And the Beat Goes On – Part 1

New DOJ Antitrust Guidelines on Corporate Compliance Programs

For many, “And the Beat Goes On” awakens memories of Sonny & Cher’s anthem to changing times.

Perhaps not surprisingly, the words are just as applicable to business ethics—change keeps on coming.

This month, the US Department of Justice continued its push for change with release of its Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.

This probably sounds familiar: didn’t the DOJ just release something like this? Yes, in April the Department’s Criminal Division released Evaluation of Corporate Compliance Programs, the broader guidance about how the DOJ will investigate compliance efforts of organizations that come to its attention.  These new Antitrust guidelines serve as companion guidance specifically to antitrust (or fair competition) cases—what the Antitrust Division will specifically examine.

While these new antitrust guidelines may be viewed as just one additional, small step in the DOJ’s larger efforts, here’s another perspective: The US Government through its various departments and agencies continues its march to define compliance management at a specific level. Organizations that run afoul of specific laws will find it difficult to argue that a generalized compliance effort is sufficient.

Consider these past government efforts to promote strong compliance management practices:

  • US Equal Employment Opportunity Commission (EEOC) regarding workplace harassment and discrimination
  • US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Resource Guide
  • US Health and Human Services (HHS) Model Compliance Program (for hospitals, nursing facilities, pharmaceutical manufacturers, ambulance suppliers, physician practices, Medicare choice facilities, clinical laboratories, etc.)
  • US Federal Acquisition Regulations (FAR) and associated government contracting standards for compliance management
  • US Sarbanes-Oxley Act (SOX) compliance management requirements for publicly-traded compliance
  • US Occupational Health & Safety Administration (OSHA) Recommended Practices for Safety and Health Programs
  • US Environmental Protection Agency (EPA) Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations
  • US Federal Energy Regulatory Commission (FERC) Policy Statement on Compliance
  • US Securities and Exchange Commission (SEC) Compliance Programs for Investment Companies and Investment Advisers
  • US Federal Deposit Insurance Corporation (FDIC) Compliance Management System requirement

In short, the US Government doesn’t simply want to see businesses try to comply with laws and regulations—it wants to see active compliance management efforts that seek to avoid violations and, when they occur, quickly identify, mitigate and report them.

This approach by the US Government serves two objectives:

  • It pushes businesses to identify their greatest legal and regulatory risks to focus compliance efforts there.
  • It encourages businesses to look broadly at compliance to find more efficient ways to promote it instead of managing several standalone topic-specific compliance efforts.

Keep in mind that the DOJ’s April release updated 2017 guidance from its Fraud Section, and the update is designed to broaden the guidance’s applicability to all criminal conduct. Any business that thinks it doesn’t need to address compliance holistically – but only through focus on specific areas – is likely to find that is efforts won’t meet regulators’ tests, and it certainly is not an efficient means to build a culture of compliance.

Part 2 of this blog will look specifically at expectations in the DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations. 

Click here to read Part 2

The Department of Justice’s Gift That Keeps on Giving – Part 2

The newly updated 2019 DOJ Evaluation of Corporate Compliance Programs criteria offer some valuable advances to how prosecutors should look at an organization’s compliance efforts.


First, it warrants noting that these updated criteria were issued by the DOJ’s Criminal Division; the 2017 criteria were issued by the Fraud Division, which is just one part of the Criminal Division.  So, the updated criteria apply to a larger pool of prosecutors and broader range of criminal offenses.


Second, the new criteria introduce three leading questions, in which all criteria are placed:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
  3. Does the corporation’s compliance program work in practice?


This structure reinforces the point that “paper programs” with no substance and follow-through supporting them will not pass the test. DOJ wants to see programs with “teeth,” those that not only are well designed but also are well applied with tangible results.


Third, prosecutors will evaluate a compliance program as to its effectiveness when the relevant offense occurred and at the time of charging or other resolution. This assessment will weigh on the decision to prosecute or otherwise resolve the offense, any financial penalty, and any further compliance requirements. So, while a business should take proactive steps to build an effective compliance program, it still has some opportunity to build or reinforce these efforts after prosecutors begin to investigate. Though, why a company would bother to wait until this late in the game remains a mystery given all the benefits that come from avoiding an investigation, or an offense in the first place.


Fourth, the updated criteria are just over twice as long as the 2017 criteria (18 pages versus 8 pages), so they cover more criteria and in greater depth, providing prosecutors with more precise guidance and businesses with greater insight into how the DOJ views effective compliance.


