The Department of Justice’s Gift That Keeps on Giving – Part 2

The newly updated 2019 DOJ Evaluation of Corporate Compliance Programs criteria offer some valuable advances to how prosecutors should look at an organization’s compliance efforts.

 

First, it warrants noting that these updated criteria were issued by the DOJ’s Criminal Division; the 2017 criteria were issued by the Fraud Division, which is just one part of the Criminal Division.  So, the updated criteria apply to a larger pool of prosecutors and broader range of criminal offenses.

 

Second, the new criteria introduce three leading questions, in which all criteria are placed:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
  3. Does the corporation’s compliance program work in practice?

 

This structure reinforces the point that “paper programs” with no substance and follow-through supporting them will not pass the test. DOJ wants to see programs with “teeth,” those that not only are well designed but also are well applied with tangible results.

 

Third, prosecutors will evaluate a compliance program as to its effectiveness when the relevant offense occurred and at the time of charging or other resolution. This assessment will weigh on the decision to prosecute or otherwise resolve the offense, any financial penalty, and any further compliance requirements. So, while a business should take proactive steps to build an effective compliance program, it still has some opportunity to build or reinforce these efforts after prosecutors begin to investigate. Though, why a company would bother to wait until this late in the game remains a mystery given all the benefits that come from avoiding an investigation, or an offense in the first place.

 

Fourth, the updated criteria are just over twice as long as the 2017 criteria (18 pages versus 8 pages), so they cover more criteria and in greater depth, providing prosecutors with more precise guidance and businesses with greater insight into how the DOJ views effective compliance.

 

Instead of listing each criteria separately as it did in 2017, the updated guidance places each criteria under a major heading. This emphasizes the importance of the design, implementation and follow-through of a compliance program. Here is the new structure of these criteria:

 

  1. Is the corporation’s compliance program well designed?
    1. Risk assessment
    2. Policies and procedures
    3. Training and communications
    4. Confidential reporting structure and investigation process
    5. Third party management
    6. Mergers and acquisitions

 

  1. Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
    1. Commitment by senior and middle management
    2. Autonomy and resources
    3. Incentives and disciplinary measures

 

  1. Does the corporation’s compliance program work in practice?
    1. Continuous improvement, periodic testing, and review
    2. Investigation of misconduct
    3. Analysis and remediation of any underlying misconduct

 

Immediately, we can see the similarity with the criteria for an effective compliance and ethics program under the US Sentencing Guidelines.

 

Without running through a line-by-line analysis of the differences between the 2017 and 2019 criteria (which anyone can perform using a MS Word document comparison function), suffice it to say that

  • The substance of the 2017 criteria are preserved.
  • Certain additional items are added to the 2019 criteria that expand on each topic.
  • Greater commentary is provided regarding each topic to help organizations understand the DOJ’s purpose for the topic and which helps to clarify its intent.

 

In the end, these updated criteria offer organizations a compelling roadmap for designing, instituting and maintaining an ethics and compliance program. Leadership need not stew over what the DOJ wants to see—they’re telling it more explicitly than before. So, if an organization wants to place itself in the best possible position should it be investigated, charged with an offense, have its executives charged, or be prosecuted, this is the gift.

 

While certain executives will believe they never have to worry about these risks, it’s worth pointing out that, as these criteria become more fully adopted by businesses and other organizations, it raises the bar for effective ethics and compliance management.

 

Part 3 will address the new Criteria’s implications for organizations’ compliance training and communications efforts.

Jason has worked in ethics and compliance for over twenty-five years, consulting with Fortune 500™ companies across the business ethics and compliance spectrum, including assessing and strengthening corporate values initiatives, instituting leadership engagement efforts, developing and revising codes of conduct and policies, designing and implementing related procedures, developing monitoring systems, conducting risk, culture and program assessments.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Enter your keyword