In an unusual move, the Justice Department issued an important document in the dead of night – Evaluation of Corporate Compliance Programs. (Available Here).

We have no explanation from the Justice Department for the issuance of this document.   I can speculate but I suspect there was a personnel issue that explained why the issue was released without notice nor explanation. Whatever the reason, the document itself collects a number of recent trends, provides relevant questions surrounding the trends, and confirms the importance of the explained trends. To those who brushed aside the importance of the compliance document, they ignore the implications of any statement made by DOJ prosecutors in day-to-day interactions, negotiations and enforcement matters.

Aside from the overall analysis of the document, the checklist or question format provides an important tool for companies to use in assessing their own compliance programs. It is not the only tool available, not the most important tool, but it is one exercise among many that provides important insights and analysis.

It is important to review the document and point out important notes, questions and trends. The formulation and the collection of questions gives compliance practitioners another source to develop effective tools, benchmarks and frameworks for analysis.

In this four-part series, I want to take some time to review the topics and questions and point out trends and new areas for focus and attention. Compliance practitioners should review the document carefully, address the issues that are identified, and seek increased internal support based on this new and important document.

At the outset, I would urge every chief compliance officer to provide a copy of the document to the board members, audit/compliance committee members, and make sure there is adequate discussion of the evaluation document. This is a board-worthy document and should be given to each board member for review and analysis. A board that is educated on the importance of a compliance program should understand the questions, the relevance of each, and the need to identify potential issues for analysis and discussion with the CCO. A board has to take the time to learn and understand how a compliance program operates, how to conduct oversight and how to monitor the compliance program. This checklist gives the board a valuable tool to do so.

The Compliance Evaluation lists eleven separate topics for review.  Over this four-part series, I will review these topics (except for mergers and acquisitions)

Analysis and Remediation of Underlying Misconduct

The first question is relevant in those circumstances when the company is responding to misconduct that results in a government investigation. However, I think the questions asked provide important insights when a company suffers misconduct that does not result in a government investigation.

Companies often face situations where they discover misconduct, impose discipline and remediate the problems discovered and then move on. This happens more often that misconduct resulting in a government disclosure or a government investigation. In either case, the questions are certainly relevant.

The questions appear to be fairly basic but depending on the circumstances can be deadly accurate in pointing out compliance deficiencies. A “root cause” can implicate not only employee misconduct or failure to exercise proper oversight, but can extend to such issues as a company’s culture, tone-at-the-top and other issues with significant implications for the company’s operations. It is too easy to blame a rogue employee, a concept that has neither relevance nor significance to legal and compliance practitioners who understand how compliance programs work.

Senior and Middle Management

DOJ’s questions, as written, provide some important clues as to how it assesses tone at the top. These clues are not surprising and only underscore repeated admonitions from compliance professionals.

A CEO and senior leaders are judged not just by their words but by their “actions.” A company that relies on its recorded statements by a CEO indicating the company’s commitment to compliance falls short in its tone by failing to demonstrate through his or her “actions” how they lead a compliance program.

A second interesting issue revealed by the questions is how a company monitors the conduct of its CEO and senior leadership team. A company has to assess the risks that its C-Suite creates and tailor its compliance program to address these risks. DOJ’s questions in this area suggest that this is a critical part of an effective ethics and compliance program.

The questions relating to Shared Commitment reflect DOJ’s focus on how companies “operationalize” their compliance program. DOJ recognizes that a compliance program is dependent on the cooperation and coordination among key functions (e.g. legal, finance, audit, human resources) and this inquiry is designed to focus attention on the coordination of key functions to a common objective – promoting ethics and compliance.

Finally, this area of questions highlights an important trend – the existence of compliance expertise on a corporate board. In recent years, corporate governance expert have been highlighting the need for corporate boards to bring compliance expertise to the board. It is a much-needed requirement, and DOJ’s question is designed to reinforce this need.

In the same area, DOJ made sure to remind everyone that CCOs need to have adequate time to report to the board or the supervising committee, and must have a private or executive sessions where they can discuss compliance issues with the board or committee members.