TABLE OF CONTENTS
Project Status at a Glance xiii
Foreword xv
Reporters’ Memorandum xxi
CHAPTER 1
DEFINITIONS
§ 1.01. Definitions 1
CHAPTER 2
SUBJECT MATTER, OBJECTIVES, AND INTERPRETATION
§ 2.01. Subject Matter 5
§ 2.02. Objectives 8
§ 2.03. Characteristics of the Organization 10
§ 2.04. Interpretation 14
§ 2.05. Nonliability 15
CHAPTER 3
GOVERNANCE
TOPIC 1. GOVERNANCE IN COMPLIANCE AND
RISK MANAGEMENT – GENERAL
§ 3.01. Governance in Compliance and Risk Management 17
§ 3.02. Governance Actors 18
§ 3.03. Governance Map for Compliance and Risk Management 20
§ 3.04. Coordination of Compliance and Risk Management in Affiliated Organizations 20
§ 3.05. Governance Accommodations for Organizational Circumstances 22
§ 3.06. Qualifications of Primary Governance Actors for Compliance and
Risk Management 23
§ 3.07. The Role of the Board of Directors and Executive Management in
Promoting an Organizational Culture of Compliance and Risk Management 29
TOPIC 2. THE BOARD OF DIRECTORS – GENERAL
§ 3.08. Board of Directors’ Oversight of Compliance, Risk Management, and Internal Audit 36
TOPIC 3. THE BOARD OF DIRECTORS – COMMITTEES
§ 3.09. Delegation of Oversight Responsibilities by the Board of Directors to a
Committee or Group of its Members 52
§ 3.10. Compliance and Ethics Committee 58
§ 3.11. Risk Committee 68
§ 3.12. Role of the Audit Committee in Compliance and Risk Management 76
§ 3.13. The Role of the Compensation Committee in Compliance and Risk Management 84
TOPIC 4. EXECUTIVE MANAGEMENT
§ 3.14. Executive Management of Compliance and Risk Management 88
TOPIC 5. INTERNAL-CONTROL OFFICERS
§ 3.15. Chief Compliance Officer 101
§ 3.16. Chief Risk Officer 116
§ 3.17. Chief Audit Officer 129
§ 3.18. Compliance and Risk-Management Responsibilities of Chief Legal Officer 140
§ 3.19. Compliance and Risk-Management Responsibilities of the
Human-Resources Officer 147
§ 3.20. Multiple Responsibilities of Internal-Control Officers 151
§ 3.21. Outsourcing, Use of Technology, and Engagement of Third-Party
Service Providers 154
CHAPTER 5. COMPLIANCE
TOPIC 1. THE COMPLIANCE FUNCTION
§ 5.01. Nature of the Compliance Function 161
§ 5.02. Goals of the Compliance Function 162
§ 5.03. General Compliance Activities of Organizations 166
§ 5.04. Enterprise Compliance 169
TOPIC 2. EFFECTIVE COMPLIANCE
§ 5.05. Elements of an Effective Compliance Function 171
§ 5.06. Compliance Program 178
TOPIC 3. SPECIFIC COMPLIANCE ACTIVITIES
§ 5.07. Compliance Risk Assessment 188
§ 5.08. Compliance Advice 192
§ 5.09. Compliance Monitoring [Reserved] 194
§ 5.10. Training and Education 194
§ 5.11. Red Flags 196
§ 5.12. Escalation Within the Organization 199
§ 5.13. Compliance Under Legal Uncertainty 201
TOPIC 4. EMPLOYEES, AGENTS, AND COUNTERPARTIES
§ 5.14. Hiring of Employees, Retention of Agents, and Selection of Counterparties 202
§ 5.15. Background Checks 203
§ 5.16. Compensation 205
§ 5.17. Discipline 207
TOPIC 5. INTERNAL REPORTING
§ 5.18. Procedures for Internal Reporting [Reserved] 211
§ 5.19. Protecting Confidentiality of Internal Reporting [Reserved] 211
§ 5.20. Nonretaliation [Reserved] 211
TOPIC 6. THIRD-PARTY SERVICE PROVIDERS
§ 5.21. The Role of Third-Party Service Providers [Reserved] 211
§ 5.22. Attorneys [Reserved] 211
§ 5.23. External Auditors [Reserved] 211
