Certified Compliance and Ethics Professional (CCEP)
Certification-with 100% verified solutions-2023-2024
Which of the following BEST describes the purpose of training based upon risk assessment
findings?
A.) Reducing the organization's legal exposure
B.) Educating employees on laws and regulations
C.) Educating the board on the compliance program
D.) Reducing the organization's insurance premiums
A. Reducing the organization's legal exposure
A compliance and ethics professional investigates a report of sexual harassment. The
incident does not constitute sexual harassment, but reveals the employee's
misunderstandings of the harassment policy. Which of the following should be the FIRST
step in a corrective action plan?
A.) Consult outside counsel
B.) Disclose the incident to the EEOC
C.) Provide education and training on the policy
D.) Survey employees' understanding of the policy
C.) Provide education and training on the policy
Which of the following provides guidance for the development of a compliance program?
A.) Sarbanes-Oxley Act
B.) Federal Sentencing Guidelines
C.) Security and Exchange Commission
D.) Office for Civil Rights
B.) Federal Sentencing Guidelines
Which of the following is the BEST outcome of a compliance and ethics program?
A.) Mitigating risk
B.) Identifying risk
C.) Prioritizing risk
D.) Documenting risk
A.) Mitigating risk
Training on price-fixing is MOST important for which of the following staff?
A.) Management
B.) Sales
C.) Marketing
D.) Accounting
B.) Sales
A compliance and ethics program should include:
1. An employee benefits handbook
2. Document retention guidelines
3. Policies regarding confidentiality
4. A statement about the organization's culture
A.) 1,2, and 3 only
B.) 1, 2, and 4 only
C.) 1, 3, and 4 only
D.) 2, 3, and 4 only
D.) 2, 3, and 4 only
A US-based retail company has 250 stores in 30 states. Past compliance efforts have included
a silo-based approach with minimal oversight and the CEO acting as the Compliance and
Ethics Officer. One person in each state posted compliance-related information sent from
corporate, but there were no actual educational sessions. Policies and procedures were
developed by corporate and reviewed 5 years ago. The organization has decided that a more
dedicated approach is needed and hires a Compliance and Ethics Officer. Which of the
following actions should the new Compliance and Ethics Officer take FIRST?
A.) Conduct a compliance and ethics risk assessment
B.) Review organization-wide compliance policies
C.) Perform a statistically valid compliance audit
D.) Distribute a compliance training packet to employees
A.) Conduct a compliance and ethics risk assessment
An employee discloses to counsel and the compliance and ethics professional that a
supervisor has been verbally abusive. An investigation finds that the same supervisor has
also been sexually harassing several employees in his department. The compliance program
requires that findings of harassment be documented and forwarded by the compliance and
ethics professional to the CEO with a recommendation for appropriate discipline. Counsel
advises that no report be written because of possible litigation. The compliance and ethics
professional's BEST course of action is to:
A.) Follow counsel's advice
B.) Submit a written report
C.) Ask counsel to prepare the written report
D.) Recommend disciplinary action against counsel
C.) Ask counsel to prepare the written report
Even though counsel advises to not submit a report Compliance can suggest alternatives to
ensure the compliance program is being followed. By asking counsel to prepare the written
report it is then protected by attorney-client privilege and follows the compliance program.
A compliance and ethics professional is evaluating an organization's employee handbook. A
conflict exists between the Code of Conduct and the employee handbook. HR is responsible
for the employee handbook. The documents have been approved by the board of directors.
Which of the following actions should the compliance and ethics professional take FIRST?
A.) Post revised documents on the organization's website
B.) Schedule a time during the next board meeting to present revised documents
C.) Schedule a meeting with HR, general counsel, and the board to discuss the issue
D.) Contact HR to determine if the inconsistencies between the documents can be resolved
D.) Contact HR to determine if the inconsistencies between the documents can be resolved
Escalate to the lowest level when possible
A company's Code of Conduct has not been reviewed for over 2 years. HR recommended
adding content that would double its size. The compliance committee members expressed
concern that adding a significant amount of content could negatively impact its
effectiveness. Which of the following is the compliance and ethics professional's NEXT step
before consolidating revisions?
