Justice Department updates how it will evaluate compliance programs
On April 30, the U.S. Department of Justice updated its guidance on evaluating corporate compliance programs. The DOJ’s Fraud Section first gave guidance back in February 2017, says the law firm Dechert in a client note. While the DOJ Guidance and the Update are aimed at guiding prosecutors, they’re a pretty decent way for companies to assess their own compliance programs. The Update also enables the DOJ to harmonize compliance guidance from various sources and “provid[e] additional context to the multifactor analysis of a company’s compliance program.” As a practical matter, say the Dechert authors, the Update is a step in the right direction, but it falls short of clearly stating how prosecutors (or companies) should prioritize among competing compliance objectives.
The DOJ has made a concerted effort in recent years to set clear standards for companies and prosecutors to follow. The most significant of these efforts came in the form of the DOJ Guidance, issued on February 8, 2017. The DOJ Guidance consists of a list of topics and questions the DOJ may consider when evaluating a corporate compliance program in the context of making a determination with respect to a company under criminal investigation. But although the DOJ Guidance made clear that a company should have a continuing commitment to compliance at all levels, it did not provide insight into how prosecutors would assess whether a company has demonstrated such commitment.
In a keynote address at a recent conference, Asst. Attorney General Brian A. Benczkowski announced the Update, explaining its purpose as of “provid[ing] additional transparency in how [the DOJ] will analyze a company’s compliance program.” The Update provides “additional transparency” through the inclusion of three questions:
- Is the corporation’s compliance program well designed?
- Is the program well implemented?
- Does the program work in practice?
The DOJ also addresses that raging controversy: Should the compliance function be separate from Legal? Does it answer the question? Sort of. Under the heading “Autonomy and Resources,” for example, the Update explains that the structure of a company’s compliance program is a “threshold matter” evaluated by prosecutors, and that “prosecutors should address the sufficiency of personnel and resources within the compliance function.” Specifically, the Update identifies three factors for consideration: “(1) sufficient authority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.”
You can find the DOJ’s full update here.