criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.
(c) In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.
1. Definitions.—For purposes of this guideline:
"Compliance and ethics program" means a program designed to prevent and detect criminal conduct.
"Governing authority" means the (A) the Board of Directors; or (B) if the organization does not have a Board of Directors, the highest-level governing body of the organization.
"High-level personnel of the organization" and "substantial authority personnel" have the meaning given those terms in the Commentary to §8A1.2 (Application Instructions -Organizations).
"Standards and procedures" means standards of conduct and internal controls that are reasonably capable of reducing the likelihood of criminal conduct.
2. Factors to Consider in Meeting Requirements of this Guideline.—
(A) In General.—Each of the requirements set forth in this guideline shall be met by an organization; however, in determining what specific actions are necessary to meet those requirements, factors that shall be considered include: (i) applicable industry practice or the standards called for by any applicable governmental regulation; (ii) the size of the organization; and (iii) similar misconduct.
(B) Applicable Governmental Regulation and Industry Practice.—An organization’s failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective compliance and ethics program.