Protocol for Implementation of Matrix Compliance Program

Protocol Approved by: Office of General Counsel; President Ruscio
History: Issued - - September 6, 2010
Responsible Office: Office of General Counsel
Matrix Compliance Program Approved by: Audit Subcommittee of the Finance
Committee of the Board of Trustees (standing Audit Committee since February, 2012)
Related Policies: Whistleblower Policy
Additional References: Compliance Matrix; Compliance Calendars

Introduction

Protocol Summary

This document establishes a protocol for implementation of Washington and Lee
University's Matrix Compliance Program to promote compliance with laws,
regulations, other external standards and "best practices," as well as compliance with
internal policies and procedures.

Applicability

This protocol applies to all University trustees, officers, faculty, staff, student employees,
students, and volunteers carrying out duties related to compliance
obligations of the University.

Definitions

"Cognizant Policy Officer" means a member of the President's Cabinet with overall
operational responsibility for designated compliance areas.

"Compliance Matrix" means the structure developed for the Washington and Lee
Compliance Program. It involves a decentralized matrix of offices and administrators
responsible for specific legal/regulatory compliance areas, coordinated and supported
by Office of General Counsel.

"Compliance Partner" means a University administrator responsible for the day-to-day
functional obligations relevant to an assigned compliance area and for coordinating
compliance activities with the Office of General Counsel and reporting to the
designated Cognizant Policy Officer for that compliance area.

Protocol

Background and Purpose

Washington and Lee University, as an institution of higher education and an employer, has myriad obligations for "compliance" with external and internal mandates and standards. There are multiple sources for such standards: (1) laws and agency regulations; (2) auditor mandates; (3) accreditation standards; (4) professional association/auditor/insurer or other external "best practices" standards; and (5) internal policies and procedures, which list is not exhaustive, but merely illustrative. The University has developed a framework for its institutional compliance program designed to satisfy the elements of an effective compliance program under the Federal Sentencing Guidelines, as amended. Those elements are: (1) standards and procedures in place to prevent and deter violations of law; (2) overall responsibility assigned to personnel with appropriate resources and authority, with the governing body knowledgeable about the program and exercising reasonable oversight and persons with operational authority for the program having authority for personal communications to the governing body or a subgroup; (3) personnel with substantial authority for the program are of high integrity and chosen with due diligence; (4) effective training programs and dissemination of information; (5) monitoring of compliance activities, reporting mechanisms for concerns of unlawful conduct, and effective follow up and investigation of reports; (6) consistent enforcement of standards through incentive and discipline; (7) appropriate responses to violations of law, including necessary modifications to the compliance program.

The University's Matrix Compliance Program takes into account the decentralized culture and institutional history of W&L, including our active and highly valued tradition of "shared governance." It avoids the creation of new bureaucracy and/or redundancy of efforts, while assigning responsibility for designated compliance areas to those administrators with the most pertinent knowledge of the impacted university operations. It also builds upon the existing support and resource role of the Office of General Counsel for all University administrators, departments and programs. The Matrix structure is designed to provide for coordination and documentation of existing and ongoing institutional compliance initiatives to meet increasing federal regulations, external standards, and "best practices."

Components of Matrix Compliance Program

The University's Matrix Compliance Program is divided into three components: (1) Legal/Regulatory Compliance Areas, which are clusters of laws/high risks/contractual duties, etc. (e.g., Financial Aid); (2) one or more Cognizant Policy Officers assigned to each Compliance Area, being a member of the President's Cabinet with overall operational responsibility for that compliance area (e.g., Provost for the Financial Aid area); and (3) one or more Compliance Partners assigned to each compliance area, being an administrator responsible for the day-to-day functional obligations relevant to his/her assigned compliance area and for coordinating compliance activities with the Office of General Counsel and the designated Cognizant Policy Officer for that compliance area (e.g., Director of Financial Aid for the Financial Aid area).

The role of Cognizant Policy Officers is to oversee policies relevant to their compliance areas, to monitor compliance efforts by the Compliance Partners responsible for their compliance areas and to receive periodic reports (not less than annually) on compliance initiatives and new compliance obligations from those Compliance Partners; to oversee follow up and response measures to reports of potential violations of law or other external standards in their compliance areas; and to provide leadership and authority for coordination of compliance activities with the Office of General Counsel and the Compliance Partners for their compliance areas. Cognizant Policy Officers have express authority to communicate personally with the Chair of the Audit Committee on the compliance program and/or possible criminal conduct that could expose the University to liability.

The role of Compliance Partners is to be responsible for the day-to-day functional compliance activities attendant to their designated compliance areas, whether that involves them personally carrying out such obligations or seeing to the assignment of compliance activities and confirming that they have been appropriately carried out. Compliance Partners are also responsible for seeing that Compliance Calendar items applicable to their compliance areas are handled in a timely fashion. Compliance Partners are expected to coordinate and collaborate with the Office of General Counsel, specifically with the Associate General Counsel and/or the General Counsel, on ongoing compliance matters. Compliance Partners are also expected to brief their Cognizant Policy Officers periodically (at least annually) on compliance initiatives and new compliance obligations, and to meet with the Office of General Counsel periodically (at least annually) on the status of compliance initiatives in their Compliance Areas. Compliance Partners have express authority to communicate personally with the Chair of the Audit Committee on the compliance program and/or possible criminal conduct that could expose the University to liability.

The role of the Office of General Counsel and the Associate General Counsel is to serve as a resource for all Cognizant Policy Officers, Compliance Partners, and other University constituents engaged in compliance activities in order to provide coordination and documentation of institutional compliance efforts. The General Counsel's Office will hold an initial meeting with each Cognizant Policy Officer and the Compliance Partners assigned to their compliance areas to provide an orientation to the Matrix Compliance Program structure, roles, operation, and resources. The General Counsel's Office will meet thereafter with Compliance Partners periodically (at least annually) to monitor the status of compliance initiatives; advise the President, President's Cabinet and President's Council periodically (at least annually) on compliance initiatives and obligations; brief the Audit Committee at each Board meeting or more often, as necessary, on institutional compliance matters; and brief the full Board, or other Board committees, as appropriate to particular compliance matters.

The role of the Audit Committee of the Board of Trustees is to exercise reasonable oversight of the compliance program and provide timely reports on the compliance program and particular compliance matters to the full Board of Trustees.