Home – What You Need to Know about DOJ Guidance on Corporate Compliance Programs

What You Need to Know about DOJ Guidance on Corporate Compliance Programs

Posted on 03-22-2017 by Ulyana Androsova

 Many have wondered how the corporate compliance landscape might change with a new administration at 1600 Pennsylvania Avenue. After all, reducing regulation on Corporate America was a frequent talking point on the campaign trail. But the first Guidance issued by Attorney General Jeff Sessions and the U.S. Department of Justice (DOJ) Fraud Section suggests that the DOJ plans to stay the course when it comes evaluating corporate compliance programs. In fact, the Evaluation of Corporate Compliance Programs publication states that the topics covered also appear in myriad other official publications including the United States Attorney’s Manual, A Resource Guide to the U.S. Foreign Corrupt Practices Act, and the Organization for Economic Cooperation and Development (OECD) Anti-Corruption Ethics and Compliance Handbook for Business

 DOJ Clarifies Common Questions Used for Compliance Program Evaluations

Compliance professionals may not find anything earth-shattering in the Guidance, but as global law firm Jones Day points out, “The Guidance provides companies a useful roadmap the Fraud Section is likely to consider when assessing the effectiveness of corporate compliance programs and remedial efforts.”  In addition, the Guidance can help companies fine-tune their existing corporate compliance programs and compliance presentations for regulators.

 Before delving into details, the Guidance first notes that in lieu of a “rigid formula” for evaluating corporate compliance programs, the DOJ recognizes “that each company’s risk profile and solutions to reduce its risks warrant particularized evaluation.” It then goes on to offer greater transparency into questions that may come up during a compliance program evaluation. The questions are divided into 11 distinct sections:

  1. Analysis and Remediation of Underlying Conduct
  2. Senior and Middle Management
  3. Autonomy of Resources
  4. Policies and Procedures
  5. Risk Assessment
  6. Training and Communications
  7. Confidential Reporting and Investigation
  8. Incentives and Disciplinary Measures
  9. Continuous Improvement; Periodic Testing and Review
  10. Third-Party Management
  11. Mergers and Acquisitions

But in looking at these sections more closely, two themes are clear.   

Compliance Starts at the Top

The Guidance emphasizes that the CEO, board and other company leaders must cultivate an ethical culture throughout the organization. For example, one question asks, “How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question?” And as a recent FCPA blog post notes, this expectation doesn’t only apply to compliance matters; issues that impact a company’s reputation demand proactive leadership too. Commenting on the independent Board investigation of the 2014 data breach at Yahoo, Thomas Fox writes that it found, “… the CEO Marissa Mayer and ‘other senior executives failed to properly comprehend or investigate’ the data breach that involved the hacking of more than 500 million Yahoo user accounts.” Ultimately, senior leadership, corporate counsel and the security team all faced blame for failing to follow appropriate processes in the wake of the data breach.

Corporates Must Implement a Risk-Based Approach to Compliance

The Guidance suggests that regulators will ask, “What methodology has the company used to identify, analyze, and address the particular risks it faced?” In addition, DOJ investigators will look at the type of information or metrics used to support compliance programs. At a recent American Bar Association meeting, Acting Assistant Attorney General Kenneth A Blanco addresses a range of topics—from international cooperation on combatting fraud, bribery and corruption to the need for greater transparency into beneficial ownership. He also signaled that the one-year FCPA self-reporting pilot program would likely continue “in full force” while the program results are assessed. These remarks, hot on the heels of the release of the Evaluation of Corporate Compliance Programs publication, emphasize the importance of designing and implementing effective compliance programs with the help of flexible risk assessment, due diligence and monitoring solutions to help mitigate regulatory risk.

3 Ways to Apply This Information Now

  1. Check out other posts related to regulatory compliance on our blog.
  2. Read about nine critical components for your third-party due diligence checklist in our free guide to FCPA compliance.
  3. Share this blog on LinkedIn to keep the dialogue going with your colleagues and contacts.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close