The Criminal Division’s Fraud Section of the Department of Justice (“DOJ”) published an “Evaluation of Corporate Compliance Programs” (the “Compliance Manual”) which offers guidance on the common questions contemplated by the agency when making determinations of corporate liability. My primary take away is that the Compliance Manual puts management on notice that the company will now be held to a higher standard regarding the details of its compliance program.
The Compliance Manual is based on both international and domestic sources, including the U.S. Attorney’s Manual, the U.S. Sentencing Guidelines, the Organization for Economic Co-operation and Development Council’s (“OECD”) best practices handbooks for compliance and anti-corruption, and the SEC’s Foreign Corrupt Practices Act Guide. It is divided into eleven sections, further broken down into various sample topics and questions the DOJ may consider when evaluating a corporate compliance program.
Comments here won’t replace your review of the document, but we did notice a few common themes. They are: the significance of effective leadership; robust employee training; thorough risk assessment; flexibility and continuous improvement of compliance programs; and maintenance of efficient, comprehensive reporting mechanisms as means of remediation.
For example, leaders must take “specific action” to “demonstrate their commitment” to compliance and remediation. Leaders must also document what type of compliance expertise has been available to the board of directors, how information is communicated with employees, and what type of oversight senior management has over operations. Regarding training, the government will inquire as to the form, content, effectiveness of training, and the availability of resources for compliance-related questions. Questions regarding risk assessment include what metrics were used to evaluate potential risk, and how often a company updates its risk assessment mechanisms and compliance policies, along with how often internal audits of high-risk areas are conducted. The government will even inquire whether enough funding and resources have been allocated to compliance and risk assessment and whether compliance officers have direct reporting lines to the board of directors. Bottom line: review your compliance programs and make sure you’ve got adequate documentation based on these new recommendations. It’s possible that your compliance program may need additional time and attention.