On February 8, 2017, the Criminal Fraud Section of the Department of Justice published a document titled “Evaluation of Corporate Compliance Programs,” providing guidance on how the DOJ evaluates the effectiveness of a corporate compliance program during the course of a criminal investigation. The guidance, which is not targeted to a particular industry, should be considered essential reading not only for companies working through investigations, but also those engaged in the ongoing process of refining their corporate compliance programs.

The “Principles of Federal Prosecution of Business Organizations” section of the United States Attorneys’ Manual sets forth a list of 10 factors that prosecutors are supposed to consider when investigating a corporate entity. These factors, known as the “Filip Factors,” include assessing the effectiveness of the corporation’s existing compliance program, as well as looking at the corporation’s remedial efforts to implement or improve the compliance program. In a criminal investigation, the DOJ conducts particularized evaluations of corporate compliance programs and considers the information when deciding whether to bring charges against a corporate entity or negotiating a plea or other agreement with the entity.

Since the release of the Filip Factors, corporations and their audit and legal teams have attempted to ascertain what information the DOJ takes into consideration when assessing the effectiveness of a compliance program. This new guidance provides the public with “important topics and sample questions” that the Fraud Section has deemed to be especially relevant when conducting these evaluations.

The guidance is separated into 11 sections:

  1. Analysis and Remediation of Underlying Misconduct
  2. Senior and Middle Management
  3. Autonomy and Resources
  4. Policies and Procedures
  5. Risk Assessment
  6. Training and Communications
  7. Confidential Reporting and Investigation
  8. Incentives and Disciplinary Measures
  9. Continuous Improvement, Periodic Testing and Review
  10. Third Party Management
  11. Mergers and Acquisitions

Within each topic are several sample questions corporations should expect to be asked during the course of an investigation. While many of the issues raised in the document have been drawn from existing guidance, the Evaluation of Corporate Compliance Programs gives additional detail and transparency on the assessment process.

Prosecutors will consider the policies and procedures that comprise the compliance program, including the design, accessibility, and operational integration of these policies and procedures. In addition, the DOJ evaluates the processes used to review the compliance program, whether an effort is made to encourage compliance, and the internal structure of the corporation to determine the effectiveness of the compliance program.

Although the guidance highlights the importance of having appropriate policies and procedures in place, many of the topics and questions set forth in the document emphasize the corporation’s response to apparent misconduct. Questions regarding the corporation’s remediation efforts, the types of incentives and disciplinary measures used, and the extent of the corporation’s internal investigation into the root cause of the misconduct and the reasons it was not prevented are all likely to be assessed.

Moreover, many topics include questions pertaining specifically to the entity’s compliance personnel. The DOJ is likely to evaluate the training provided to compliance personnel, what steps a corporation has taken to ensure the autonomy and empowerment of compliance personnel, as well as how the corporation reacts when a compliance officer raises a concern.

The guidance also includes questions that highlight the varied risks related to matters involving third-party contractors and matters involving acquisitions. In the event that misconduct is discovered after a merger or during the course of a relationship with a third party, the corporation must be able to demonstrate that it conducted an appropriate level of due diligence and exercised adequate oversight.

Because “each company’s risk profile and solutions to reduce its risks warrant particularized evaluation,” the topics and questions included in the Evaluation of Corporate Compliance Programs guidance are not intended to be an exhaustive list of what the DOJ considers when scrutinizing a compliance program. Nevertheless, while it should not be viewed as a checklist or an exact formula, this new guidance provides helpful insight into what the Criminal Fraud Section focuses on during an investigation, and addresses many issues that are applicable to nearly all compliance programs. More importantly, corporations may rely on this document as an indicator of the types of policies and components that should be incorporated into their compliance programs in order to avoid compliance issues in the future.