A.) Request guidance from the board of directors
B.) Contract with a consultant to rewrite the Code of Conduct
C.) Compare the content outline with other organizations
D.) Rewrite the content based on Federal Sentencing Guidelines
C.) Compare the content outline with other organizations
Benchmarking
Which of the following is the MOST convincing demonstration of the effectiveness of a
company's ethical standards?
A.) Implementation of an anonymous reporting and feedback system
B.) Termination of an executive who embezzled a small amount of money
C.) Suspension of an employee who failed to complete compliance training
D.) Production of the organization's professional printed Code of Conduct
B.) Termination of an executive who embezzled a small amount of money
A compliance and ethics professional has developed a policy intended to prohibit employees
from paying, offering, or promising to pay officials of other countries for the purpose of
obtaining or maintaining business. This policy will help the organization comply with the:
A.) Sherman Act
B.) USA Patriot Act
C.) Anti-Money Laundering Act
D.) Foreign Corrupt Practices Act
D.) Foreign Corrupt Practices Act
A company receives a federal subpoena from the government requesting all of the
company's documents from 1990 to the present. The company's compliance and ethics
professional has been asked to respond to the subpoena and to advise the company's
employees on their role in the process. Which of the following should the company's
compliance and ethics professional do FIRST?
A.) Obtain documents and determine which to release
B.) Consult with the company's general counsel
C.) Gather documents and turn them over to the government
D.) Notify all employees that all documents must be retained
B.) Consult with the company's general counsel
Which of the following is MOST helpful in determining how a company prioritizes its risk?
A.) Historical data
B.) Policies and procedures
C.) Incentive program
D.) Market competition
A.) Historical data
In which of the following would an employee's obligation to report misconduct MOST likely
be discussed?
A.) Job interview
B.) Manager's meeting
C.) New employee orientation
D.) Audit committee meetings
C.) New employee orientation
According to the Sarbanes-Oxley Act, which of the following corporate employees can be
employed by a corporation's audit firm during the 1-year period preceding an audit?
A.) CEO
B.) Controller
C.) Chief Accounting Officer
D.) Compliance and Ethics Professional
D.) Compliance and Ethics Professional
Which of the following departments in a large drug manufacturing company is MOST likely
to have the highest risk of non-compliance?
A.) Transportation
B.) Customer service
D.) Compliance and Ethics Professional
D.) Repair and Maintenance
D.) Compliance and Ethics Professional
A compliance and ethics professional should be perceived as the company's:
A.) Legal resource
B.) Ethical conscience
C.) Employee champion
D.) Enforcement authority
B.) Ethical conscience
A compliance and ethics professional is auditing the organization's compliance with the
Sarbanes-Oxley Act. Which of the following audit findings indicates a violation?
A.) The public accounting firm providing audit services has had the same audit partner
reviewing the audits for the past 6 years.
B.) The previous public accounting firm was the past employer of the company's current
controller who participated in an audit 4 years ago.
C.) The previous public accounting firm is providing bookkeeping related to the accounting
records and financial statements that they once audited.
D.) The public accounting firm providing audit services has been contracted
A.) The public accounting firm providing audit services has had the same audit partner
reviewing the audits for the past 6 years.
Under In re Caremark Int'l., the basic fiduciary duty of care principle is characterized as
acting in good faith with:
A.) Reasonable care of management under similar circumstances
B.) Reasonable care of an organization under similar circumstances
C.) The care of an ordinary prudent person under similar circumstances
D.) The care of another compliance and ethics professional under similar circumstances
C.) The care of an ordinary prudent person under similar circumstances
Which of the following BEST describes the primary role of a compliance and ethics
professional?
A.) Ensures that risks are appropriately prioritized
B.) Performs background checks on new employees
C.) Includes compliance and ethics questions in exit interviews
D.) Promotes a culture of compliance and ethics throughout the organization
D.) Promotes a culture of compliance and ethics throughout the organization
Which of the following is a key component of a compliance and ethics program?
