DOJ-Informed Compliance Guidelines Help Home Depot Prepare for Potential Examination | Article
How does a company describe and demonstrate its commitment to compliance? And how does it prove to regulators and law enforcement that it cultivates, monitors, and encourages a proactive, compliance-focused corporate culture? If, God forbid, the Department of Justice (DOJ) called with questions about a particular legal issue, how would the company describe its efforts to comply with the relevant law or regulation?
Mia Reini, Senior Manager, Corporate Compliance and Enterprise Risk Management at The Home Depot, wanted to be proactive. The Home Depot, headquartered in Atlanta, is the world’s largest home improvement retailer. With approximately 500,000 employees in more than 2,300 stores in North America, the company is backed by a strong compliance program.
But how could the company prove its good faith compliance to a regulator, if someone ever came knocking on its door? Reini said The Home Depot decided to create a document that would answer questions the DOJ or another agency might one day have about the company’s compliance program. After reading the DOJ’s”Assessment of Corporate Compliance ProgramsLast updated in June 2020, she said she thought, “We really should write our answers to these questions.”
The resulting document, “Overview of Home Depot’s Compliance Program,” provided answers to questions posed by the DOJ guidelines. Point by point, the 30-page internal report explained how Home Depot had integrated compliance into its day-to-day operations.
Home Depot has agreed to share its report with Compliance Week but does not distribute it publicly.
Although not in Home Depot’s decision making, there is another reason why companies might consider formally defining their compliance program. The DOJ said it will consider the strength of a company’s compliance program and the support it receives from management when determining potential enforcement actions such as fines, mitigations, and enforcement. opportunity to assign supervision.
“Companies that seriously invest in improving their compliance programs and internal controls will be viewed better by the Department of Justice and by my Criminal Division,” Assistant Attorney General Kenneth Polite Jr. said at the conference. National Compliance Week in May. The risk of lawsuits will be significantly higher for organizations that don’t invest in compliance, Polite said.
The Home Depot outlines its compliance program
Using The Home Depot’s Annual Environmental, Social and Governance (ESG) Assessment report As a guide, Reini said he asked a technical writer and graphic designer to help him put together a compliance program summary report outlining the company’s compliance program design and the resources invested in it. The report would explain how the programs engage and empower associates in ongoing compliance and how they work in practice.
“We mapped our report to DOJ compliance guidelines,” Reini said. The report’s headings linked directly to sections of the DOJ guidelines, such as “Risk Assessment,” “Policies and Procedures,” and “Training and Communications.”
The report is peppered with “featured” stories about how Home Depot’s Foreign Corrupt Practices Act compliance program incorporates elements of the DOJ guidelines, “because we know the field FCPA compliance is important to the DOJ,” Reini said.
Highlight examples included targeted FCPA risk assessments in the Risk Assessment section of the report, the Whistleblower Hotline test call program in the Confidential Reporting Structure section, the training program The company’s FCPA in the training and communication section and the FCPA third-party monitoring program in the third section. – Party management section.
“The report also features stand-alone Q&As straight from DOJ compliance guidelines, compliance fast facts “did you know,” business examples of “compliance in action,” and brief case summaries of “programs.” of compliance in practice,'” Reini said. “We have also included images of representative compliance documents throughout.”
The report began by outlining the importance of compliance to Home Depot.
“The foundation of corporate responsibility is compliance with the laws and regulations that govern business activities. For The Home Depot, this compliance goes beyond simply following the rules. It aligns with our core values and is embedded in how we operate at all levels,” the report states.
The report details how the compliance function operates at The Home Depot, such as its management support, governance, allocated resources, training, policies and procedures, and more. Here are some takeaways for compliance professionals:
The company integrates compliance associates into the company. Associates, called compliance officers, are embedded across the company to “provide front-line guidance and monitor compliance risk” and “engage directly with front-line associates,” indicates the report. Managers specialize in 19 distinct compliance areas at The Home Depot and are empowered to monitor compliance-related data collected by the business units to which they are assigned.
The company oversees two compliance hotlines, with an internal monitor for action. In addition to reporting concerns to a manager or human resources partner, frontline associates can use the company’s whistleblower hotline and website, AwareLine.
A second hotline and website, the Supplier AlertLine, “enables suppliers, vendors, service providers and their employees to report any situation that appears to compromise our Home Depot values or compliance with the law,” the report said.
Both hotlines are operated by a third-party vendor, but members of the company’s compliance team “have full access to all AwareLine and AlertLine reports and are automatically alerted to serious and high-risk cases,” the company says. report. “Compliance team members advise on escalations and monitor the progress of investigations.”
On the Supplier Alert Line, Reini said, “We feel it is very important to have a separate, dedicated, 24/7/365 helpline for employees of our Suppliers, Suppliers and Service Providers. services to tell us if they are ever solicited or directed to do anything that violates the law or The Home Depot’s compliance standards or ethical expectations.We believe that having our Supplier AlertLine helps us better Adhere to DOJ compliance guidelines on “Confidential Reporting Structure and Investigation Process”.
Hotline cases are typically opened and being reviewed within days and monitored for rapid resolution. Associates, former associates, or vendors who submit reports receive tracking information and passwords to track their submissions.
The Home Depot has an Investigations Council, described in the report as “a cross-functional working group that serves as an executive-level forum” that provides engagement and awareness of compliance investigations at the highest levels of the organization. ‘company. Board members include the Home Depot’s general counsel and senior executives from the corporate compliance and internal audit teams. The council meets quarterly “to share updates, resources, benchmarking data and best practices for compliance investigations.”
Commitment to third-party compliance programs. The Home Depot conducts on-site audits of factories in countries around the world that supply the company with private label and direct import products. These facilities must maintain and provide access to on-site documentation regarding compliance and allow full access to production facilities and worker and production records.
If a compliance issue is identified, the supplier must remedy the situation and submit a corrective/preventive action plan to The Home Depot. The company conducted more than 1,400 on-site factory audits and more than 1,500 follow-up visits in 2020, according to the report.
The Home Depot launches uniform review processes and risk-based due diligence for Compliance Sensitive Service Providers (CSSPs), which are “agents or third-party service providers who provide services in areas such as finance and global procurement that are likely to involve interaction”. with foreign government officials on behalf of the company,” the report said. CSSPs must be recertified annually and are subject to reviews by The Home Depot’s internal audit team.
Using data analytics and artificial intelligence (AI) to monitor compliance risks. According to the report, The Home Depot uses data analytics tools to conduct annual compliance audits in areas such as FCPA compliance, non-merchant vendor fraud, and fraud monitoring in gift cards and brands.
The company also uses AI tools in its third-party management platform, allowing it to track compliance risks in real time with its CSSPs.
“We learned a lot more about our areas of compliance working on this project,” Reini said.