TABLE OF CONTENTS

Project Status at a Glance             xiii

Foreword            xv

Reporters’ Memorandum              xxi

CHAPTER 1

DEFINITIONS

§ 1.01. Definitions            1

CHAPTER 2

SUBJECT MATTER, OBJECTIVES, AND INTERPRETATION

§ 2.01. Subject Matter     5

§ 2.02. Objectives             8

§ 2.03. Characteristics of the Organization             10

§ 2.04. Interpretation      14

§ 2.05. Nonliability           15

CHAPTER 3

GOVERNANCE

TOPIC 1. GOVERNANCE IN COMPLIANCE AND

RISK MANAGEMENT – GENERAL

§ 3.01. Governance in Compliance and Risk Management 17

§ 3.02. Governance Actors            18

§ 3.03. Governance Map for Compliance and Risk Management     20

§ 3.04. Coordination of Compliance and Risk Management in Affiliated Organizations          20

§ 3.05. Governance Accommodations for Organizational Circumstances     22

§ 3.06. Qualifications of Primary Governance Actors for Compliance and

                  Risk Management         23

§ 3.07. The Role of the Board of Directors and Executive Management in

                  Promoting an Organizational Culture of Compliance and Risk Management           29

TOPIC 2. THE BOARD OF DIRECTORS – GENERAL

§ 3.08. Board of Directors’ Oversight of Compliance, Risk Management, and Internal Audit 36

TOPIC 3. THE BOARD OF DIRECTORS – COMMITTEES

§ 3.09. Delegation of Oversight Responsibilities by the Board of Directors to a

                 Committee or Group of its Members       52

§ 3.10. Compliance and Ethics Committee              58

§ 3.11. Risk Committee   68

§ 3.12. Role of the Audit Committee in Compliance and Risk Management 76

§ 3.13. The Role of the Compensation Committee in Compliance and Risk Management      84

TOPIC 4. EXECUTIVE MANAGEMENT

§ 3.14. Executive Management of Compliance and Risk Management          88

TOPIC 5. INTERNAL-CONTROL OFFICERS

§ 3.15. Chief Compliance Officer                101

§ 3.16. Chief Risk Officer               116

§ 3.17. Chief Audit Officer             129

§ 3.18. Compliance and Risk-Management Responsibilities of Chief Legal Officer    140

§ 3.19. Compliance and Risk-Management Responsibilities of the

                Human-Resources Officer            147

§ 3.20. Multiple Responsibilities of Internal-Control Officers            151

§ 3.21. Outsourcing, Use of Technology, and Engagement of Third-Party

               Service Providers              154

CHAPTER 5. COMPLIANCE

TOPIC 1. THE COMPLIANCE FUNCTION

§ 5.01. Nature of the Compliance Function             161

§ 5.02. Goals of the Compliance Function               162

§ 5.03. General Compliance Activities of Organizations      166

§ 5.04. Enterprise Compliance      169

TOPIC 2. EFFECTIVE COMPLIANCE

§ 5.05. Elements of an Effective Compliance Function        171

§ 5.06. Compliance Program        178

TOPIC 3. SPECIFIC COMPLIANCE ACTIVITIES

§ 5.07. Compliance Risk Assessment          188

§ 5.08. Compliance Advice            192

§ 5.09. Compliance Monitoring [Reserved]             194

§ 5.10. Training and Education     194

§ 5.11. Red Flags              196

§ 5.12. Escalation Within the Organization             199

§ 5.13. Compliance Under Legal Uncertainty          201

TOPIC 4. EMPLOYEES, AGENTS, AND COUNTERPARTIES

§ 5.14. Hiring of Employees, Retention of Agents, and Selection of Counterparties 202

§ 5.15. Background Checks           203

§ 5.16. Compensation     205

§ 5.17. Discipline              207

TOPIC 5. INTERNAL REPORTING

§ 5.18. Procedures for Internal Reporting [Reserved]          211

§ 5.19. Protecting Confidentiality of Internal Reporting [Reserved]               211

§ 5.20. Nonretaliation [Reserved]              211

TOPIC 6. THIRD-PARTY SERVICE PROVIDERS

§ 5.21. The Role of Third-Party Service Providers [Reserved]            211

§ 5.22. Attorneys [Reserved]        211

§ 5.23. External Auditors [Reserved]          211

TOPIC 7. INVESTIGATIONS

§ 5.24. The Decision to Investigate [Reserved]      211

§ 5.25. Scope of Internal Investigations [Reserved]             211

§ 5.26. The Investigator [Reserved]           211

§ 5.27. Privilege in Investigations [Reserved]          211

§ 5.28. Responding to Government Investigations [Reserved]         211

§ 5.29. Fairness to Employees During Investigations [Reserved]      211

§ 5.30. Responding to the Investigator’s Report [Reserved]             211

§ 5.31. Lessons Learned [Reserved]           211

TOPIC 8. COMPLIANCE BEYOND THE ORGANIZATION

§ 5.32. Responsibility of Parent Companies for Compliance in Subsidiaries [Reserved]           211

§ 5.33. Supply-Chain Due Diligence [Reserved]      211

§ 5.34. Vendor and Business-Partner Due Diligence [Reserved]       211

§ 5.35. Customer Due Diligence [Reserved]            211

TOPIC 9. ETHICS AND SOCIAL RESPONSIBILITY

§ 5.36. Commitment to Ethical Behavior [Reserved]           211

§ 5.37. Codes of Ethics [Reserved]             211

TOPIC 10. SPECIAL CONSIDERATIONS FOR NONPROFITS AND INTERNATIONAL FIRMS

§ 5.38. Special Considerations for International Firms [Reserved]   211

§ 5.39. Special Considerations for Nonprofit Organizations [Reserved]        211

Appendix. Black Letter of Tentative Draft No. 1     213