A.) On-going training
B.) Employee surveys
C.) Monthly employee meetings
D.) Company newsletter
A.) On-going training
A CFO discovers the CEO is using company funds for personal expenses. The CFO buried this
information in the company's financial reports. The compliance and ethics professional
learns of the situation through the company's hotline. Which of the following should be the
compliance and ethics professional's FIRST response?
A.) Retain outside counsel
B.) Recommend suspension of the CEO
C.) Investigate to verify the allegation
D.) Disclose the issue and terminate the CEO
C.) Investigate to verify the allegation
A compliance structural policy differs from a substantive policy in that a structural policy
should:
A.) Describe the risk areas to the organization
B.) Describe how to operate within the regulations
C.) Define the regulations that apply to the organization
D.) Define the framework the program should operate within
D.) Define the framework the program should operate within
According to the Federal Sentencing Guidelines, "substantial authority personnel" MOST
likely refers to the:
A.) Production line manager
B.) Purchasing supervisor
C.) Internal audit secretary
D.) HR benefits associate
B.) Purchasing supervisor
HR asks the compliance and ethics professional if the company can provide a vendor with
names and e-mail addresses of the company's sales employees to promote a new incentive
plan. Some of the employees live and work outside the U.S. Which of the following is the
MOST appropriate action for the compliance and ethics professional to take?
A.) Direct human resources to comply with the vendor's privacy policies B.) Ask the vendor
to sign a confidentiality agreement before providing the information
C.) Consult the legal department for advice on applicable privacy laws to ensure compliance
D.) Instruct HR not to provide the information because it would violate international privacy
laws
C.) Consult the legal department for advice on applicable privacy laws to ensure compliance
Adherence to the compliance and ethics program should be incorporated as an element in
evaluations of supervisors who:
A.) Are new to the company within the last 12 months
B.) Received training during the evaluation period
C.) Have previously noted compliance violations
D.) Are in all levels of the organization
D.) Are in all levels of the organization
Which of the following do the Federal Sentencing Guidelines require of an organization's
governing authority?
A.) Reasonable oversight of the compliance and ethics program
B.) Responsibility for the development of the compliance and ethics program
C.) Day-to-day operational responsibility for the compliance and ethics program
D.) Periodic reporting of the effectiveness of the compliance and ethics program
A.) Reasonable oversight of the compliance and ethics program
A supervisor is informed that a subordinate employee has lodged a complaint against the
company through the hotline. Which of the following documents should the compliance and
ethics professional review with the supervisor FIRST?
A.) Code of conduct
B.) Confidentiality policy
C.) Non-retaliation policy
D.) Compliance manual
C.) Non-retaliation policy
A company's compliance and ethics professional receives an anonymous hotline call alleging
that the CFO has embezzled millions of dollars. The caller states the money is from an
identifiable account. Which of the following should the compliance and ethics professional
do FIRST?
A.) Report the matter to the company's Board of Directors
B.) Contact local law enforcement immediately
C.) Verify the money has been misappropriated
D.) Self-disclose to the appropriate governmental agency
C.) Verify the money has been misappropriated
What are the three principles of the Code of Professional Ethics for Compliance and Ethics
Professionals
Principle I - Obligations to the Public
Principle II - Obligations to the Employing Organization
Principle III - Obligations to the Profession
The compliance and ethics professional is discussing safeguard policies related to the
security rule. What type of safeguard is MOST closely related to policies regarding access
controls, audit controls, integrity controls, and transmission security?
A.) Mental safeguards
B.) Technical safeguards
C.) Administrative safeguards
D.) Physical safeguards.
B.) Technical safeguards
Under the security rule, covered entities must ensure compliance of the security rule by the
entire workforce, protect against anticipated impermissible use of ePHI, identify and work to
protect against anticipated threats to the security of information, and to ensure
confidentiality of all ePHI. Covered entities must maintain technical safeguards (access
controls, audit controls, integrity controls, and transmission security), physical safeguards
(facility access and control and workstation and device security), and administrative
safeguards (security management processes, information access management, and
workforce training management).
