Federal Bureau of Investigation's Integrity and Compliance Program

摘要

In June 2007, the Federal Bureau of Investigation (FBI) established the Integrity and Compliance Program (ICP) to proactively identify and correct weaknesses in policy, training, monitoring, and auditing that could result in FBI employees violating the law as they conduct their work. The FBI defines a legal compliance risk as harm to the FBI caused by failures of FBI personnel to comply with the laws and policies governing FBI operations. The ICP is 2odeled on corporate compliance programs that institute systematic procedures to ensure that companies adhere to the laws that govern them. According to the FBIs 2008 State of the Integrity and Compliance Program report, the impetus for the FBI's establishment of the ICP was a 2007 Office of the Inspector General (OIG) report that found FBI personnel had not complied with laws and policies governing the use of National Security Letter authority. The OIG report stated that the FBI had issued these letters without proper authorization, made requests outside of the scope allowed by statute, and conducted unauthorized collection of telephone or Internet e-mail transactional records. We conducted this review to assess the performance of the FBI's ICP. The objectives of this review were to evaluate how the FBI's ICP: (1) identifies risks of non-compliance with laws, regulations, rules, and FBI and Department of Justice policies; (2) assesses identified risks; (3) analyzes highly ranked risks; (4) mitigates risks with adequate corrective actions; (5) monitors the implementation of the corrective actions to ensure that mitigation is effective; and (6) promotes a culture of integrity and ethical compliance throughout the FBI.