DOJ Compliance Expectations Concerning Training, Internal Investigations and Audits (Part IV of IV)
DOJ’s Compliance Evaluation questions provide important indications of “new” trends and approaches to compliance functions and issues.
In the area of training, DOJ’s Compliance Evaluation reiterates DOJ’s concern that companies tailor their training programs to their specific risk profile. In the FCPA Guidance issued in 2012, DOJ explained that training programs should be tailored to specific audiences.
DOJ has refined this requirement to focus on training “employees in relevant control functions”? This refinement is more significant than first appears. An accounts payable employee serves in a “relevant control function” involving the payment of money to vendors and suppliers. An employee responsible for third party due diligence checks serves in a “relevant control function” responsible for third party risk management. The list continues with a large number of “relevant control parties.” Companies have to design a variety of training programs to address these specific risks and controls.
Companies have to ensure that they provide training in different languages, as needed, and they have to measure the overall effectiveness of their training programs. Similarly, companies have to make sure that employs can access guidance on legal and compliance issues.
Reporting Misconduct and Investigations
In a shot against legal and internal audit departments, DOJ’s Compliance Evaluation asks whether compliance has had full access to reporting and investigative information. Turf battles are often fought over these issues, and DOJ is clearly stating that the compliance function has to receive access to investigative information.
Companies often fall short on their internal investigation functions, failing to make sure they are conducted properly, fairly, independently, and consistently across the organization. DOJ’s questions reiterate the importance of meeting such standards when conducting internal investigations.
DOJ’s Compliance Evaluation reiterates the importance of sharing investigative findings with senior leadership, addressing compliance concerns raised by internal investigations and understanding senior management and supervisory lapses that may have occurred when investigating misconduct.
Discipline and Incentives
DOJ’s Compliance Evaluation requires careful evaluation of misconduct and accountability of managers and employees. In particular, DOJ emphasized the importance of disciplining supervisors for failures to exercise proper supervision. In this context, DOJ stated that it expects companies to keep track and weigh its overall disciplinary program to ensure consistent treatment and accountability for misconduct.
In addressing the discipline process, DOJ expects to see a broad range of functions (e.g. human resources, compliance, legal) involved in the review of discipline. In promoting the discipline and consequences functions, DOJ included questions concerning disclosure of disciplinary actions to communicate to managers and employees the importance of ethical conduct.
DOJ reiterated the importance of creating positive incentives for ethical behavior.
Interestingly, DOJ’s Compliance Evaluation includes a detailed set of questions concerning a company’s audit function. These questions show that DOJ is embracing a robust examination of the company’s audit function, in recognition of the growing importance of monitoring and auditing to the overall effectiveness of a company’s compliance program.
DOJ’s examination includes:
- The number and type of audits, especially in high-risk areas;
- The reporting of audit findings and remediation progress;
- The involvement of board and senior management in follow up to audit findings and remediation;
- The examination of potential misconduct and audit and testing of relevant controls, collection and analysis of compliance data and interviews of employees and third parties; and
- The testing of controls.
DOJ’s analysis suggests that it is focusing on an important relationship – compliance and auditing/monitoring. While companies often coordinate these functions, DOJ is expecting increased collaboration and focus on compliance controls and auditing.