[Official Commentary and Application Notes to United States Sentencing
Guidelines § 8A1.2, subsection 3 (k).(1– 7) (1998).]
An ‘effective program to prevent and detect violations of law’ means a program
that has been reasonably designed, implemented, and enforced so that it
generally will be effective in preventing and detecting criminal conduct. Failure
to prevent or detect the instant offense, by itself, does not mean that the
program was not effective. The hallmark of an effective program to prevent
and detect violations of law is that the organization exercised due diligence in
seeking to prevent and detect criminal conduct by its employees and other
agents. Due diligence requires at a minimum that the organization must have
taken the following types of steps:
(1) The organization must have established compliance standards and
procedures to be followed by its employees and other agents that are
reasonably capable of reducing the prospect of criminal conduct.
(2) Specific individual(s) within high-level personnel of the organization must
have been assigned overall responsibility to oversee compliance with such
standards and procedures.
(3) The organization must have used due care not to delegate substantial
discretionary authority to individuals whom the organization knew, or should
have known through the exercise of due diligence, had a propensity to engage
in illegal activities.
(4) The organization must have taken steps to communicate effectively its
standards and procedures to all employees and other agents, e.g., by requiring
participation in training programs or by disseminating publications that explain
in a practical manner what is required.
(5) The organization must have taken reasonable steps to achieve compliance
with its standards, e.g., by utilizing monitoring and auditing systems reasonably
designed to detect criminal conduct by its employees and other agents and by
having in place and publicizing a reporting system whereby employees and
other agents could report criminal conduct by others within the organization
without fear of retribution.
(6) The standards must have been consistently enforced through appropriate
disciplinary mechanisms, including, as appropriate, discipline of individuals
responsible for the failure to detect an offense. Adequate discipline of
individuals responsible for an offense is a necessary component of
enforcement; however, the form of discipline that will be appropriate will be
(7) After an offense has been detected, the organization must have taken all
reasonable steps to respond appropriately to the offense and to prevent further
similar offenses—including any n