The Five Most Important Issues in DOJ’s Revised Compliance Program Guidance
The Justice Department’s revised Evaluation of Corporate Compliance Program Guidance (“DOJ Guidance”) was released with little fanfare. It is difficult to find the press release that accompanied the release. No one at DOJ flagged the issue in advance of the release. No speech or event accompanied the release. All was relatively quiet from the DOJ front.
Do not be fooled by the relative silence of DOJ’s announcement. The revisions to the DOJ Guidance are important because they underscored significant trends. DOJ has played a leadership role in pushing corporate compliance programs to improve. DOJ has been at the forefront of pushing the importance of corporate compliance officers in corporate governance. When DOJ speaks, the business community should listen (as EF Hutton used to say).
In looking over the range of the DOJ Guidance changes, here is a list of the five (5) most important:
Resources and Empowerment: DOJ included several revisions to its Guidance to emphasize the importance of ensuring that compliance programs are sufficiently resourced and empowered to exercise appropriate authority.
DOJ’s intent here is obvious – companies are implementing budget cuts to corporate compliance programs and DOJ is concerned that these budget cuts will have a harmful impact. As companies consider how to navigate turbulent economic conditions, DOJ is reminding companies to spare corporate compliance programs, and even expand such operations if relevant risks require such increases.
On the empowerment issue, DOJ has highlighted in a number of enforcement matters over the last few years instances where illegal conduct occurred despite the opposition and objections of in-house lawyers and compliance personnel. DOJ is reminding companies that DOJ expects compliance officers and lawyers to have adequate authority to stop a transaction or other action from occurring if there are real and significant compliance concerns. Companies have to adopt explicit controls requiring sign off from compliance and/or legal as a condition before an action can occur.
Consistent Discipline: DOJ’s revised Guidance included an important new question: “Does the compliance function monitor its investigations and resulting discipline to ensure consistency?” DOJ’s commitment to organizational justice is evident. This is a significant concern because DOJ knows that the surest way to undermine a company’s culture is uneven discipline. By focusing compliance officers on this important issue, DOJ is taking steps to ensure that compliance officers have a seat at the table when discipline is implemented and that such discipline is consistent across the organization.
Access to and Use of Data: DOJ’s Guidance takes aim at compliance program data to make sure that compliance officers have access to data, and that such data can be used to craft real-time monitoring programs. Companies are moving in this direction, recognizing the fact that company data can be mined and accessed on an ongoing basis to monitoring corporate activities on a proactive basis.
Real-Time Monitoring and Updating of Compliance Program: Building on data access, DOJ’s Guidance incorporates changes to reflect the importance of real-time monitoring and continuous evolution of the compliance program. DOJ has embraced the idea that compliance programs are not static and must evolve based on updated risk assessments, internal investigations and lessons learned, and ongoing monitoring functions dictate. This new emphasis is a critical requirement because it is a challenge to the compliance function – embrace technology, data, and build real-time monitoring and improvement.
Post-Acquisition Integration and Audits: DOJ’s Guidance incorporates prior statements and enforcement policies emphasizing the importance of post-acquisition integration planning and audits. DOJ’s policy emphasis on mergers and acquisitions has evolved over the last ten years from pre-acquisition due diligence to post-acquisition integration and audits. DOJ’s Guidance includes revisions reflecting the importance of post-acquisition planning and audits. DOJ has evolved based on enforcement matters and quickly adapted its enforcement emphasis on post-acquisition planning. Companies that rely on acquisitions to grow have to devote significant efforts to planning post-acquisition integration to include: training of new officers and employees; expansion and revision of policies and procedures to incorporate the new company; and post-acquisition audits to ensure absence of FCPA or other violations.