The U.S. Department of Justice (DOJ) Criminal Division, Fraud Section quietly released a new guidance document, Evaluation of Corporate Compliance Programs, earlier this year. It offers guidance in the form of a series of sample questions spanning 11 topics. The topics, as the DOJ acknowledges in the document’s introduction, are not new. They can also be found in many other sources, including (but not limited to) the Federal Sentencing Guidelines Manual (2014) and A Resource Guide to the U.S. Foreign Corrupt Practices Act (2012).

According to a recent article in the National Law Review, the guidance document reinforces the message that the DOJ’s focus is on the concrete steps a company’s leadership takes to foster a “corporate culture of compliance” (Jennings and Hobbs, 2017).

The sample questions are intended to reveal how seriously corporate leaders and boards approach, promote, and support the following topics. These topics reflect factors that prosecutors will take into consideration when conducting an investigation (Jennings and Hobbs, 2017).

1. Analysis and remediation of underlying misconduct
2. Senior and middle management conduct and commitment
3. Compliance function autonomy and resources
4. Policies and procedures
5. Risk assessment—processes and analysis
6. Training and communications
7. Confidential reporting and investigation
8. Incentives and disciplinary measures
9. Continuous improvement, periodic testing, and review
10. Third party management
11. Mergers and acquisitions

The sample questions related to each of these topics provide the added value to this document. They are examples of those the DOJ’s Fraud Section has found relevant in evaluating corporate compliance programs. They also reflect the sentiment, expressed by now-former DOJ Compliance Counsel Hui Chen, that companies should leave their policy manuals behind when they come to compliance presentations with the DOJ (“I challenge them to show me a single employee who sat there and read them.”) and instead focus on how the polices actually operate (Wilczek, 2017).

For example, here are the sample questions related to topic 7—confidential reporting and investigation:

Effectiveness of the Reporting Mechanism – How has the company collected, analyzed, and used information from its reporting mechanisms? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information?

Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?

Response to Investigations – Has the company’s investigation been used to identify root causes, system vulnerabilities, and accountability lapses, including among supervisory manager and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go?

Companies interested in learning more about how the DOJ will evaluate the effectiveness of their corporate compliance programs—or interested in evaluating their own programs using the DOJ approach—will want to download a copy.

Ethical Advocate provides comprehensive ethics and compliance solutions, including ethics and compliance training and confidential and anonymous hotlines. Please contact us for additional information.

References

Jennings, Colin R. and Ayako Hobbs. “Summary of U.S. Department of Justice’s Guidance, “Evaluation of Corporate Compliance Programs.” National Law Review, August 8, 2017. https://www.natlawreview.com/article/summary-us-department-justice-s-guidance-evaluation-corporate-compliance-programs

U.S. Department of Justice. Evaluation of Corporate Compliance Programs, February 2017. https://www.justice.gov/criminal-fraud/page/file/937501/download

Wilczek, Yin. “Former DOJ Official on Evolution of Corporate Compliance.”  Bloomberg Law blog, July 24, 2017. https://bol.bna.com/former-doj-official-on-evolution-of-corporate-compliance/