On June 1, 2020, the Department of Justice (DOJ) published an updated version of its guidance for “Evaluation of Corporate Compliance Programs,” originally published in February 2017. The guidance is intended to assist federal prosecutors, but it also shines light on how corporate compliance teams should be organized.
The following are key actions corporate compliance teams should take as a result of the revised guidance.
- Companies must act to ensure compliance teams are adequately resourced and must make investments into compliance programs.
A compliance program must be “adequately resourced and empowered to function” effectively. Companies should invest in compliance by training and incentivize compliance management. Compliance officers should be given access to the management of a corporation or granted enough power to conduct investigations without interference. Prosecutors will look at the resources allocated and positions held by the compliance team to determine the earnest and good faith efforts of a corporation to be compliant.
- Compliance teams should be given access to appropriate data on a frequent basis instead of intermittent snapshots of data.
The new language encourages companies to ensure their programs are always receiving new information and not looking at a “snapshot.” Revisions to the guidance emphasize a theme of dynamic and changing data and analysis expected of compliance programs. These revisions complement the emphasis placed on the individualistic nature of each compliance program and the need to evaluate programs both at the time of an offense and also at the time of a charging decision.
- Compliance teams should stay abreast of industry and regional news, as well as consistently monitor how their internal risk assessments can be incorporated into their programs.
The guidance reveals teams are expected to incorporate “lessons learned” from their own risk assessments, misconduct within the company, as well as misconduct by companies in the same industry or region. Compliance teams need to ensure they stay abreast of relevant industry or regional news in order to adjust their programs accordingly.
- Companies should monitor third party vendors frequently and should incorporate newly-acquired M&A targets into their existing compliance program.
Companies should perform audits on newly-acquired targets. As the guidance acknowledges, full and complete compliance analysis and due diligence may not be completed before acquisition of a target, making post-acquisition compliance essential. Additionally, third party vendors should be monitored and reviewed frequently instead of only at the beginning of a relationship because the guidance notes that third party vendors increase compliance risk in many cases.
Heather Hatfield represents clients in corporate investigations, white-collar crime investigations and defense involving the Foreign Corrupt Practices Act (FCPA), complex contract disputes, oil and gas litigation ...
Blake Runions assists clients with broad range of business disputes and investigatory matters, including partnership disputes, internal investigations, and commercial litigation.
Prior to joining the Firm, Blake worked in the ...
Jamie Godsey represents public and private corporations, partnerships, and small companies on a broad range of complex business and commercial litigation. Her experience includes a wide variety of matters such as contractual ...
- Best Practices to Prevent Internal Fraud and Embezzlement
- Cybersecurity Best Practices: Disclosure Requirements for Risk Management, Strategy, and Governance
- Cybersecurity Risk Management Practices for Small and Midsize Businesses
- Overview of New Cybersecurity Disclosure Rules for Public Companies
- Increased Focus on Cybersecurity Warrants Review of Policies and Procedures
- DOJ Issues Expedited FCPA Opinion Procedure
- Companies Must Review Compliance Policies Following New Sanctions of Russian Financial Institutions and Individuals
- Anti-Corruption Enforcement: 2021 Year-In-Review
- Credit Suisse Settlement Carries Broader Lessons about Reputational Risk
- World’s Largest Advertising Group Settles with SEC for $19.2 Million After Ignoring Red Flags
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019