In February 2017 the Fraud Section of the United States Department of Justice (DOJ) published a list of ‘important topics and sample questions’ under the heading “Evaluation of Corporate Compliance Programs” on its official website. These topics and questions are provided by the DOJ as guidance for when an evaluation is done of a company’s corporate compliance program for purposes of a criminal investigation. This is the first formal guidance issued by the Fraud Section since the change in US Presidential Administration and confirmation of the new US Attorney General.

A criminal investigation by the DOJ usually triggers what is known as the Filip Factors. These factors are described in the US Attorney’s Manual under the section of “The Principles of Federal Prosecution of Business Organisations” in the United States as specific factors that prosecutors should consider when determining to bring charges and negotiating pleas or other agreements. One of the Filip Factors is the “existence and effectiveness of the corporation’s pre-existing compliance program” and the corporation’s remedial efforts to implement an effective corporate compliance program or to improve an existing one. The focus for these factors fall squarely on the corporation and its compliance program. In this formal guidance document the Fraud Section provides some important topics and sample questions that they have frequently found relevant in evaluating a corporate compliance program. It is emphasised that these topics and questions are neither a formula nor a checklist: the DOJ makes an individualised determination in each case.

This approach in the US is aligned with the UK approach where the UK Bribery Act, in s7, provides for a defence if a company can prove that it had in place ‘adequate procedures’ designed to prevent certain bribery actions from taking place. In both instances the focus falls on the proactive steps taken by the corporation to prevent the criminal actions taking place within the corporation. In the US, such actions are taken into consideration when prosecutors decide on ‘co-operation credits’ and in the UK it provides a complete defence to prosecution and, if the corporation discharges the onus of proving “adequate procedures” in place to prevent bribery, an acquittal follows.

A similar approach was adopted by the French legislature at the end of last year when French Law No. 2016-1691 of 9 December 2016, also known as Sapin II, was finally enacted. This new act strengthens the French anti-corruption armoury and constitutes a fresh and strong initiative to combat bribery and corruption. It creates an obligation on the representatives of companies to implement a compliance programme to detect and prevent corruption and ‘traffic d’influence’.

It also creates an anti-corruption agency, Agence Française Anti-corruption (AFA), which is an independent administrative authority with sanctions power that will monitor the effectiveness of the compliance program implemented by legal entities and to punish those in breach of the law. Whistle blowers are protected. Provision is also made for a type of deferred prosecution agreement (following the US lead) which can be entered into between the corporation and the prosecutor to avoid a criminal trial and sentence. A corporation must adopt a code of conduct, introduce a training program, create internal systems of alerts and exercise risk mapping, implement internal and external accounting controls plus a disciplinary regime and an assessment program to monitor the efficiency of the internal procedures.

It has also been noted that, in banking Anti-Money Laundering (AML) Index, the Basel Institute has been focussing on effectiveness as a yardstick: the AML Index is a tool now used by the Institute to risk rate countries for the effectiveness of their compliance programmes as opposed to technical compliance.

If one takes into account the shifting of compliance standards of the Financial Action Task Force (FATF) and the Basel Institute, and the proactive approaches adopted by the USA, UK and France, it is clear, that a proper compliance program is no longer a question of just clearing minimum compliance hurdles: there is a movement on both sides of the Atlantic to reward good corporate behaviour and to sanction the absence of effective compliance and crime prevention programs. Gone are the days when the compliance tick box list was merely given to one individual in the legal department as an item on a task list over, and slightly below, the normal legal issues and challenges.

Nowadays applicants in interviews for the position of Compliance Officer want to know upfront what the corporation’s compliance and corporate structure looks like and walk away if it seems absent or weak. The risks outweigh the salary.

As a result of a paradigm shift in corporate criminal liability on both sides of the Atlantic, the modern model for corporate compliance recognises compliance as a distinctly separate and responsible profession, quite separate from the legal department, in form and function with empowerment, independence and authority, never subservient, pliable or biased. It is already no longer sufficient for a compliance programme to pay lip-service to a series of tick boxes; compliance will have to be seen as part of the corporation’s business policies and processes to be regarded as effective.