DOJ Updates Guidance on the Evaluation of Corporate Compliance Programs
The Department of Justice-Criminal Division recently updated its internal guidance to federal prosecutors for evaluating corporate compliance programs. The DOJ does not promulgate a checklist or formula for evaluating such a program. Rather, in the criminal context, prosecutors are directed to evaluate, on a case by case basis, whether the program is well designed, is adequately resourced and empowered to work effectively, and works in practice.
Although there were no major substantive changes from the prior, 2019 version of the guidance, the key changes to the current version highlight DOJ’s continued focus on the importance of individualized risk-based compliance programs, and the fact that risks may change over time. The updated guidance encourages prosecutors to take the risk profile of a corporation, “including its size, industry, geographic footprint, regulatory landscape, and other factors,” into account when evaluating its compliance program.
The guidance includes:
- Corporate compliance programs should be designed comprehensively for “maximum effectiveness” in preventing wrongdoing by employees, and corporate management must enforce the program to prevent tacit encouragement of misconduct.
- Corporate compliance programs should be effectively implemented to avoid being merely “paper programs.” An effective compliance program includes “the company’s culture of compliance” and an “awareness among employees that any criminal conduct will not be tolerated.” Employees should be adequately informed of the compliance program and convinced of the corporation’s commitment to it.
- Corporate compliance programs should not reflect a point in time; rather, programs must be continually monitored and improved upon, taking into account internal and external data on operational effectiveness and best practices.
- Corporate compliance programs should identify misconduct timely to allow for remediation and self-reporting. This is a “strong indicator” that the program is effective. Compliance programs should also “evolve over time to address existing and changing compliance risks,” and organizations should “undertake adequate and honest root cause analysis to understand both what contributed to the misconduct and the degree of remediation needed to prevent similar events in the future.”
Whether federal prosecutors are conducting an investigation, prosecuting misconduct by a business organization, or determining an appropriate penalty or criminal fine, great consideration is given to whether the corporation had an adequately designed and effectively implemented program that timely identified misconduct.
Copyright © 2020 by Ballard Spahr LLP.
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.