Why must CEPs be careful when it comes to conflicts of interest within the employing
organization?
A.) Conflicts of interest may cause too many employees to become CEPs
B.) Conflicts of interest may create divided loyalties
C.) Conflicts of interest may create bonded loyalties
D.) Conflicts of interest may cause too few people to become CEPs
B.) Conflicts of interest may create divided loyalties
Conflicts of interest is a situation in which a person or organization is involved in multiple
interests, financial interest, or otherwise, one of which could possibly corrupt the motivation
of the individual or organization. Conflicts of interest may create divided loyalties. Therefore,
CEPs are not allowed to get involved in any type of conflicts of interest.
A compliance manager is recommending resources to ensure that the compliance and
communication is implemented correctly. What would be recommended?
A.) Code of conduct
B.) Disciplinary action
C.) Online reporting system
D.) Screening
C.) Online reporting system
All of the answer can help improve compliance. Online reporting systems, however, allow
the employee to communicate misconduct. This encourages both compliance and
communication.
A compliance officer needs feedback on a training program. When would this be asked for?
A.) Before the program is created
B.) During the training
C.) After the training is complete
D.) All of the above
D.) All of the above
Feedback is essential to the effectiveness of a training program. The compliance program
needs to request feedback at every stage of the training program to guide its, creation,
implementation, and evaluation.
When measuring the effectiveness of the compliance program, it is important to make sure
the metrics and indicators meet the SMART format. What does "S" stand for?
A.) Specific
B.) Suitable
C.) Screenable
D.) Separate.
A.) Specific
All key metrics and indicators should be SMART.
S – Specific
M – Measurable
A – Actionable
R – Relevant
T - Timely
The compliance and ethics professional is discussing ethics hotlines. He stated that all of the
following are common names for the hotline, except:
A.) Forced hotlines
B.) Employee hotlines
C.) Whistleblower hotlines
D.) Compliance hotlines
A.) Forced hotlines
Ethics hotlines are commonly called employee hotlines, whistleblower hotlines, and
compliance hotlines. Hotlines are used to help uncover issues and address problems before
they worsen. Hotlines are used to create a safer and more ethical workplace. They are low
cost. Hotlines can be either anonymous or public. They address issues regarding: security,
safety, harassment, discrimination, theft, fraud, compliance and code of conduct.
What goal should investigators keep in mind when interviewing employees?
A.) Fulfilling ethical obligations
B.) Preserving confidentiality
C.) Obtaining truthful information
D.) All of the above
D.) All of the above
There are four goals that investigators should keep in mind when interviewing employees. In
addition to the three above goals, they should minimize their and the company's criminal
and legal exposure during the investigation process.
The compliance and ethics professional is working with the initial reports from a compliance
investigation. Which of the following is true for the compliance and ethics professional?
A.) The professional must ensure they are written and maintained to preserve attorney client
privileges
B.) The professional must ensure they are written and maintained to eliminate attorney
client privileges
C.) The professional must ensure they are not kept in written form to preserve attorney
client privileges
D.) The professional must ensure they are available to all members of the hospital.
A.) The professional must ensure they are written and maintained to preserve attorney client
privileges
It is important that proper compliance investigations and response occur. The hospital must
take all reports seriously and look into each complaint. It is important to state that no
promises are made to any employee regarding their liability in an investigation. During an
investigation, it will be determined whether the violation relates to federal law, state law, or
hospital policies. Initial reports, corrective actions plans, and investigations must be written
and maintained to preserve attorney client privileges, self- evaluative privileges and work
product privileges.
When compliance risks have been identified and measured, they need to be prioritized.
Some risks will require more effort and resources to address than others, due to the nature
of their severity. Those risks are ideally categorized as:
A.) Low risk items
B.) Ideal risk items
C.) Mid-level risk items
D.) High risk items
D.) High risk items
High risk items typically will be those that have a high likelihood of occurrence, people raise
repeatedly, are hard to detect, or will have a significant impact if they were to occur.
