Alert: "DOJ Updates Corporate Compliance Evaluation Guidance"

Porter Hedges LLP

Porter Hedges LLP

On June 1, 2020, the Department of Justice (DOJ) published an updated version of its guidance for “Evaluation of Corporate Compliance Programs,” originally published in February 2017. The guidance is intended to assist federal prosecutors, but it also shines light on how corporate compliance teams should be organized.

The following are key actions corporate compliance teams should take as a result of the revised guidance.

  • Companies must act to ensure compliance teams are adequately resourced and must make investments into compliance programs.
    A compliance program must be “adequately resourced and empowered to function” effectively. Companies should invest in compliance by training and incentivize compliance management. Compliance officers should be given access to the management of a corporation or granted enough power to conduct investigations without interference. Prosecutors will look at the resources allocated and positions held by the compliance team to determine the earnest and good faith efforts of a corporation to be compliant.
  • Compliance teams should be given access to appropriate data on a frequent basis instead of intermittent snapshots of data.
    The new language encourages companies to ensure their programs are always receiving new information and not looking at a “snapshot.” Revisions to the guidance emphasize a theme of dynamic and changing data and analysis expected of compliance programs. These revisions complement the emphasis placed on the individualistic nature of each compliance program and the need to evaluate programs both at the time of an offense and also at the time of a charging decision.
  • Compliance teams should stay abreast of industry and regional news, as well as consistently monitor how their internal risk assessments can be incorporated into their programs.
    The guidance reveals teams are expected to incorporate “lessons learned” from their own risk assessments, misconduct within the company, as well as misconduct by companies in the same industry or region. Compliance teams need to ensure they stay abreast of relevant industry or regional news in order to adjust their programs accordingly.
  • Companies should monitor third party vendors frequently and should incorporate newly-acquired M&A targets into their existing compliance program.
    Companies should perform audits on newly-acquired targets. As the guidance acknowledges, full and complete compliance analysis and due diligence may not be completed before acquisition of a target, making post-acquisition compliance essential. Additionally, third party vendors should be monitored and reviewed frequently instead of only at the beginning of a relationship because the guidance notes that third party vendors increase compliance risk in many cases.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Porter Hedges LLP | Attorney Advertising

Written by:

Porter Hedges LLP

Porter Hedges LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.