DOJ Announces Updated Guidance on Evaluating Corporate Compliance Programs

The U.S. Department of Justice (DOJ) has released updated guidance on evaluating corporate compliance programs. The Evaluation of Corporate Compliance Programs updates prior guidance that was released by DOJ in February 2017.

In announcing the new guidance, Assistant Attorney General Brian A. Benczkowski characterized the update as “part of [DOJ’s] broader efforts in training, hiring, and enforcement to help promote corporate behaviors that benefit the American public and ensure that prosecutors evaluate the effectiveness of compliance in a rigorous and transparent manner.”

In announcing the update, Benczkowski emphasized that the new guidance is “neither a checklist nor a formula,” and that prosecutors would make an “individualized determination in each case.” While the evaluation guidance is framed as guidance for prosecutors, it nevertheless provides valuable insight for companies assessing their own compliance programs.

There isn’t much new or different in the updated guidance, but it does provide a useful, clear, and well-organized framework for evaluating compliance programs, built around three fundamental questions:

Is the program well designed?

Risk Assessments: The guidance advises prosecutors to “consider whether the compliance program is appropriate to the company and business,” but it allows them to “credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction in a low-risk area.”

Compliance Tools: Prosecutors are advised to assess a company’s compliance tools, including codes of conduct, and to determine whether the policies and procedures effectively integrate a culture of compliance into day-to-day operations.

Due Diligence: The guidance advises prosecutors to assess a company’s efforts to conduct due diligence on all partners, from vendors and distributors to acquisition targets. Prosecutors are directed to assess whether the company is applying “appropriate scrutiny” in conducting due diligence on business partners and counterparties, and whether the compliance program is set up to “enforce its internal controls.”

Is the program effectively implemented?

Tone at the Top: The guidance advises prosecutors to review whether a company’s culture truly shows a commitment to ethics and to compliance with the law. Key to this is whether senior management clearly articulates the company’s ethical standards, is able to communicate the standards, and demonstrates adherence to these standards through leading by example.

Oversight: Prosecutors are advised to evaluate whether those charged with implementing and operating the compliance program have the personnel, resources, and autonomy to “act with adequate authority and stature to prevent, detect, and mitigate compliance concerns.”

Incentives and Discipline: The guidance advises prosecutors to assess the company’s incentives for compliance and disincentives for noncompliance, and whether those incentives and disincentives are communicated, promoted, and enforced consistently across the organization.

Does the compliance program actually work in practice?

Improvement, Testing, and Review: Prosecutors are advised to consider whether a company’s compliance program is adaptable (has the “capacity to improve and evolve”) and whether the company has engaged in meaningful efforts to review its compliance program and to assess revisions “in light of lessons learned.”

Investigation of Misconduct: The revised guidance advises prosecutors to consider whether and how company misconduct was detected, what investigative efforts were conducted, and the nature and thoroughness of the company’s remedial efforts.

Remediation Efforts: Prosecutors are advised to consider whether the company undertook an “adequate and honest root cause analysis” to evaluate what contributed to the misconduct and to determine the degree of remediation needed to prevent similar events in the future.

“The Evaluation of Corporate Compliance Programs” can be found in whole here. The DOJ press release can be found here.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.