Moderate risk items might be those that are frequently mentioned, but have high or
moderate detectability scores. Lower risk categories are unlikely or those that could be likely,
but would have a low impact upon occurrence. Ideal risks items do not exist.
The compliance officer is discussing risk assessment and documentation that is effective in
recognizing risk areas. Of the following, which would be effective in doing so?
A.) SOX
B.) OIG audit reports
C.) External audit reports
D.) All of the above
D.) All of the above
In addition to the above, there are many other documents that help with identifying risk
areas. Some of these include strategic plans, organizational charts, and internal audit
reports.
CODE OF PROFESSIONAL ETHICS - CCEP
Compliance and ethics programs serve a critical role in helping to
and
misconduct at and by organizations and to promote ethical business
environments.
prevent, detect
CODE OF PROFESSIONAL ETHICS - CCEP
The development and rigorous implementation of effective compliance and ethics programs
protects
,
, the
and the
at large.
Compliance and ethics professionals (CEPs) understand that the services we provide require
the highest standards of
,
and
.
investors, consumers, the business community and the public at large.
professionalism, integrity and competence.
CODE OF PROFESSIONAL ETHICS - CCEP
The Code of Ethics consists of two kinds of standards:
Principles and Rules of Conduct.
CODE OF PROFESSIONAL ETHICS - CCEP
What are the Principles?
and
.
The Principles are broad standards that provide a framework for the more detailed Rules of
Conduct.
CODE OF PROFESSIONAL ETHICS - CCEP
What are the Rules of Conduct?
The Rules of Conduct are specific standards that prescribe the minimum level of professional
conduct expected of CEPs.
CODE OF PROFESSIONAL ETHICS - CCEP
Principle I - Obligations to the Public
Explain Principle 1 and Rule 1.1, Rule 1.2, Rule 1.3, Rule 1.4
Compliance and ethics professionals (CEPs) should abide by and promote compliance with
the spirit and the letter of the law governing their employing organization’s conduct and
exemplify the highest ethical standards in their professional conduct in order to contribute
to the public good.
R1.1 CEPs shall not aid, abet or participate in misconduct.
R1.2 CEPs shall take such steps as are necessary to prevent misconduct by their employing
organizations.
Commentary: The CEP’s actions to prevent misconduct must, of course, be legal and ethical.
Where a CEP has done what he or she can to prevent misconduct within the bounds of the
law and business ethics, but is nonetheless unsuccessful in preventing misconduct, he or she
should refer to Rule 1.4.
R1.3 CEPs shall exercise sound judgment in responding to or cooperating with all official and
legitimate government investigations of or inquiries concerning their employing
organization. Commentary: While the role of the CEP in a government investigation may
vary, the CEP shall never obstruct or lie in an investigation.
R1.4 If, in the course of their work, CEPs become aware of any decision by their employing
organization which, if implemented, would constitute misconduct, the professional shall: (a)
refuse to consent to the decision; (b) escalate the matter, including to the highest governing
body, as appropriate; (c) if serious issues remain unresolved after exercising “a” and “b”,
consider resignation; and (d) report the decision to public officials when required by law.
Commentary: The duty of a compliance and ethics professional goes beyond a duty to the
employing organization, inasmuch as his/her duty to the public and to the profession
includes prevention of organizational misconduct. The CEP should exhaust all internal means
available to deter his/her employing organization, its employees and agents from engaging
in misconduct. The CEP should escalate matters to the highest governing body as
appropriate, including whenever: a) directed to do so by that body, e.g., by a board
resolution; b) escalation to management has proved ineffective; or c) the CEP believes
escalation to management would be futile. CEPs should consider resignation only as a last
resort, since CEPs may be the only remaining barrier to misconduct. A letter of resignation
should set forth to senior management and the highest governing body of the employing
organization in full detail and with complete candor all of the conditions that necessitate
his/her action. In complex organizations, the highest governing body may be the highest
governing body of a parent corporation.
