On June 1, 2020, the Department of Justice (DOJ) published an updated version of its guidance for “Evaluation of Corporate Compliance Programs,” originally published in February 2017. The guidance is intended to assist federal prosecutors, but it also shines light on how corporate compliance teams should be organized.
The following are key actions corporate compliance teams should take as a result of the revised guidance.
- Companies must act to ensure compliance teams are adequately resourced and must make investments into compliance programs.
A compliance program must be “adequately resourced and empowered to function” effectively. Companies should invest in compliance by training and incentivize compliance management. Compliance officers should be given access to the management of a corporation or granted enough power to conduct investigations without interference. Prosecutors will look at the resources allocated and positions held by the compliance team to determine the earnest and good faith efforts of a corporation to be compliant.
- Compliance teams should be given access to appropriate data on a frequent basis instead of intermittent snapshots of data.
The new language encourages companies to ensure their programs are always receiving new information and not looking at a “snapshot.” Revisions to the guidance emphasize a theme of dynamic and changing data and analysis expected of compliance programs. These revisions complement the emphasis placed on the individualistic nature of each compliance program and the need to evaluate programs both at the time of an offense and also at the time of a charging decision.
- Compliance teams should stay abreast of industry and regional news, as well as consistently monitor how their internal risk assessments can be incorporated into their programs.
The guidance reveals teams are expected to incorporate “lessons learned” from their own risk assessments, misconduct within the company, as well as misconduct by companies in the same industry or region. Compliance teams need to ensure they stay abreast of relevant industry or regional news in order to adjust their programs accordingly.
- Companies should monitor third party vendors frequently and should incorporate newly-acquired M&A targets into their existing compliance program.
Companies should perform audits on newly-acquired targets. As the guidance acknowledges, full and complete compliance analysis and due diligence may not be completed before acquisition of a target, making post-acquisition compliance essential. Additionally, third party vendors should be monitored and reviewed frequently instead of only at the beginning of a relationship because the guidance notes that third party vendors increase compliance risk in many cases.
Heather Hatfield represents clients in corporate investigations, white-collar crime investigations and defense involving the Foreign Corrupt Practices Act (FCPA), complex contract disputes, oil and gas litigation ...
Blake Runions assists clients with broad range of business disputes and investigatory matters, including partnership disputes, internal investigations, and commercial litigation.
Prior to joining the Firm, Blake worked in the ...
Jamie Godsey represents public and private corporations, partnerships, and small companies on a broad range of complex business and commercial litigation. Her experience includes a wide variety of matters such as contractual ...
- DOJ Releases Rare FCPA Opinion Procedure
- Essentra Settlement Demonstrates Government Commitment to Compliance Framework
- DOJ Updates Corporate Compliance Evaluation Guidance
- Political Retribution in Bridgegate Cannot Sustain Federal Fraud Convictions in Kelly v. United States
- Key Considerations in the Timing of FCPA Violation Disclosures
- Ensuring Compliance During the COVID-19 Pandemic
- Former Alston S.A. Exec’s FCPA Conviction Overturned
- Astros Scandal Demonstrates Importance of Tone at the Top
- FCPA: 2019 Year-In-Review
- The Treasury Department Issues a Framework for OFAC Compliance