DOJ Evaluation of Corporate Compliance Programs
Government Enforcement Update
On April 30, 2019, the Department of Justice (DOJ), Criminal Division released a new guidance document intended to assist prosecutors in evaluating corporate compliance programs and guide corporations in creating them. The new guidance updates a prior version issued in February 2017. While written for prosecutors, the guidance provides a helpful roadmap for businesses reviewing and updating their compliance plans and should be considered mandatory reading for those operating in highly regulated industries, such as healthcare, life sciences, financial services, and energy.
Background for DOJ Action
Several DOJ documents already inform how prosecutors and courts assess a corporation’s compliance program. For example, the Justice Manual (renamed U.S. Attorney’s Manual), which is the principal collection of DOJ policies and procedures, includes “Principles of Federal Prosecution of Business Organizations.” The section lays out certain factors that prosecutors should consider in assessing a compliance program and deciding whether to prosecute. In addition, in October 2018, Assistant Attorney General Benczkowski issued a new memorandum entitled, “Selection of Monitors in Criminal Division Matters,” which applies to Criminal Division matters. That memo retains much of the past guidance on the selection of monitors while elaborating on the considerations of a monitor’s potential benefits and costs.
This newest guidance further elaborates on the aspects of an effective compliance program. The guidance is organized around the three “fundamental questions” a prosecutor should ask in evaluating a corporate compliance program:
- Is the corporation’s compliance program well designed?
- Is the program being applied earnestly and in good faith?
- Does the corporation’s compliance program work?
The guidance dives deep into these fundamental questions, suggesting additional subtopics, questions, and checklists prosecutors might consider in each particular case.
Though the guidance is neither binding law on corporations nor a “rigid formula” that prosecutors must follow, it does reveal design and implementation elements that create a strong corporate compliance program in the eyes of DOJ.
In light of the updated guidance, corporate boards and individual officers alike would benefit from comparing their own compliance programs against the considerations outlined in the guidance and updating their programs as appropriate.
Among the highlights from the new guidance:
- The guidance focuses on compliance programs that are tailored to the particular risks of the business. In this respect, the guidance notes that the “starting point for a prosecutor’s evaluation” of a compliance program is to “understand the company’s business from a commercial perspective, how the company has identified, assessed, and defined its risk profile, and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.” This tailoring of risk—and devoting significant resources to high-risk areas—appears to be a focus for DOJ and should, likewise, be a focus for corporations.
- The guidance emphasizes that compliance programs should evidence a “culture of compliance.” In this respect, DOJ considers whether the compliance program is “accessible and applicable to all company employees” and incorporated into day-to-day operations. Tone at the top remains a key consideration, as the guidance recognizes that a “company’s top leaders – the board of directors and executives – set the tone for the rest of the company.”
- The guidance also focuses on establishing and utilizing a confidential reporting system for employees to voice concerns that, in turn, fosters a “workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistleblowers.” Having an anonymous reporting system is a necessary step for any compliance program.
- The guidance expects comprehensive compliance plans to involve due diligence of third-party partners and acquisition targets. While the focus on third-party partners may add more compliance pressure-testing for some corporations, it appears to be DOJ’s baseline expectation and no longer an aspirational goal.
- Finally, the guidance highlights the importance of effective implementation and evaluation measures. Put another way, is the compliance program a “paper program” or one “implemented, reviewed, and revised, as appropriate, in an effective manner?” Regular, rigorous, and consistent review of compliance programs is now the expectation.
Overall, this new guidance provides helpful insight into DOJ’s view of compliance issues and sets a high bar for corporations and officers. For companies operating in highly regulated industries, the guidance should be viewed as an important benchmark for their compliance efforts. As noted by Benczkowski in his announcement of the new guidance—and echoed by countless attorneys who represent corporate clients—an effective corporate compliance program can not only save a corporation from prosecution when criminal conduct transpires, but can also help stop criminal conduct from occurring in the first place.