DOJ’s Compliance Program Evaluation Guidance
The Justice Department’s recent guidance on compliance programs, consisting of 110 separate questions, organized around specific compliance topics, has raised a number of interesting procedural and substantive issues.
From an enforcement standpoint, how will DOJ prosecutors use the questions in negotiating FCPA enforcement settlements? The possible weight given to the factors will vary depending on a number of factors, including the nature and scope of the violations, the size and geographic footprint of the company, and the weight eventually given to the individual questions.
We all know that compliance is not an exact science. But at the same time, we know what looks and smells like an effective compliance program and a compliance program that falls short. As prosecutors apply these questions to weigh how a company responds and remediates its compliance program to prevent future violations, prosecutors have to take great care to avoid narrow solutions to broad problems. To put it another way, DOJ prosecutors should encourage companies to design and implement compliance solutions that are tailored to the company’s individual circumstances without imposing knee-jerk or standard solutions.
In the process, DOJ prosecutors have to encourage companies to develop their own unique solutions that reflect their own corporate culture, and that appear to be designed in furtherance of companies’ compliance programs. On the other hand, this flexibility should not be an excuse for allowing companies to avoid adequate remediation by improving culture, implementing improved controls, and making a sustained effort to enhance its compliance program.
At the same time, DOJ prosecutors have to provide additional guidance on exactly how the questions will be used, how the weight given to various questions will be scored, and how much companies are expected to do under this new and robust compliance evaluation. There is not question that DOJ has raised the bar on compliance programs. DOJ’s strategy is to encourage companies to improve their compliance programs and this action will do just that – companies should respond to the new guidance by evaluating their programs under this new set of questions.
Compliance officers have even more reason to meet and discuss the issues raised by this new evaluation tool with senior management and the board. To the extent that companies fall short, CCOs have to inform the Audit/Compliance Committee and senior management that the company needs to undertake a new effort with additional resources to implement an effective compliance program.
To be sure, a new self-evaluation and remediation effort is needed. If companies ignore the import of DOJ’s new guidance, they are only increasing the risk of an enforcement action and a more severe resolution than would otherwise occur.
CCOs, however, have to avoid what I call the Chicken Little strategy – it does not serve anyone’s interest to speak about the new compliance program standards by instilling fear in the board or senior management. To the contrary, DOJ’s new compliance standards should encourage companies to enhance their compliance programs as a means to improve corporate culture, develop long-term sustainable growth, improve financial performance, and avoid significant enforcement and legal risks.