On Feb. 8, the Fraud Section of the Department of Justice (DOJ) publicized new guidance, titled “Evaluation of Corporate Compliance Programs.” The guidance sets forth sample questions prosecutors may ask when evaluating a company’s compliance program in the context of a criminal investigation. This document is the latest direction released under the Fraud Section’s “compliance initiative,” which began when the Fraud Section hired Hui Chen as a full-time compliance expert in November 2015. This guidance provides insights into how the DOJ will assess the effectiveness of a company’s overall compliance program, with a specific focus on how the program will be viewed in the context of the underlying misconduct identified.

Under the United States Attorney’s manual, federal prosecutors are counseled to consider several principles when investigating and deciding whether to charge corporate entities. These factors, commonly known as the “Filip Factors,” include two that focus on a company’s compliance program: (1) “the existence and effectiveness of the corporation’s pre-existing compliance program” and (2) the company’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.” The intent of the new Fraud Section guidance is to provide more specific examples of how federal prosecutors will probe a company’s compliance program under these factors in the process of investigating and resolving an enforcement matter.

The questions set forth in the new guidance reveal a broad-based “pressure testing” of a company’s compliance program as part of the DOJ’s investigative process. The questions are organized under 11 general topics and reflect distilled guidance from a variety of sources, including the United States Sentencing Guidelines, the DOJ and Securities and Exchange Commission’s November 2012 Foreign Corrupt Practices Act guide, the Fraud Section corporate resolution agreements and, perhaps reflecting an emphasis on global standards, guidance from the Organization for Economic Cooperation and Development. For each topic, the questions posed are designed to look behind a company’s paper program and evaluate how the program has been implemented, updated and enforced in practice.

In a more narrow sense, the document reaffirms that the DOJ expects a company to go beyond just remediation of the specific issue identified and requires a broader evaluation of the issue in the context of the company’s overall compliance program. In particular, prosecutors will evaluate the compliance program in light of the identified misconduct as well as the implications of the misconduct on the “big picture” compliance environment, including, for example, whether adequate resources are devoted to compliance, how management reinforces compliance and whether the company’s board of directors has appropriate oversight of the program.

Because it provides general insight into the government’s expectations of how a corporate compliance program should operate in practice, the guidance has broader utility, however, even for companies that do not have an identified problem. The document makes clear that it is not enough to have strong written policies and procedures; a company must also demonstrate that the program has been effectively put into practice, is subject to continuous improvement and is enforced through appropriate incentives and disciplinary measures. Companies should review the guidance and evaluate their compliance programs in light of the questions posed to ensure that they are prepared before a problem arises.

The document contains probing questions regarding the following 11 topics:

  1. Analysis and Remediation of Underlying Conduct
  2. Senior and Middle Management
  3. Autonomy of Resources
  4. Policies and Procedures
  5. Risk Assessment
  6. Training and Communications
  7. Confidential Reporting and Investigation
  8. Incentives and Disciplinary Measures
  9. Continuous Improvement, Periodic Testing and Review
  10. Third-Party Management
  11. Mergers and Acquisitions