TOPIC 7. INVESTIGATIONS
§ 5.24. The Decision to Investigate [Reserved] 211
§ 5.25. Scope of Internal Investigations [Reserved] 211
§ 5.26. The Investigator [Reserved] 211
§ 5.27. Privilege in Investigations [Reserved] 211
§ 5.28. Responding to Government Investigations [Reserved] 211
§ 5.29. Fairness to Employees During Investigations [Reserved] 211
§ 5.30. Responding to the Investigator’s Report [Reserved] 211
§ 5.31. Lessons Learned [Reserved] 211
TOPIC 8. COMPLIANCE BEYOND THE ORGANIZATION
§ 5.32. Responsibility of Parent Companies for Compliance in Subsidiaries [Reserved] 211
§ 5.33. Supply-Chain Due Diligence [Reserved] 211
§ 5.34. Vendor and Business-Partner Due Diligence [Reserved] 211
§ 5.35. Customer Due Diligence [Reserved] 211
TOPIC 9. ETHICS AND SOCIAL RESPONSIBILITY
§ 5.36. Commitment to Ethical Behavior [Reserved] 211
§ 5.37. Codes of Ethics [Reserved] 211
TOPIC 10. SPECIAL CONSIDERATIONS FOR NONPROFITS AND INTERNATIONAL FIRMS
§ 5.38. Special Considerations for International Firms [Reserved] 211
§ 5.39. Special Considerations for Nonprofit Organizations [Reserved] 211
Appendix. Black Letter of Tentative Draft No. 1 213
Tentative Draft No. 1 contains Chapter 1, Definitions (excluding reserved definitions); Chapter 2, Subject Matter, Objectives, and Interpretation; Chapter 3, Governance; and §§5.01-5.08 and 5.10-5.17 of Chapter 5, Compliance. The draft was approved by the membership at the 2019 Annual Meeting, subject to the discussion at the Meeting and to the usual editorial prerogative. This material may be cited as representing the Institute’s position until the official text of the entire project is published.
TABLE OF CONTENTS
Project Status at a Glance xiii
Foreword xv
Reporters’ Memorandum xxi
CHAPTER 1
DEFINITIONS
§ 1.01. Definitions 1
CHAPTER 2
SUBJECT MATTER, OBJECTIVES, AND INTERPRETATION
§ 2.01. Subject Matter 5
§ 2.02. Objectives 8
§ 2.03. Characteristics of the Organization 10
§ 2.04. Interpretation 14
§ 2.05. Nonliability 15
CHAPTER 3
GOVERNANCE
TOPIC 1. GOVERNANCE IN COMPLIANCE AND
RISK MANAGEMENT – GENERAL
§ 3.01. Governance in Compliance and Risk Management 17
§ 3.02. Governance Actors 18
§ 3.03. Governance Map for Compliance and Risk Management 20
§ 3.04. Coordination of Compliance and Risk Management in Affiliated Organizations 20
§ 3.05. Governance Accommodations for Organizational Circumstances 22
§ 3.06. Qualifications of Primary Governance Actors for Compliance and
Risk Management 23
§ 3.07. The Role of the Board of Directors and Executive Management in
Promoting an Organizational Culture of Compliance and Risk Management 29
TOPIC 2. THE BOARD OF DIRECTORS – GENERAL
§ 3.08. Board of Directors’ Oversight of Compliance, Risk Management, and Internal Audit 36
TOPIC 3. THE BOARD OF DIRECTORS – COMMITTEES
§ 3.09. Delegation of Oversight Responsibilities by the Board of Directors to a
Committee or Group of its Members 52
§ 3.10. Compliance and Ethics Committee 58
§ 3.11. Risk Committee 68
§ 3.12. Role of the Audit Committee in Compliance and Risk Management 76
§ 3.13. The Role of the Compensation Committee in Compliance and Risk Management 84
TOPIC 4. EXECUTIVE MANAGEMENT
§ 3.14. Executive Management of Compliance and Risk Management 88
TOPIC 5. INTERNAL-CONTROL OFFICERS
§ 3.15. Chief Compliance Officer 101