CODE OF PROFESSIONAL ETHICS - CCEP
Principle I - R1.4 If, in the course of their work, CEPs become aware of any decision by their
employing organization which, if implemented, would constitute misconduct, the
professional shall:
Explain the 4 things a CEP should do and in order of escalation.
(a) refuse to consent to the decision
(b) escalate the matter, including to the highest governing body, as appropriate
(c) if serious issues remain unresolved after exercising “a” and “b”, consider resignation and
report the decision to public officials when required by law.
Resignation should be a last resort since a CEP may by the only remaining barrier to conduct.
CODE OF PROFESSIONAL ETHICS - CCEP
Principle II - Obligations to the Employing Organization
Explain Principle II and R2.1, R2.2, R2.3, R2.4, R2.5, R2.6, R2.7, R2.8
Compliance and ethics professionals (CEPs) should serve their employing organizations with
the highest sense of integrity, exercise unprejudiced and unbiased judgment on their behalf,
and promote effective compliance and ethics programs.
R2.1 CEPs shall serve their employing organizations in a timely, competent and professional
manner.
Commentary: CEPs are not expected to be experts in every field of knowledge that may
contribute to an effective compliance and ethics program. CEPs venturing into areas that
require additional expertise shall obtain that expertise by additional education, training or
through working with others with such expertise. CEPs shall have current and general
knowledge of all relevant fields of knowledge that reasonably might be expected of a
compliance and ethics professional, and shall take steps to ensure that they remain current
by pursuing opportunities for continuing education and professional development.
R2.2 CEPs shall ensure to the best of their abilities that employing organizations comply with
all relevant laws.
Commentary: While CEPs should exercise a leadership role in compliance assurance, all
employees have the responsibility to ensure compliance.
R2.3 CEPs shall investigate with appropriate due diligence all issues, information, reports
and/or conduct that relates to actual or suspected misconduct, whether past, current or
prospective.
Commentary: In organizations where other professionals (such as the Legal Department) are
responsible for investigation of suspected misconduct, CEPs satisfy this Rule by reporting
suspected misconduct to such professionals in accordance with established reporting
procedures.
R2.4 CEPs shall keep senior management and the highest governing body informed of the
status of the compliance and ethics program, both as to the implementation of the program
and about areas of compliance risk.
Commentary: The CEP’s ethical duty under this rule complements the duty of senior
management and the highest governing body to assure themselves “that information and
reporting systems exist in the organization that are reasonably designed to provide to senior
management and to the board itself timely, accurate information sufficient to allow
management and the board, each within its scope, to reach informed judgments concerning
both the corporation’s compliance with law and its business performance.” In re Caremark
International Inc., Derivative Litigation, 1996 WL 549894, at 8 (Del. Ch. Sept. 25, 1996)
R2.5 CEPs shall not aid or abet retaliation against any employee who reports actual,
potential or suspected misconduct, and shall strive to implement procedures that ensure the
protection from retaliation of any employee who reports actual, potential or suspected
misconduct.
Commentary: CEPs should preserve to the best of their ability, consistent with other duties
imposed on them by this Code of Ethics, the anonymity of reporting employees, if such
employees request anonymity. Further, they shall conduct the investigation of any actual,
potential or suspected misconduct with utmost discretion, being careful to protect the
reputations and identities of those being investigated.
R2.6 CEPs shall carefully guard against disclosure of confidential information obtained in the
course of their professional activities, recognizing that under certain circumstances
confidentiality must yield to other values or concerns, e.g., to stop an act which creates
appreciable risk to health and safety, or to reveal a confidence when necessary to comply
with a subpoena or other legal process.
Commentary: It is not necessary to reveal confidential information to comply with a
subpoena or legal process if the communications are protected by a legally recognized
privilege (e.g., attorney client privilege).
