On February 8, 2017, and without the fanfare that often accompanies new policy guidance, the Fraud Section of the U.S. Department of Justice (DOJ) issued a new guidance document on corporate compliance programs (Compliance Guidance).  The stated purpose of the Compliance Guidance is to provide “sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program,” and reflects the influence of the DOJ Compliance Consultant, Hui Chen.   

Specifically, the Compliance Guidance outlines 11 broad “sample topics and questions” and includes questions focused on compliance program infrastructure, as well as potential process breakdowns.  A few highlights include:

• Analysis and Remediation of Underlying Misconduct. DOJ considers what the company’s “root cause analysis” was for the alleged misconduct.  Specifically, DOJ looks to whether the company identified any systemic issues and “who in the company was involved in making the analysis.”  DOJ also considers whether there were prior indications of misconduct along with whether the company has implemented changes to reduce the risk in the future. 
• Risk Assessment.  The DOJ also considers what kind of methodology the company used “to identify, analyze, and address the particular risks it faced.”  In addition, DOJ considers the type of information or metrics the company collected and used to aid in detecting the misconduct and how this information has “informed the company’s compliance program.” 
• Third Party Management.  The Compliance Guidance focuses on how companies manage third parties that present a significant risk.  Key considerations outlined in the Compliance Guidance include, among others:  (a) the business rationale for using third parties, (b) how the company analyzed the third party’s incentive model against its compliance risks, and (c) the manner in which the company monitored its third parties.
• Mergers and Acquisitions.  The Compliance Guidance also focuses on risks attendant to mergers and acquisitions, including what diligence was pursued before and after closing. There is also an emphasis on how the compliance program was integrated following the transaction.