§ 3.16. Chief Risk Officer 116
§ 3.17. Chief Audit Officer 129
§ 3.18. Compliance and Risk-Management Responsibilities of Chief Legal Officer 140
§ 3.19. Compliance and Risk-Management Responsibilities of the
Human-Resources Officer 147
§ 3.20. Multiple Responsibilities of Internal-Control Officers 151
§ 3.21. Outsourcing, Use of Technology, and Engagement of Third-Party
Service Providers 154
CHAPTER 5. COMPLIANCE
TOPIC 1. THE COMPLIANCE FUNCTION
§ 5.01. Nature of the Compliance Function 161
§ 5.02. Goals of the Compliance Function 162
§ 5.03. General Compliance Activities of Organizations 166
§ 5.04. Enterprise Compliance 169
TOPIC 2. EFFECTIVE COMPLIANCE
§ 5.05. Elements of an Effective Compliance Function 171
§ 5.06. Compliance Program 178
TOPIC 3. SPECIFIC COMPLIANCE ACTIVITIES
§ 5.07. Compliance Risk Assessment 188
§ 5.08. Compliance Advice 192
§ 5.09. Compliance Monitoring [Reserved] 194
§ 5.10. Training and Education 194
§ 5.11. Red Flags 196
§ 5.12. Escalation Within the Organization 199
§ 5.13. Compliance Under Legal Uncertainty 201
TOPIC 4. EMPLOYEES, AGENTS, AND COUNTERPARTIES
§ 5.14. Hiring of Employees, Retention of Agents, and Selection of Counterparties 202
§ 5.15. Background Checks 203
§ 5.16. Compensation 205
§ 5.17. Discipline 207
TOPIC 5. INTERNAL REPORTING
§ 5.18. Procedures for Internal Reporting [Reserved] 211
§ 5.19. Protecting Confidentiality of Internal Reporting [Reserved] 211
§ 5.20. Nonretaliation [Reserved] 211
TOPIC 6. THIRD-PARTY SERVICE PROVIDERS
§ 5.21. The Role of Third-Party Service Providers [Reserved] 211
§ 5.22. Attorneys [Reserved] 211
§ 5.23. External Auditors [Reserved] 211
TOPIC 7. INVESTIGATIONS
§ 5.24. The Decision to Investigate [Reserved] 211
§ 5.25. Scope of Internal Investigations [Reserved] 211
§ 5.26. The Investigator [Reserved] 211
§ 5.27. Privilege in Investigations [Reserved] 211
§ 5.28. Responding to Government Investigations [Reserved] 211
§ 5.29. Fairness to Employees During Investigations [Reserved] 211
§ 5.30. Responding to the Investigator’s Report [Reserved] 211
§ 5.31. Lessons Learned [Reserved] 211
TOPIC 8. COMPLIANCE BEYOND THE ORGANIZATION
§ 5.32. Responsibility of Parent Companies for Compliance in Subsidiaries [Reserved] 211
§ 5.33. Supply-Chain Due Diligence [Reserved] 211
§ 5.34. Vendor and Business-Partner Due Diligence [Reserved] 211
§ 5.35. Customer Due Diligence [Reserved] 211
TOPIC 9. ETHICS AND SOCIAL RESPONSIBILITY
§ 5.36. Commitment to Ethical Behavior [Reserved] 211
§ 5.37. Codes of Ethics [Reserved] 211
TOPIC 10. SPECIAL CONSIDERATIONS FOR NONPROFITS AND INTERNATIONAL FIRMS
§ 5.38. Special Considerations for International Firms [Reserved] 211
§ 5.39. Special Considerations for Nonprofit Organizations [Reserved] 211
Appendix. Black Letter of Tentative Draft No. 1 213
Tentative Draft No. 1 contains Chapter 1, Definitions (excluding reserved definitions); Chapter 2, Subject Matter, Objectives, and Interpretation; Chapter 3, Governance; and §§5.01-5.08 and 5.10-5.17 of Chapter 5, Compliance. The draft was approved by the membership at the 2019 Annual Meeting, subject to the discussion at the Meeting and to the usual editorial prerogative. This material may be cited as representing the Institute’s position until the official text of the entire project is published.