The recently updated guidance from the Department of Justice (DOJ), titled "Evaluation of Corporate Compliance Programs" (June 2020), doesn't differ substantially from its April 2019 guidance. However, it does provide some additional clarifications and stresses the need for continuously updated, appropriately tailored and risk-based compliance programs. Notably, it demonstrates the DOJ's continued focus on corporate compliance and its commitment to enforcement in this area.
The guidance document is intended to assist U.S. Attorneys within the DOJ's Criminal Division in making determinations regarding the effectiveness of a company’s compliance program. It is also meant to ensure that prosecutors evaluate the effectiveness of corporate compliance programs in a consistent, rigorous and transparent manner. However, it can also be used to inform companies of the minimum standards that regulators will expect. Therefore, companies can use this guidance document when thinking about ways in which to design and implement compliance controls as well as update existing controls.
Just as it's April 2019 predecessor, the June 2020 document lists specific areas that the DOJ has previously found relevant in evaluating a corporate compliance program, and which can be summarized in three broad questions that prosecutors consider in evaluating corporate compliance programs:
Is the program well-designed?
Is the program effectively implemented?
Does the compliance program actually work in practice?
Among other changes, noteworthy updates in the June 2020 version of the document focus on the following main points:
A continuing shift away from “off the shelf” compliance program to an evolving risk-based program.
A greater emphasis on sufficiency and adequacy of resources dedicated to compliance.
The need for periodic review and enhancement of the compliance program.
The need for ongoing identification of risks, including a focus on relevant high-risk areas (accomplished through a continuously updated risk assessment process).
The importance of ongoing communication and training.
A strong corporate culture and "tone at the top."
The DOJ’s guidance on corporate compliance programs is meant to correspond with and compliment other recognized guidelines and international standards for effective, risk-based compliance programs. Furthermore, the DOJ recognizes that companies will never be able to prevent every misconduct or identify every incident. Not only would such an approach be too costly, but it would also be unreasonable. Hence the focus on a fluid and appropriately tailored compliance program.
Although the COVID-19 pandemic and its resulting consequences may make it difficult for some companies to implement the new guidance, the emerging risks and new threats presented by the current situation make it a crucial time to ensure that companies effectively identify and mitigate these risks and that solid internal controls and processes are in place.
A pdf version of the DOJ's June 2020 Evaluation of Corporate Compliance Programs guidance document can be accessed here.