2020 Year in Review: DOJ and SEC Compliance Guidance (Part II of IV)
DOJ and the SEC have provided unprecedented compliance guidance and information. DOJ has established itself as the preeminent leader in advancing ethics and compliance programs, best practices and innovations. No agency or global organization has had such a dramatic impact on the improvement of corporate compliance programs.
To be sure, DOJ and the SEC have a two-prong strategy – first and most important, DOJ and SEC enforcement actions provide important examples and insights into compliance expectations; second, DOJ has released two important documents providing guidance on ethics and compliance programs – Evaluation of Corporate Compliance Programs (Criminal Division) and Evaluation of Corporate Compliance Programs (Antitrust Division). In November 2012, DOJ and the SEC released FCPA Guidance and updated that guidance this year as well.
DOJ Ethics and Compliance Guidance
On June 1, 2020, DOJ issued revised compliance guidance. The changes made by DOJ fell into five categories. DOJ’s revisions reflect continuing and increasing concerns surrounding the quality of corporate compliance programs.
First, DOJ revised its guidance language concerning chief compliance officer resources, independence and empowerment. DOJ has expressed a continuing concern, which has been highlighted in several enforcement actions, that organizations are failing to empower the compliance function and allocating insufficient resources for compliance programs to complete their responsibilities.
Second, DOJ reinforced its concern that companies should discipline employees fairly and consistently across the organization. In many cases, companies suffer serious culture and trust erosion by meting out uneven discipline for similarly-situated employees. Most significantly, companies often discipline senior officers and managers differently than line employees for the same offense.
Third, DOJ mandated that companies have to provide compliance with access to all relevant data needed to carry out their responsibilities. The information silo problem has been a recurring issues for compliance officers, who often run into obstacles to information access. In many cases, this problem has occurred between Human Resource and Compliance Officers over access to HR information for employees, including complaints, counseling and other incidents.
Fourth, DOJ has emphasized the importance of compliance to engage in real-time monitoring and continuous updating of its program. This issue is now where cutting-edge solutions are being developed that integrate technology, data analytics and other monitoring capabilities. In the future, CCOs will need to embrace a compliance “dashboard” to monitor its program, update risks, and improve its compliance program.
Fifth, DOJ has pushed companies that grow through acquisition to focus on post-closing integration of acquired companies. This renewed emphasis is aligned with enforcement incentives – companies have a post-acquisition period of 12 to 18 months to integrate the newly-acquired company into existing compliance programs, conduct training and complete any FCPA audits.
DOJ and SEC FCPA Guidance
In July 2020, DOJ and the SEC issued updated FCPA Guidance. The original guidance was released in November 2012. The new FCPA Guidance was updated to reflect “new cases, new law and new policies.” DOJ and the SEC announced a new hallmark for an effective compliance program – Investigation, Analysis and Remediation – keyed to the important statement that, “The truest measure of an effective compliance program is how it responds to misconduct.”
In focusing on an organization’s investigation program, DOJ and the SEC emphasized that an effective compliance program has to include: “timely and thorough” and “well-funded” investigation program, “document[s] the company’s response (e.g. discipline and remediation),” and “integrate ‘lessons learned’ from the misconduct into company’s policies, training and controls.”