The U.S. Department of Justice (DOJ) recently issued a Guidance Document for its Evaluation of Corporate Compliance Programs. The Guidance Document applies directly to all of DOJ’s Criminal Division, and therefore applies to all of DOJ’s criminal investigations, including those related to FCPA, healthcare fraud and money laundering. It is to be used by prosecutors to evaluate:
whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligations).
Although the Guidance Document does not break any new ground, in that previous guidance and Justice Manual principles cover this subject matter, it does combine the sometimes disparate touchstones to provide a useful guide for benchmarking any corporate compliance program. In other words, this is a must-read for all corporate compliance professionals and attorneys who oversee corporate compliance programs.
The structure lays out the three “fundamental questions” that every prosecutor must ask in evaluating a corporation’s compliance program: “First, is the program well-designed? Second, is the program effectively implemented? And, third, does the compliance program actually work in practice?” The document then delves into each question, further subdividing them into the core components of a compliance program that address each question.
Under the first question, whether a corporation’s program is well-designed, the guidance discusses the company’s risk assessment, its policies and procedures, its training and communications, its confidential reporting structure and investigation process, its third party management and its procedures for mergers and acquisitions. The guidance contains further questions in each of these sub-divisions that focus on the key attributes of an effective program.
To evaluate whether a program is effectively implemented, the second question, the guidance looks to the commitment by senior and middle management, the autonomy and resources given to the program, the incentives and disciplinary measures in contains.
For the final question, does the program actually work in practice, the guidance further breaks it down to three parts: Is there continuous improvement, periodic testing and review; is there investigation of misconduct; and is there thoughtful analysis and remediation of any underlying misconduct?
The guidance recognizes that one size does not fit all and specifically states that “the Criminal Division does not use any rigid formula to assess the effectiveness of corporate compliance programs.” Thus, each company must determine what risks it faces and how best to implement an effective compliance program. As the guidance states: “each company’s risk profile and solutions to reduce its risks warrant particularized evaluation.”
The clear, straightforward guidance in this document should assist companies in evaluating their existing compliance programs and strengthening them should that be required.
[View source.]
