowing mechanism for instances of non-compliance).
4. Monitor the organization's activities in light of applicable statutory norms:
- periodic follow-up with targeted staff regarding the performance of tasks that could potentially result in a contravention of applicable norms;
- analysis by the monitor of collected information;
- conduct internal investigations where there are reasonable grounds to believe there is a risk of contravening or an actual contravention of statutory norms;
- impose disciplinary sanctions in the event of non-compliance.
Conclusion
Implementing an effective compliance program requires time and resources. It must also be stress-tested and adjusted if inadequacies are detected or improvements are possible. We have too often seen compliance program developed by organizations and ultimately shelved without being implemented or applied as they should have been. Generally this is due to a lack of interest or follow-up on the part of senior management, including the board of directors. A compliance program can only be successful if senior management is the catalyst for it, an illustration of the adage "Tone at the top". However, it is essential that the employees concerned are directly involved in the program's development and that their comments are taken into account in order to improve the program. It must always be borne in mind that a compliance program must be viewed as a management tool closely tied and tailored to the reality of those on the ground. Not taking their views into account could well render the program sterile. In a forthcoming bulletin, we will expand on the pitfalls to be avoided and the approaches to take in developing a compliance program that will foster a culture of compliance.
Footnotes
1 Duties and Obligations of Directors: a Brief Overview
Beyond the Duties of Care and Loyalty ... the Civil Liability of Directors
Statutory Liabilities of Directors: Marking the Risk Areas to Avoid Sliding out of Control
2 Cybersecurity Is Also a Question of Governance
Governance in the Era of the #Metoo Movement: an Overdue Wake-up Call
3 Statutory Liabilities of Directors: Marking the Risk Areas to Avoid Sliding out of Control
4 These prevention and monitoring measures can be in
various forms, such as: internal policy, monitoring procedure,
protocol or, finally, a compliance program. We have chosen the
latter term to identify this kind of good governance measures, as
(1) the word "program" calls to mind a series of
predetermined tasks to be performed to achieve a specific result,
and (2) the term "compliance" refers specifically to the
importance of complying with certain norms in order to avoid
sanctions.
5 For example, see the agreements concluded by the Competition
Bureau with Direct Energy Marketing Limited or Reliance Comfort
Limited Partnership. In addition to ordering fines, Courts have
also ordered the implementation of compliance programs to prevent
violations to the Corruption of Foreign Public Officials
Act: Her Majesty the Queen v. Griffiths Energy
International, E-File No.: CCQ13GRIFFITHSENER, Action No.
130057425Q1, January 25, 2013 and Her Majesty the Queen v.
Niko Resources Ltd., E-File No.: CCQ11NIKORESOURCES, June
24, 2011.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
