Why it matters: On February 8, 2017, the DOJ released, to little fanfare, a new guidance document entitled "Evaluation of Corporate Compliance Programs." The stated purpose of the new guidance is to give corporations "some important topics and sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program." The DOJ said that the new guidance consists mainly of information pulled from a number of previously released government resources (e.g., the U.S. Attorney's Manual, the U.S. Sentencing Guidelines and the FCPA Resource Guide, to name a few), so the motivation behind it appears to be that corporations who are seeking not to be prosecuted pursuant to the internal DOJ guidance known as the "Filip" factors will have a list of questions they need to be prepared to answer before DOJ will consider offering a declination, deferred prosecution, or non-prosecution agreement.
Detailed discussion: On February 8, 2017, the Fraud Section of the DOJ's Criminal Division (Fraud Section) posted new guidance on the DOJ website entitled "Evaluation of Corporate Compliance Programs" (New Guidance). The Fraud Section's motivating factor in releasing the New Guidance appears to be one of transparency by accumulating into one document the "important topics and sample questions" typically raised by the Fraud Section in criminal investigations of a corporation's compliance program—which up until now could only be found in numerous previously-released and distinct government resources. Although titled "Evaluation of Corporate Compliance Programs," the questions go beyond compliance, focusing on the alleged criminal conduct as well.
Background—The Filip Factors
In the introductory paragraph of the New Guidance, the Fraud Section references the specific factors, commonly known as the "Filip Factors" (part of the "Principles of Federal Prosecution of Business Organizations" contained in the U.S. Attorney's Manual), that "prosecutors should consider in conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements." Relevant to the New Guidance, the Filip Factors include "'the existence and effectiveness of the corporation's pre-existing compliance program' and the corporation's remedial efforts 'to implement an effective corporate compliance program or to improve an existing one.'" The Fraud Section pointed out that, "[b]ecause a corporate compliance program must be evaluated in the specific context of a criminal investigation that triggers the application of the Filip Factors, the Fraud Section does not use any rigid formula to assess the effectiveness of corporate compliance programs" and must make an individualized determination on a case-by-case basis.
Why Do We Need the New Guidance?
The Fraud Section said that, even though an individual determination must be made in each case, "[t]here are … common questions that we may ask in making an individualized determination. This document provides some important topics and sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program." The Guidance noted that many of the topics and questions are found in other federal and international publications and are brought together in this document for convenience.
The Fraud Section cautioned, however, that the "topics and questions below form neither a checklist nor a formula. In any particular case, the topics and questions set forth below may not all be relevant, and others may be more salient given the particular facts at issue."
The New Guidance—"Sample Topics and Questions" for Evaluating Corporate Compliance Programs
The New Guidance is divided into the following 11 "Sample Topics and Questions" the Fraud Section will consider in evaluating the robustness and efficiency of corporate compliance programs in criminal investigations:
Analysis and Remediation of Underlying Misconduct: This topic focuses on the underlying corporate misconduct at the heart of the government's investigation and the corporation's historical efforts to address it. Enumerated questions to be considered fall under the headings "Root Cause Analysis," "Prior indications" and "Remediation."
Senior and Middle Management: The analysis here focuses on executive and board oversight at the corporation vis à vis compliance and is broken down into questions concerning "Conduct at the Top," "Shared Commitment" and "Oversight."
Autonomy and Resources: This section focuses on the corporate culture toward compliance and the importance it is given in terms of employee training and experience, etc. The line of inquiry here looks to "Compliance Role," Stature," and "Experience and Qualifications."
Policies and Procedures: This topic looks at the compliance program the corporation has in place, and the analysis is divided into two distinct parts. The first, "Design and Accessibility," focuses on questions relating to "Designing Compliance Policies and Procedures," "Applicable Policies and Procedures," "Gatekeepers" and "Accessibility." The second, "Operational Integration," investigates how the compliance policy is integrated into the policies and procedures of other departments of the corporation and is divided into questions concerning "Responsibility for Integration," "Controls," "Payment Systems," "Approval/Certification Process" and "Vendor Management."
Risk Assessment: The focus here is on risk assessment and management and the corporate systems and methodologies in place for detecting the type of misconduct being investigated. This line of inquiry looks to "Risk Management Process," "Information Gathering and Analysis" and "Manifested Risks."
Training and Communications: This topic goes deeper into the training given to employees and how the corporation communicates its expectations and positions regarding compliance, and is divided into questions concerning "Risk-Based Training," "Form/Content/Effectiveness of Training," "Communications about Misconduct" and "Availability of Guidance."
Confidential Reporting and Investigation: This line of inquiry focuses on how the corporation encourages employees to report incidences of misconduct (including assurances of confidentiality) and the mechanisms pursuant to which that information is collected and internally investigated. The questions here relate to "Effectiveness of the Reporting Mechanism," "Properly Scoped Investigation by Qualified Personnel" and "Response to Investigations."
Incentives and Disciplinary Measures: This topic focuses on how the corporation holds employees accountable for the misconduct and sets out questions relating to "Accountability," "Human Resources Process," "Consistent Application" and "Incentive System."
Continuous Improvement, Periodic Testing and Review: This topic looks to what the corporation does to ensure that its compliance program is continuously evolving to reflect present-day realities, with questions focused on methods for "Internal Audit," "Control Testing" and "Evolving Updates."
Third-Party Vendors: This section focuses on how the corporation deals with third-party management, with questions relating to "Risk-Based and Integrated Processes," "Appropriate Controls," "Management of Relationships" and "Real Actions and Consequences."
Mergers and Acquisitions (M&A): This line of inquiry focuses on the systems in place in the event the corporation acquires/merges with other companies and asks questions relating to "Due Diligence Process," "Integration in the M&A Process" and "Process Connecting Due Diligence to Implementation."