Instead of listing each criteria separately as it did in 2017, the updated guidance places each criteria under a major heading. This emphasizes the importance of the design, implementation and follow-through of a compliance program. Here is the new structure of these criteria:


  1. Is the corporation’s compliance program well designed?
    1. Risk assessment
    2. Policies and procedures
    3. Training and communications
    4. Confidential reporting structure and investigation process
    5. Third party management
    6. Mergers and acquisitions


  1. Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
    1. Commitment by senior and middle management
    2. Autonomy and resources
    3. Incentives and disciplinary measures


  1. Does the corporation’s compliance program work in practice?
    1. Continuous improvement, periodic testing, and review
    2. Investigation of misconduct
    3. Analysis and remediation of any underlying misconduct


Immediately, we can see the similarity with the criteria for an effective compliance and ethics program under the US Sentencing Guidelines.


Without running through a line-by-line analysis of the differences between the 2017 and 2019 criteria (which anyone can perform using a MS Word document comparison function), suffice it to say that

  • The substance of the 2017 criteria are preserved.
  • Certain additional items are added to the 2019 criteria that expand on each topic.
  • Greater commentary is provided regarding each topic to help organizations understand the DOJ’s purpose for the topic and which helps to clarify its intent.


In the end, these updated criteria offer organizations a compelling roadmap for designing, instituting and maintaining an ethics and compliance program. Leadership need not stew over what the DOJ wants to see—they’re telling it more explicitly than before. So, if an organization wants to place itself in the best possible position should it be investigated, charged with an offense, have its executives charged, or be prosecuted, this is the gift.


While certain executives will believe they never have to worry about these risks, it’s worth pointing out that, as these criteria become more fully adopted by businesses and other organizations, it raises the bar for effective ethics and compliance management.


Part 3 will address the new Criteria’s implications for organizations’ compliance training and communications efforts.

The Department of Justice’s Gift That Keeps on Giving

On April 30, the US Department of Justice updated its Evaluation of Corporate Compliance Programs, guidance that it provides to federal prosecutors for their use to assess an organization’s efforts to implement and maintain effective compliance management.

• What are the changes to these evaluation criteria?
• Further, what’s the significance of this guidance in the first place?
• Finally, why should businesses find value in this update?

To provide appropriate context to these questions, first let’s revisit the development of guidance for federal prosecutors and judges regarding evaluation of an organization’s compliance program.

The Federal Sentencing Guidelines 

In 1991, the US Sentencing Commission updated its own guidance to federal judges. The Commission is part of the federal judiciary and charged with providing guidelines to federal judges for sentencing organizations convicted of federal criminal misconduct.

Broadly, these Sentencing Guidelines are intended to help judges determine a sentence for an organization convicted of criminal conduct. (This is related to similar sentencing guidelines for individuals convicted of criminal conduct, which would apply to an organization’s officials and other employees.) These Guidelines provide the judge a framework for making this evaluation and, in doing so, creates consistency among judges across cases and federal districts.

The Guidelines chiefly take into account the significance of the criminal conduct, its duration, and the organization’s complicity in the conduct. But the Guidelines also offer a “carrot and stick” with respect to compliance: an organization’s sentencing can be reduced or exacerbated based on the degree to which the organization maintained an effective compliance program.

This section of the Guidelines, “Criteria for an Effective Compliance Program,” quickly became the de facto framework for how US businesses institute and manage legal compliance. The criteria included seven essential components of compliance management. These have been updated three times since 1991 and today address such criteria as the following:
• Commitment by leadership to ethics and compliance
• Assurance that senior staff are reviewed for a propensity to engage in misconduct
• Assessment of the organization’s compliance risks
• Standards and procedures
• Training and communications
• Compliance monitoring and auditing
• Systems for reporting suspected misconduct confidentially and anonymously
• Procedures to respond to identified misconduct

In the ethics and compliance profession, these criteria are often referenced as the US Sentencing Guidelines or Federal Sentencing Guidelines and have been very influential in similar frameworks developed by other areas of the federal government, including the Department of Health & Human Services’ Office of Inspector General and the Department of Justice.

DOJ Principles for Federal Prosecution

Starting in 1999, the Department of Justice began issuing a series of memoranda to provide federal prosecutors with guidance when pursuing cases against and charging organizations with criminal conduct (Holder, Thompson, McNulty, Filip memos). This guidance became the basis for today’s Principles for Federal Prosecution of Business Organizations. These Principles take their cue from the US Sentencing Guidelines with respect to criteria that prosecutors should consider as to whether an organization has made efforts to institute an effective compliance program. These Principles influence prosecutors:
• Whether to pursue a case against an organization
• Whether to charge an organization with civil or criminal conduct (and separate from whether to charge its employees with this conduct)
• What sentencing to recommend to the judge for organizations found guilty of criminal conduct

In 2015, the Department of Justice began working with Hui Chen, a former federal prosecutor and corporate compliance expert, to help the Department better determine how to aid prosecutors in evaluating organizations’ compliance efforts. This resulted in the first “Evaluation of Corporate Compliance Programs” in 2017. These criteria laid out the following structure:

