On April 30, 2019, the United States Department of Justice’s (DOJ) Criminal Division released “Evaluation of Corporate Compliance Programs,” a guidance document for prosecutors to evaluate corporate compliance programs. The guidance document updates a prior version released by the Criminal Division’s Fraud Section in 2017. The update is designed to “better harmonize” guidance across the Criminal Division’s sections and to provide “additional context” to the Division’s approach to assessing a company’s compliance program.
In a recent speech, DOJ Assistant Attorney General for the Criminal Division Brian A. Benczkowski stressed the importance of corporate compliance programs that promote “effective enforcement” within companies, noting that the Division spends “a lot of time talking about what companies can do to achieve the best result once the company or the Department [of Justice] learns of misconduct.” In that regard, the guidance document offers a window of insight into DOJ’s approach to assessing potential charging decisions, fines, or alternative resolutions (such as the appointment of a corporate monitor) for companies that have compliance programs in effect at the time of an alleged offense. Specifically, the guidance document identifies key topic areas that the Criminal Division “has frequently found relevant in evaluating a corporate compliance program” and organizes them into three broad questions that prosecutors ask in these circumstances:
- Is the program well designed?
Part I discusses the “hallmarks of a well-designed compliance program” with respect to risk assessment, company policies and procedures, training and communications, confidential reporting structures, and investigation processes. For example, with respect to evaluating a company’s policies and procedures, prosecutors should examine whether a code of conduct is in place that sets forth a “commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees” while at the same time considering whether the company incorporates “the culture of compliance into its day-to-day operations.”
- Is the program effectively implemented?
Part II covers the elements constituting a compliance program’s effective implementation, including a demonstrated commitment to a compliance culture by senior and middle management through, for example, compliance expertise among executives and the board of directors. The autonomy and independence of compliance personnel are also considered, along with the degree of company resources dedicated to supporting compliance functions. In addition, whether the company provides incentives for ethical behavior and whether appropriate disciplinary measures are in place to address misconduct are factors that prosecutors are encouraged to examine.
- Does the compliance program actually work in practice?
Part III discusses the guideposts for assessing whether a compliance program is operating effectively, including evaluation of a program’s capacity for continuous improvement through periodic testing and review. For example, prosecutors are encouraged to evaluate whether the company has undertaken studies to determine if particular areas of risk are sufficiently addressed in its policies, controls, or training. In addition, a new section in the revised guidance document, “Investigation of Misconduct,” urges prosecutors to consider whether internal investigations have been properly handled by the company and whether investigations were effectively used to determine the vulnerabilities that led to misconduct. A related consideration is whether appropriately tailored remediation efforts are in place following the discovery of misconduct.