This week, the Fraud Section of the Criminal Division of the Department of Justice published a memorandum that provides new guidance to companies regarding the hallmarks of effective compliance programs. The memorandum, entitled "Evaluation of Corporate Compliance Programs," raises specific questions that prosecutors will examine when evaluating compliance in the context of corporate investigations.
The guidance memorandum expressly affirms the vitality of the compliance benchmarks set forth in a 2008 memorandum by then-Deputy Attorney General Mark Filip, "Principles of Federal Prosecution of Business Organizations" (the Filip Memo). The new guidance memo and the continuing role of Hui Chen as a dedicated compliance expert assigned to the Fraud Section strongly suggest an emphasis on continuity in the department's approach to corporate compliance.
The Filip Memo and Consideration of a Corporate Compliance Function
While the Fraud Section has long considered the effectiveness of compliance programs in deciding whether to prosecute a corporation, the Filip Memo was the department's initial attempt to formalize criteria for examination. The factors set forth in the Filip Memo instructed prosecutors to focus on broad benchmarks of effective compliance, such as adequate funding and staffing, proper employee training and direct reporting lines between compliance officers and the board of directors.
The Filip Memo was subsequently incorporated into the United States Attorneys' Manual. Later publications by the Department of Justice, including the 2012 FCPA Resource Guide, suggested best practices for specific compliance "hot spots," such as employee education, anticorruption due diligence in mergers and acquisitions, and interaction with third-party intermediaries. These various iterations all suggest that the department will closely scrutinize a corporation's approach to compliance with applicable laws and regulations in evaluating potential enforcement action.
The Latest Guidance from the Fraud Section
This week's memorandum provides corporations with additional clarity about the compliance expectations of the Fraud Section and provides useful measuring sticks the department will use in reviewing a compliance program. Unlike previous publications that focused on benchmarks and best practices, this week's memorandum integrates prior guidance into a relatively comprehensive set of questions that prosecutors may ask during an investigation. The questions are broken down into 11 categories:
- Analysis and Remediation of Underlying Misconduct
- Senior and Middle Management
- Autonomy and Resources
- Policies and Procedures
- Risk Assessment
- Training and Communications
- Confidential Reporting and Investigation
- Incentives and Disciplinary Measures
- Continuous Improvement, Periodic Testing and Review
- Third-Party Management
- Mergers and Acquisitions
Each category contains a set of questions, focused on a particular aspect of compliance. For example, when examining the role of "senior and middle management," prosecutors may review whether officers and managers have established a compelling tone at the top about the importance of compliance, and ask what "concrete actions" have been taken to demonstrate compliance leadership and oversight.
It is important to note that the Department of Justice expressly rejects any interpretation of the memorandum as a "checklist" for effective compliance. The memorandum also stipulates that compliance "must be evaluated in the specific context of a criminal investigation that triggers the Filip Factors," and notes that the department will make an "individualized determination" of the efficacy of corporate compliance in each case.
The memorandum provides a unique opportunity for corporations to review their existing compliance program and reinforces the need to affirmatively develop, staff, fund and enforce a vigorous risk-based compliance function. Compliance should be emphasized by senior management, and overseen by the board of directors. Corporations should endeavor to have written policies and procedures for identifying and addressing compliance risks and provide employees with regular training in these procedures. Reports of misconduct should be investigated thoroughly, and corporations should pursue aggressive remediation efforts to address systemic weaknesses. Finally, corporations are strongly advised to conduct thorough due diligence when pursuing a merger or acquisition, and carefully vet third-party intermediaries, particularly in high-risk markets. These lessons, already well understood by seasoned compliance professionals, are even more important in the wake of the newly released guidance from DOJ.