Two prominent examples of where this framework demonstrated value to businesses follow:
• In 2012, The Department of Justice declined to prosecute Morgan Stanley when one of its executives bribed Asian officials in a real estate deal. Prosecutors signaled that the firm’s efforts to train and communicate compliance requirements to this executive demonstrated the firm’s commitment to compliance. (The executive was charged separately.)
• Earlier this year, the Department declined to charge Cognizant with criminal conduct over a bribery scheme by its CFO and chief compliance officer in securing a location site in India, largely because of the company’s compliance efforts and its quick reporting of a bribery scheme. (see blog)

DOJ Updated Evaluation Criteria

With the April 30 release of the DOJ’s updated Evaluation of Corporate Compliance Programs, the DOJ has evolved how it sees successful organizational compliance. This both sets challenges for and offers gifts to businesses.

The Challenge

As the ethics and compliance field matures, its frameworks will move in tandem, creating a more sophisticated and nuanced way of addressing how organizations should demonstrate responsible conduct. This evolution has moved from a reactive stance to one that is increasing proactive, with expectations that organizations not only maintain hard controls, such as segregation of duties and management sign-offs, but also soft controls, such as communications and management commitment. Companies that don’t want to run afoul of regulators’ focus will need to keep pace with these changes and develop their own compliance efforts in line with regulators’ expectations.

The Gift

The gift is twofold.

First, by developing criteria in the first place, the DOJ provides a helpful roadmap for what businesses should do to demonstrate compliance. They need not ‘read the tea leaves’ of prior criminal cases and sentencing memos to divine what the Department expects; through these criteria, the Department is speaking rather clearly about its intentions.

Second, indirectly, businesses now have an improved means to manage compliance risk. By using the Department’s (or the US Sentencing Commission’s) criteria for effective compliance, businesses benefit themselves by better managing risk: preventing it, detecting it early, taking quick steps to mitigate its damages, and then proactively improving processes to prevent its recurrence.

Part 2 of this series will address the changes in the updated DOJ Criteria versus its earlier criteria.

Part 3 will address the new Criteria’s implications for organizations’ compliance training and communications efforts.

Tis’ the Season for Corrupt Business Practices

Twas’ the week before Christmas, and all across the globe, back room dealings were happening, even as the DOJ initiated a probe. With the company seeking that contract, execs sent a guy nicknamed “Santa” to bat, but ethics questions abound, as the global economy has made anti-corruption pacts.

In the last several years, global legislation has gone into place to avoid bribery and corruption. The United States has long had the Foreign Corrupt Practices Act (FCPA), which prohibits corrupt payments to foreign officials. However, foreign countries have gotten on board, enacting legislation that is stricter and without the defenses available by the FCPA. Indeed, laws like the U.K. Bribery Act of 2010 prohibit businesses from failing to prevent bribery, and the provision extends to the private sector as well as the public realm. Accordingly, the risks of breaking the rules have never been greater, and implementing global anti-corruption training programs has leapt to the forefront of business necessity for 2015 and beyond.

Many domestic companies use outdated models of avoiding corruption, or worse yet do nothing at all. If your business is operating in the global market it is essential that you learn the distinctions between the FCPA and U.K. Bribery Act, as well as other laws enacted in emerging nations that have extraterritorial reach. Importantly, the U.K. Bribery Act applies to entities and individuals who do business in that territory, which means it applies to many U.S. Corporations with offices in the U.K.

With the holiday season upon us, many companies take the time to send gifts to corporate partners. Unfortunately, under many of these laws, if gifts are sent to the wrong people or for the purpose of gaining a business advantage you could be open to civil and criminal penalties. Indeed, corporate hospitality, the reimbursement of expenses, charitable donations, and other forms of payment can cross the line between ethical conduct and corruption. In order to avoid getting into hot water it is essential that your managers, executives and employees understand the intricacies of what they can and cannot do in the business development realm.

Corruption boils down to dishonest activity in exchange for business gain. While many companies that are prosecuted domestically and abroad go into negotiation with honest and ethical intentions, they can frequently cross the line unintentionally. By the time they realize they have done something illegal it is often too late. In addition to the legal penalties associated with corrupt business practices, the overall cost of doing business in foreign countries increases and business reputation can suffer serious damage. Accordingly, it is best to take adequate measures to prevent corrupt activity altogether. Indeed, doing so is one of the few defenses available under the U.K. Bribery Act’s failure to prevent provision!

Conducting ethical business practices and avoiding compliance traps is a fine line, especially when international laws are involved. Syntrio can help train your managers on the nuances of both the laws and ethical conduct that will help formulate an effective plan for conducting business in foreign markets. Contact for more information and remember to follow us on Twitter, Google Plus and LinkedIn for daily updates on employment law and compliance that impact your business!