The US Justice Department (DOJ) recently released updated guidelines intended to instruct prosecutors on how to evaluate corporate compliance programs. The recent revision to the DOJ’s guidance on corporate compliance places emphasis on the role of middle management and access to internal data as it broadens the scope for assessing a company’s policies and controls.
Since its release in 2017, compliance officers have used the guidance as an informal set of standards for developing compliance programs. Previous guidelines focused on how executives and board directors could best cultivate a company’s compliance culture. Building off that, the revised guidance adds emphasis to the role of middle managers in enforcing that tone and asks prosecutors to evaluate whether a compliance program is adequately resourced and empowered to function effectively.
DOJ’s Three Fundamental Questions For Evaluating Corporate Compliance Programs:
- Is the Corporation’s Compliance Program Well Designed?
- Risk Assessment, Policies and Procedure, Training and Communications, Confidential Reporting Structure and Investigation Process, Third Party Management, Mergers and Acquisitions (M&A)
- Is the Corporation’s Compliance Program Well Resourced and Empowered to Function Effectively?
- Commitment by Senior and Middle Management, Autonomy and Resources, Incentives and Disciplinary Measures
- Does the Corporation’s Compliance Program Work in Practice?
- Continuous Improvement, Periodic Testing, and Review, Investigation of Misconduct, Analysis and Remediation of Any Underlying Misconduct
This document ultimately assists prosecutors in determining the appropriate form of any resolution, monetary penalty, if any, and compliance obligations contained in any corporate criminal resolution.