The US Department of Justice - Criminal Division (“USDOJ”) announced(1) on April 30 the release of a new guidance document(2) on the evaluation of corporate compliance programs.

“Effective compliance programs play a critical role in preventing misconduct, facilitating investigations, and informing fair resolutions.”(1) - Assistant Attorney General Brian A. Benczkowski

Part I of the document discusses the elements of a “well-designed” compliance program and Part II discusses the features of what an effectively implemented compliance program looks like.

There are three overarching questions prosecutors will ask themselves, when evaluating the effectiveness of a compliance program, at the time of an offense and at the time of a charging decision(2,3):

• Is the program well designed?

• Is the program effectively implemented (or applied earnestly and in good faith)?

• Does the compliance program actually work in practice?

According to the USDOJ’s guidance, the elements of a “Well-Designed” Compliance Program include:

• Risk Assessment - “Prosecutors should consider whether the program is appropriately designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business” and “the manner in which the company’s compliance program has been tailored based on that risk assessment”

• Policies and Procedures - “Prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees” and “whether the company has established policies and procedures that incorporate the culture of compliance into it’s day-to-day operations.”

• Training and Communications - “Prosecutors should assess the steps taken by the company to ensure that policies and procedures have been integrated into the organization, including through periodic training and certification for all directors, officers, relevant employees, and where appropriate, agents and business partners.”

• Confidential Reporting Structure and Investigation Process - “Prosecutors should assess whether the company’s complaint-handling process includes pro-active measures to create a workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistleblowers” and “assess the company’s processes for handling investigations of such complaints…”

• Third-Party Management - “Prosecutors should also assess whether the company knows its third-party partners’ reputations and relationships, if any, with foreign officials, and the business rationale for needing the third party in the transaction” and “assess whether the company engaged in ongoing monitoring of the third-party relationships"…”

• M&A Due Diligence - “A well-designed compliance program should include comprehensive due diligence of any acquisition targets.”

“Today’s guidance document is part of our broader efforts in training, hiring, and enforcement to help promote corporate behaviors that benefit the American public and ensure that prosecutors evaluate the effectiveness of compliance in a rigorous and transparent manner.”(1) - Assistant Attorney General Brian A. Benczkowski

DOJ prosecutors are encouraged to review whether or not a compliance program is a “paper program” or one that has actually been “implemented” and is periodically reviewed and revised when appropriate. According to DOJ guidance some elements of an effectively implemented program include:

• Commitment by Senior and Middle Management

  • Does the company leadership demonstrate high level commitment to implement a culture of compliance?

• Autonomy and Resources

  • Is the program adequately resourced with sufficient personnel and funding?

  • Are compliance personnel in senior positions and do they have adequate autonomy?

• Incentives and Disciplinary Measures - “Prosecutors should assess whether the company has clear disciplinary procedures in place, enforces them consistently across the organization, and ensures that the procedures are commensurate with the violations.”

• Continuous Improvement, Periodic Testing, and Review - “Prosecutors should likewise look to whether a company has taken reasonable steps to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct.”

• Investigation of Misconduct

  • Is there a well-functioning and appropriately funded mechanism for the timely and thorough investigation of any allegations or suspicions of misconduct by the company, its employees, or agents?

• Analysis and Remediation of Any Underlying Misconduct - “Prosecutors should consider any remedial actions taken by the corporation…”

Contact GCSG Advisory and Audit Professionals today for assistance:

• In developing a Risk Profile for your business;

• Evaluating the effectiveness of your existing compliance program;

• Implementing a compliance program;

• Providing third-party due diligence; and

• Providing in-depth compliance audits to detect potential wrongdoing.

References

• (1) USDOJ News: “Criminal Division Announces Publication of Guidance on Evaluating Corporate Compliance Programs” - April 30, 2019

• (2) USDOJ Downloads: “Evaluation of Corporate Compliance Programs”

• (3) USDOJ Justice Manual: “9-28.000 - Principles of Federal Prosecution of Business Organizations”