New Guidance from DOJ on "Evaluation of Corporate Compliance Programs"
On April 30, 2019, the US Department of Justice (DOJ), Criminal Division, published an updated "Guidance Document" on "Evaluation of Corporate Compliance Programs" (Guidance).
The Guidance provides prosecutors, and thereby companies, with specifics around requirements for corporate compliance programs which DOJ will evaluate when conducting an investigation of a corporation. This evaluation will inform charging decisions and the form of resolution of a matter, and factor into the determination of the appropriate monetary penalty and compliance obligations. DOJ helpfully notes that its Guidance is not intended as a "one size fits all" for developing a corporate compliance program, but nonetheless provides companies with a helpful "checklist" to consider when both designing a program and importantly, when presenting the program to DOJ in connection with an investigation or settlement negotiation.
The Guidance is framed around three questions: (1) "Is the corporation’s compliance program well designed?"; (2) "Is the program being applied earnestly and in good faith?"; and (3) "Does the corporation’s compliance program work in practice?". Without question, a company facing DOJ will need to be in a position to answer a resounding "yes" to these three questions, but as with any compliance program, the detail is where DOJ will distinguish companies with respect to their corporate compliance programs.
While any Guidance is appreciated, it will be interesting to see how companies will adopt or enhance compliance programs to address this Guidance, as well as the sanctions compliance guidance that is anticipated to be forthcoming from the US Department of Treasury Office of Foreign Assets Control (OFAC). Both the DOJ and OFAC guidance documents emphasize the need for companies to conduct comprehensive risk assessments of their business. The Guidance provides a framework and potential checklist for measuring a compliance program and either identifying necessary enhancements or preparing explanations as to why a specific item on the checklist is not necessary given the company's risk profile and operations. Companies would be wise to reexamine their compliance and training programs, governance and staffing in light of the Guidance and see whether it would impress a DOJ prosecutor applying the Guidance.