On April 30, 2018, the Criminal Division of the US Department of Justice (DOJ) released a guidance document regarding corporate compliance programs. The guidance looks at the adequacy and effectiveness of compliance programs (at the time of an offense and at the time of charging a decision) as well as remedial efforts that have been taken to implement and/or improve a program that is in place. The guidance is meant to assist DOJ prosecutors with decision making related to prosecution or resolution, monetary penalties, monitoring a corporation going forward and determining reporting obligations.
While a Corporate Compliance Program is somewhat unique, three are Three Fundamental Questions that apply to all organizations:
- “Is the corporation’s compliance program well designed? “
What are the risk assessment methodologies, policies and procedures, training and communication, reporting structure and investigation process, management of third-party relationships and due diligence for acquisition targets?
- “Is the corporation’s program being effectively implemented?
What is the commitment of senior and middle management, autonomy and resources, incentives and disciplinary measures?
- “Does the corporation’s compliance program work in practice?”
Is there continuous improvement, periodic testing, review, investigation of misconduct, analysis and remediation of any underlying misconduct?
The document is intended to be a guide for corporate economic crimes prosecutors
According to Assistant United States Attorney General Brian A. Benczkowski: “Effective compliance programs play a critical role in preventing misconduct, facilitating investigations, and informing fair resolutions.” “Today’s guidance document is part of our broader efforts in training, hiring, and enforcement to help promote corporate behaviors that benefit the American public and ensure that prosecutors evaluate the effectiveness of compliance in a rigorous and transparent manner.”
Don’t be a Victim of your Own Making
The lesson of the DOJ’s guidance document is that an organization’s corporate compliance program ought to focus on:
- risk assessment
- company policies and procedures
- training and communications
- confidential reporting structure
- investigation process
- third-party management
- mergers and acquisitions
- commitment by senior and middle management
- autonomy and resources
- disciplinary measures
- metrics of whether a compliance program is operating effectively
- exploring a program’s capacity for continuous improvement
- periodic testing
- investigation of misconduct
- analysis and remediation of underlying misconduct
US Sentencing guidelines advise that for purposes of calculating an appropriate organizational criminal fine, consideration will be given to a corporation that had in place at the time of the misconduct an effective compliance program. Corporations ought to revise the guidance document released by the DOJ and review the three questions that a prosecutor will ask in the event of misconduct or wrongdoing. Consult your compliance advisor.