In their newly revised Evaluation of Corporate Compliance Programs, the U.S. Department of Justice (DOJ) has established a significant development in corporate compliance program expectations.  This new guidance is designed to assist prosecutors in program evaluation and brings together significant trends in ethics and compliance. The news acts as a prudent reminder of the ever-changing nature of corporate compliance, and of the continual need for iteration when it comes to any organization’s compliance policies and procedures.

The April 2019 revision supersedes the prior documentation, which was released in 2017. Organizations looking to create or augment their existing programs should use these new guidelines as a framework for program design and self-assessment. In addition to those within the DOJ’s Criminal Division, attorneys from the Office of the Assistant Attorney General, Fraud Section, and the Money Laundering and Asset Recovery Section all collaborated on the document.

“Effective compliance programs play a critical role in preventing misconduct, facilitating investigations, and informing fair resolutions,” Assistant Attorney General Brian A. Benczkowski said.  “Today’s guidance document is part of our broader efforts in training, hiring, and enforcement to help promote corporate behaviors that benefit the American public and ensure that prosecutors evaluate the effectiveness of compliance in a rigorous and transparent manner.”

What does it address?

The updated document addresses three fundamental questions designed to evaluate corporate compliance programs:

  1. Is the program well designed?
  2. Can it be effectively implemented?
  3. Does the program work in practice?

Where does this guidance apply?

The updated document applies to all corporate criminal cases, except for the antitrust division, cartels, and price fixing. For example, corporate healthcare fraud cases will fall under this guidance, as would automobile safety cases such as those recently levied against GM, Volkswagen, and Takada.

Certain regulatory requirements are unique to industry, such as the anti-money laundering regulations that are most relevant–though not exclusive–to financial institutions; other requirements are more general, such as the FCPA compliance measures that dictate a certain type of due diligence to be conducted on a company’s vendors, suppliers, and distributors. No matter the industry, corporate compliance programs are required to do business legally. To manage your financial, legal, regulatory, and reputational challenges, you can depend on Prescient’s Intelligence community-based due diligence services.

Characteristics of Effective Corporate Compliance Programs

Arrow trace on the white wall

According to the DOJ, characteristics of effective compliance programs include: senior and middle management enforcing a culture of compliance, internal auditing of current and new programs, training and communications addressing real-life scenarios, and prescribing a confidential reporting structure and investigation process.

Commitment by Senior and Middle Management

Senior and middle management roles are encouraged to enforce a culture of compliance. Prosecutors will assess “whether managers have tolerated greater compliance risks in pursuit of a new business or greater revenues.” With an increased focus on these managers, senior and middle management are being asked to demonstrate leadership in the company’s compliance and remediation efforts.

The Role of Internal Audit

To meet evolving risks, companies should monitor their ability to produce, execute, and improve sound compliance programs. The documentation instructs prosecutors to “assess whether a company’s internal audit function is identifying issues relevant to the risks that should be addressed by the compliance program.” The guidance also instructs prosecutors to “consider the process by which internal audit determines the location, frequency, and types of audits it conducts.”

Training and Communications

The DOJ advises training programs that incorporate “practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise.”

Confidential Reporting Structure and Investigation Process

Corporate anonymous reporting is also highlighted within the new guidance. The DOJ notes, “confidential reporting mechanisms are highly probative of whether a company has `established corporate governance mechanisms that can effectively detect and prevent misconduct.’” Prosecutors will be tasked with deciding if the company has an anonymous reporting mechanism in place, and if not, why.

Establishing a Program to Protect Your Organization

Outlook of British Museum

When establishing an effective corporate compliance program, companies should address their organizational structure, people, processes, and technology in addition to daily mitigation of any external risks. The benefits of developing an effective program can go beyond regulatory and legal compliance to include operational benefits. The DOJ’s updated guidance provides a more precise roadmap for companies to use in evaluating their compliance programs. Given the DOJ’s emphasis on compliance programs to defend against corporate misconduct, companies are advised to weigh their current and new programs against the updated guidance.