On April 30, 2019, the United States Department of Justice, Criminal Division (“DOJ”), released an updated version of its guidance on “Evaluation of Corporate Compliance Programs” (“Compliance Program Guidance”). This replaces the first version of this guidance, which was issued in February 2017 by the Fraud Section of the DOJ. In keeping with the prior version, the latest updates still contain a list of general questions for prosecutors to ask when assessing a company’s ethics and compliance program, rather than a formal rubric or checklist for compliance. The newly released version, however, goes further by providing more detail and concrete explanations for what prosecutors expect effective compliance programs to entail. U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (Apr. 30, 2019).
During a speech at the Ethics and Compliance Initiative conference on the day the new Compliance Program Guidance was released, Assistant Attorney General Brian A. Benczkowski explained that its purpose was to “better harmonize the prior Fraud Section publication with other Department guidance and legal standards” as well as to “provide additional transparency in how [DOJ] will analyze a company’s compliance program.” The Guidance centers around three key questions:
- “Is the corporation’s compliance program well designed?”
- “Is the program being applied earnestly and in good faith?”
- “Does the corporation’s compliance program work in practice?”
For each of these questions, the DOJ outlines key areas on which prosecutors should focus and provides general standards and specific factors that should be considered. Notably, one of the main topics in the program design section of the Compliance Program Guidance concerns Third Party Management. And the section on “Analysis and Remediation of Any Underlying Misconduct” essentially provides a basic outline of measures companies seeking to obtain the remediation credit in a settlement agreement should take, including conducting a root cause analysis, identifying control failures, and holding individuals accountable through disciplinary actions and termination.
Benczkowski emphasized that prosecutors should examine a “company’s compliance program and culture” based on its individual risk profile and unique circumstances, rather than applying any “rigid formula” to assess the effectiveness of corporate compliance programs. And while certainly a welcome message, the result is that the Compliance Program Guidance can only be so specific; every company will have to make company-specific choices about what is appropriate, and compliance programs will continue to receive the most DOJ scrutiny only in hindsight, after a violation has been identified.
The new Compliance Program Guidance does not represent a major substantive shift for the DOJ, but the increased detail is consistent with several other recent efforts by the DOJ to refine its enforcement policies and guidance, including its updates to the Policy on Corporate Monitors in October 2018, and the release of the new Policy on Coordination of Corporate Resolution Penalties in May 2018.