DOJ Updates Guidance on Compliance Programs 

​

■ ■ ■  June 15, 2020

​

On June 1, 2020, the U.S. Department of Justice ("DOJ") issued new updates to its Evaluation of Corporate Compliance Programs guidance ("New Guidance"). The original guidance was issued in February 2017, and this latest update clarifies and focuses on what new factors prosecutors should consider when evaluating the effectiveness of corporate compliance programs as a mitigating factor in charging decisions and dispositions. Compliance officers should use the New Guidance to update their existing compliance programs or to design new programs.

Fundamental Questions

The New Guidance focuses on three fundamental questions:

1. Is the corporation's compliance program well designed?

2. Is the program being applied earnestly and in good faith?

3. Does the corporation's compliance program work in practice?

 

Individualized Evaluation
The New Guidance recognizes that a prosecutor's goal is to make the compliance program evaluation more individualized and specific to the company under review. Specifically, they must assess a company's risk profile to make a "reasonable, individualized determination in each case that considers various factors including, but not limited to, the company's size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company's operations, that might impact its compliance program."
 
Evolving and Dynamic Program
According to the New Guidance, compliance programs are to be viewed as "a journey, not a destination." Prosecutors are asked to "endeavor to understand why the company has chosen to set up the compliance program the way that it has, and why and how the company's compliance program has evolved over time." They are also encouraged to analyze how and if the program has been modified based on lessons learned. These lessons learned should not be limited to experiences within the company but also based on lessons learned from "other companies operating in the same industry and/or geographical region." The New Guidance also recognizes that compliance programs must be dynamic and constantly revised, monitored, and assessed to address the current risks of the company and any anticipated compliance violations.
 
Adequate Resources
The New Guidance emphasizes the importance for compliance programs to have adequate resources. It is not enough to implement a program; the program must also be "adequately resourced and empowered to function" effectively.  It also reflects the need for companies to assign sufficient senior personnel to the compliance program, and for such personnel to be independent from management.
 
Risk Assessment
Compliance programs are expected to be "risk-tailored" to the various risks the company faces and should adapt based on changes to the company's business, risks and circumstances.  Under the New Guidance, prosecutors should ask whether the company conducts periodic risk assessments and whether they are based "snapshot-in-time or based upon continuous access to operational data and information across functions?" Further, prosecutors should determine whether "the company has a process for tracking and incorporating into its periodic risk assessment lessons learned."

 

Policies and Procedures
Accessibility of a company's policies and procedures is a key factor under the New Guidance. It asks whether the polices and procedures are "published in a searchable format" and whether they are "attracting more attention from employees." If so, prosecutors will want to know how the company is tracking that fact. Companies should also ask whether their periodic assessments of the compliance program have led to updates in their policies, procedures, and controls.

Training
The New Guidance prompts prosecutors to ask: "has the company evaluated the extent to which the training has an impact on employee behavior or operations?" They should also evaluate how well the company conveys the lessons learned to employees through training "in a manner tailored to the audience's size, sophistication, or subject-matter expertise." Prosecutors should also evaluate whether there is a process for employees to ask questions arising out of the trainings either online or in-person.
 
Reporting
An effective reporting mechanism or hotline for compliance programs is essential according to the New Guidance. Specifically, it asks whether the company "periodically test the effectiveness of the hotline-for example, by tracking a report from start to finish?" It also highlights the importance for companies to take measures to assess whether employees are aware of the hotline and feel comfortable using it. Lastly, the New Guidance focuses on the need for companies to promote the reporting hotlines not just to employees, but to third parties as well.
 
Third-Party Risk Management
The New Guidance places increased focus on third-party risk management. Prosecutors are expected to evaluate the "business rationale" for companies using third parties, and whether such arrangements are properly documented. Further, they must focus on whether companies engage in "ongoing monitoring of the third party relationship" throughout the "lifespan of their relationship" or only during due diligence for the onboarding process. 
 
Mergers and Acquisitions (M&A)
With respect to M&A, the New Guidance asks whether the company was able "to complete pre-acquisition due diligence and, if not, why not?" It also addresses the importance of "a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls." 
 
With record-setting fines being levied in the billions of dollars, coupled with the DOJ's increased resources, it is more critical than ever for companies to ensure they have effective compliance programs to mitigate the risks of violations. As reflected in the New Guidance, a cookie-cutter approach to compliance is destined to fail. MDO Partners encourages companies to establish risk-based, customized and dynamic compliance programs. Our attorneys and advisors have extensive government, in-house and large law firm compliance expertise to advise clients on all aspects of developing and improving compliance programs in various countries.

About MDO Partners
 
MDO Partners is a boutique law firm that focuses on Corporate, International, and Real Estate Law, as well as Global Compliance and Business Ethics. The firm is comprised of a solid team of attorneys and advisors with more than 100 years of combined experience who are committed to the business goals and best interests of their clients. The firm delivers value-added services of the highest caliber and serves as a trusted advisor to its clients with a practical and business-savvy approach.

​

If you have questions or comments regarding this Alert, please contact one of the attorney's or advisor's listed below.

 

Richard Montes de Oca

Managing Partner

305.704.8452

rmontes@mdopartners.com

​

Claudia Herbello

Associate Counsel

305.704.8456

cherbello@mdopartners.com