Over the past few months, the Department of Justice (“DOJ”) has taken steps to clarify for companies how it will monitor the effectiveness of their compliance programs and how it will prosecute corporate misconduct. Most recently, the DOJ’s Criminal Division on April 30th published updated guidelines that describe how prosecutors will evaluate the adequacy and effectiveness of a corporation’s compliance program at the time an offense occurrs. The purpose of the guidelines, which build on previous guidance issued in 2017, is “to assist prosecutors in making informed decisions” as they consider the form of any resolution or prosecution, and whether to impose monetary penalties or compliance obligations, such as monitoring or reporting requirements.
While the DOJ emphasized that prosecutors must evaluate a company’s compliance program both within the context of a specific criminal investigation and with respect to the particular risks faced by an individual company, the guidelines identify three fundamental questions that prosecutors should consider when assessing a compliance program. The questions address whether the program is well designed, effectively implemented, and functioning well in practice. These three questions provide the framework within which prosecutors may consider additional topics in order to evaluatea company’s compliance program. For example, in considering whether a compliance program is well designed, prosecutors may look at how well a company has tailored its programs to reflect its actual risk profile, including whether a company devotes a disproportionate amount of attention to addressing low-risk areas. Prosecutors may also consider how well a company’s board and executive team demonstrate a high-level commitment to compliance when assessing whether a program has been implemented effectively. In remarks at a compliance conference that coincided with the release of the guidelines, Assistant Attorney General Brian A. Benczkowski emphasized that “the topics and questions are neither a checklist nor a formula” and expressed hope that the guidelines would “provide additional transparency in how we will analyze a company’s compliance program.”
Compliance professionals noted that, while not reflecting any significant changes to DOJ policy, the guidelines represent the most comprehensive guidance on the DOJ’s approach to compliance program evaluation. The 18-page document offers much greater detail about the elements of compliance programs that prosecutors will examine during the course of an evaluation, information that could benefit corporate compliance personnel in assessing their compliance programs. Some compliance experts, however, were critical of what the guidance omitted. Speaking to The Wall Street Journal, Gerry Zack, chief executive of the Society of Corporate Compliance and Ethics, expressed disappointment that the guidelines failed to include questions about how companies used the risks they identified to develop the controls implemented through their programs.
As Law360 observed, the guidelines will be used by the DOJ’s Criminal Division in its evaluation of cases involving violations of the Foreign Corrupt Practices Act (“FCPA”) and corporate fraud. While not binding upon district level prosecutors, most observers expect that these prosecutors will welcome the clarity offered by the guidelines.