DOJ Revises its Corporate Compliance Guidance (Part I of II)
If anyone thought that DOJ was planning to relax its expectations regarding corporate compliance programs, forget it – DOJ has removed all doubt. In an announcement on Monday, June 1, 2020, DOJ released revised guidance, Evaluation of Corporate Compliance Programs, June 2020.
DOJ issued the new guidance to reflect its own experiences and feedback from the compliance and business community. According to Assistant Attorney General Benczkowski, “[a]lthough much of the substance of the prior version remains unchanged, the updates we have made are in keeping with our continued efforts as prosecutors to improve our own policies and practices to ensure transparency and the effective and consistent enforcement of our laws.”
The revised version of the Guidance is available HERE.
DOJ’s Guidance has been an important source of compliance guidance and reflects current expectations and standards prosecutors use when evaluating a compliance program during an investigation. It is an important factor that prosecutors weigh when resolving an enforcement action and can support corporate requests for leniency.
The revised provisions address a number of important issues:
Individualized Assessment and Evaluation Timing: DOJ’s Guidance elaborates on the importance of an individualized assessment of each program, requiring prosecutors to make a “reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program.”
DOJ also added language to confirm that evaluation of a company’s compliance program shall be conducted in relation to the time of the offense and at the time of resolution of the enforcement action.
Compliance Program Resources and Empowerment: In another important change, DOJ’s Guidance revises question two of the three framework questions, which is italicized below:
- Is the corporation’s compliance program well designed?
- Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
- Does the corporation’s compliance program work in practice?
DOJ’s revision to Question 2 is a significant change and reflects a continuing concern. DOJ has observed that companies are failing to assign adequate resources, personnel and resources, to their compliance programs.
In addition, the revised language also responds to DOJ concerns that compliance officers do not have adequate authority to stop a problematic transaction or activity. In a number of specific enforcement actions, DOJ has noted that compliance officers and in-house lawyers were not able to stop troublesome transactions and their objections were often ignored by senior management committed to a business deal.
Risk Assessment: DOJ’s revised Guidance add clarifying language instructing prosecutors to “understand why the company has chosen to set up the compliance program the way that it has, and why and how the company’s compliance program has evolved over time.”
The new language underscores the need for businesses to document the reasons for its compliance program design and implementation strategies.
In an important new issue, DOJ has revised the Guidance in several provisions underscoring the importance of continuous change and evolution of the company’s compliance program in response to new information and risk assessments. DOJ is seeking to reinforce the importance of ongoing monitoring of a compliance program, revision of the program, and real-time consideration of changes to a company’s risks. DOJ’s revisions include a question whether there have been updates to policies and procedures based on lessons learned from misconduct or from other companies in the same industry, and periodic reviews that are “based upon continuous access to operational data and information across functions.”
Policies and Procedures: A new question was added concerning accessibility – “Have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?”