U.S. Department of Justice Releases Three “Fundamental” Questions to Evaluate Corporate Compliance Programs

U.S. Department of Justice Releases Three “Fundamental” Questions to Evaluate Corporate Compliance Programs

The U.S. Department of Justice (DOJ) has updated its guidance to assist prosecutors in conducting corporate compliance investigations. The guidance will be used to determine whether charges should be brought against corporations found to have violated regulations, and in the negotiation of plea deals and other arrangements.

Prosecutors are asked to evaluate the efficacy of a corporation’s compliance program at the time of an offense, and at the time that charges are laid or a resolution is found. This will be weighed in consideration of outcome, severity of monetary penalty (if applicable) and compliance obligations contained in any corporate criminal resolution (such as monitoring or reporting obligations).

The DOJ notes that corporations will have varied needs and, as such, each evaluation must be specific to the corporation in question. While no rigid formula will be provided, DOJ guidance encourages prosecutors to ask three “fundamental” questions:

  1. Is the corporation’s compliance program well-designed?
  2. Is the program being applied earnestly and in good faith?
  3. Does the corporation’s compliance program work?

Read Assent’s guidance on the DOJ’s instructions to prosecutors, and enhance your compliance program. Download the guide here.

Is the Corporation’s Compliance Program Well-Designed?

A corporate compliance program should be comprehensive, addressing all the requirements mandated by regulations. Businesses should identify and assess their risk levels, and devote appropriate scrutiny in their programs to these risks.

Prosecutors are advised to consider whether a compliance program is “designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business.” As such, it’s important that a corporation understands the risks presented by regulations. Conducting risk assessment analysis and establishing due diligence programs are an important part of a well-designed compliance program.

Is the Program Being Applied Earnestly & in Good Faith?

The next step involves implementation. A business should ensure its program is well-integrated into its operations and workforce, as prosecutors will look to determine whether the program is implemented, reviewed and appropriately revised in an effective manner. They will also examine whether a company’s employees are adequately informed about the program, making corporate buy-in and effective tailored training a pillar of any program evaluation.

One possible method of evaluation for this question is the structure of a program. Prosecutors may address the sufficiency of the personnel and resources allocated to the program, in particular whether:

  • Personnel managing compliance have sufficient seniority within the organization.
  • Staff have the resources to undertake required auditing, documentation and analysis.
  • The program has sufficient autonomy from management.

Does the Corporation’s Compliance Program Work in Practice?

Prosecutors will judge the efficacy of a corporation’s compliance program at the time of offense and at the time that charges are laid. The DOJ guidance on this line of investigation has made clear that the existence of an offense does not itself mean a compliance program was faulty, and prosecutors will instead consider how or if misconduct was detected, what resources were in place to investigate the misconduct and the thoroughness of the company’s remedial efforts.

A program’s evolution since the misconduct was committed will be a factor in sentencing. Prosecutors will evaluate whether the company initiated an adequate root cause analysis to understand what contributed to the misconduct, and the degree of remediation implemented to prevent a recurrence.

The ability to improve and review a corporate compliance program is a key indicator of its efficacy. A program made to scale with the growth of a company will address many potential concerns of prosecutors in the event of misconduct. Proactive measures such as internal audits, control testing, program updates, and an overall culture of compliance will be mitigating factors in potential enforcement.

If a program has been deemed effective or significantly improved since the time of misconduct, a corporation may receive a remediation credit or lower applicable fine range under DOJ sentencing guidelines, and will be more likely to avoid non-compliance penalties in the future.

The industry leading Assent Compliance Platform enables the automated collection, validation, and management of supply chain data to support more robust compliance programs. For more information about our supply chain data management solution, contact us at info@assentcompliance.com.