On February 8th, 2017, the Fraud Section of the U.S. Department of Justice (DOJ) issued guidance entitled “Evaluation of Corporate Compliance Programs” (“Evaluation Guidance”).1 The Evaluation Guidance is the first formal document published as part of the DOJ’s new “Compliance Initiative” that commenced with the hiring of Hui Chen as the Fraud Section’s full-time compliance expert on November 3, 2015.2 The document provides valuable insight into the DOJ’s expectations for how corporate compliance programs should be implemented, enforced, and evaluated.
The Evaluation Guidance compiles instructive principles from several existing sources, including the “United States Attorneys’ Manual,” the “United States Sentencing Guidelines,” and “A Resource Guide to the U.S. Foreign Corrupt Practices Act.” While the Evaluation Guidance does not promulgate new standards or represent any change in the DOJ’s existing guidelines, it does provide a comprehensive, concise overview of the factors the Fraud Section finds relevant when evaluating corporate compliance programs upon a finding of misconduct. The document is comprised of sample questions which are organized into the following topics:
- Analysis and Remediation of Underlying Misconduct;
- Senior and Middle Management;
- Autonomy and Resources;
- Policies and Procedures;
- Operational Integration;
- Risk Assessment;
- Training and Communications;
- Confidential Reporting and Investigation;
- Incentives and Disciplinary Measures;
- Continuous Improvement, Periodic Testing and Review;
- Third Party Management; and
- Mergers and Acquisitions.
The Evaluation Guidance sends a clear message to corporate entities that merely having a compliance program will not be sufficient to mitigate corporate wrongdoing if an entity comes under the scrutiny of the DOJ’s Fraud Section. Rather, corporate compliance programs must be periodically tested, evaluated, and updated to ensure their effectiveness. While corporate entities should have autonomous and well-equipped compliance personnel, senior and middle management must be the driving force behind compliance efforts. It is incumbent upon management and those responsible for implementing the compliance program to have a full understanding of the corporation’s policies and procedures, including how they were designed, communicated to the workforce, and integrated into the corporation’s operations.
Another important topic highlighted in the Evaluation Guidance is how the company addresses corporate wrongdoing. Corporate entities should promulgate robust policies that describe how misconduct will be investigated and disciplined. Management and compliance personnel are expected to not only enforce those policies and disciplinary measures, but also engage in a thorough analysis of the misconduct to identify how it occurred. Finally, a corporation should implement remedial measures in order to improve the entity’s compliance program and reduce the risk of similar incidents in the future.
Compliance programs have always been a significant factor when corporate entities are investigated by the Fraud Section. The Evaluation Guidance is yet another reminder of the importance of going beyond the mere installation of a superficial compliance program and instead, ensuring the effective implementation of such programs throughout all levels of company operations. While the Evaluation Guidance is not meant to be a “checklist” or “formula,” it will be a helpful tool for corporations as they evaluate and revise their compliance programs.