R2.7 CEPs shall take care to avoid any actual, potential or perceived conflicts between the
interests of the employing organization and either the CEP’s own interests or the interests of
individuals or organizations outside the employing organization with whom the CEP has a
relationship. CEPs must disclose and ethically handle conflicts of interest and must remove
significant conflicts whenever possible. Conflicts of interest may create divided loyalties.
CEPs shall not permit loyalty to individuals in the employing organization with whom they
have developed a professional or a personal relationship to interfere with or supersede the
duty of loyalty to the employing organization and/or the superior responsibility of upholding
the law, ethical business conduct and this Code of Ethics.
Commentary: If CEPs have any business association, direct or indirect financial interest, or
other interest that could influence their judgment in connection with their performance as a
professional, the CEPs shall fully disclose to their employing organizations the nature of the
business association, financial interest, or other interest. If a report, investigation or inquiry
into misconduct relates directly or indirectly to activity in which the CEP was involved in any
manner, the CEP must disclose in writing the precise nature of that involvement to the
senior management of the employing organization before responding to a report or
beginning an investigation or inquiry into such matter, and must recuse him or herself from
such investigation or inquiry, if appropriate. Despite this requirement, such involvement in a
matter subject to a report, investigation or inquiry will not necessarily prejudice the CEP’s
ability to fulfill his/her responsibilities in that regard.
R2.8 CEPs shall not mislead employing organizations about the results that can be achieved
through the use of their services.
Commentary: CEPs should not create unreasonable expectations with respect to the impact
or results of their services.
CODE OF PROFESSIONAL ETHICS - CCEP
Principle III Obligations to the Profession
Explain Principle III and
Compliance and ethics professionals (CEPs) should strive, through their actions, to uphold
the integrity and dignity of the profession, to advance the effectiveness of compliance and
ethics programs and to promote professionalism in compliance and ethics.
R3.1 CEPs shall pursue their professional activities, including investigations of misconduct,
with honesty, fairness and diligence.
Commentary: CEPs shall not agree to unreasonable limits that would interfere with their
professional ethical and legal responsibilities. Reasonable limits include those that are
imposed by the employing organization’s resources. If management of the employing
organization requests an investigation but limits access to relevant information, CEPs shall
decline the assignment and provide an explanation to the highest governing authority of the
employing organization. CEPs should diligently strive to promote the most effective means to
achieve compliance.
R3.2 Consistent with Rule 2.6, CEPs shall not disclose without consent or compulsory legal
process confidential information about the business affairs or technical processes of any
present or former employing organization. Such disclosure could erode trust in the
profession or impair the ability of compliance and ethics professionals to obtain such
information from others in the future.
Commentary: CEPs need free access to information to function effectively and need the
ability to communicate openly with any employee or agent of an employing organization.
Open communication depends upon trust. Misuse and abuse of the work product of
compliance and ethics professionals poses a serious threat to compliance and ethics
programs. CEPs shall not use confidential information in any way that violates the law or
their legal duties, including duties to their employing organizations. When adversaries in
litigation use an organization’s own self-policing work against it, the credibility of CEPs may
be undermined. CEPs are encouraged to work with legal counsel to protect confidentiality
and to minimize litigation risks. It is not necessary to reveal confidential information to
comply with compulsory legal process if the confidential information is protected by a legally
recognized privilege (e.g., attorney client privilege).
R3.3 CEPs shall not make misleading, deceptive or false statements or claims about their
professional qualifications, experience or performance.
R3.4 CEPs shall not attempt to falsely damage the professional reputation of other
compliance and ethics professionals.
Commentary: In order to promote collegiality and civility in the profession, CEPs shall not
make any statements concerning other CEPs that are defamatory in nature.
R3.5 CEPs shall maintain their competence with respect to developments within the
profession, including knowledge of and familiarity with current theories, industry practices,
and laws.
Commentary: CEPs shall pursue a reasonable and appropriate course of continuing
education, including but not limited to review of relevant professional and industry journals
and publications, communication with professional colleagues and participation in open
professional dialogues and exchanges through attendance at conferences and membership
in professional associations.