Does Your Corporate Compliance Program Meet the DOJ’s Expectations? New Guidance Serves as a Roadmap for Assessment

Legal Alerts

5.07.19

The Criminal Division of the U.S. Department of Justice recently issued an updated guidance document on the Evaluation of Corporate Compliance Programs. The new document, which significantly expands on the prior version issued in early 2017, largely follows the structure of its predecessor but provides much more detail than ever before. Indeed the new version is more than double the length of the prior version.

After a brief introduction plainly stating the importance of a company having an effective compliance program, the DOJ goes on to describe how it evaluates such programs starting with three fundamental questions:

  1. Is the program well-designed?
  2. Is the program effectively implemented, with earnest and good faith?
  3. Does the compliance program actually work in practice?

Through a series of brief discussions followed by several questions arranged by topic, the guidance provides greater insight into how the DOJ evaluates compliance programs. In short, these questions provide actionable direction on what the DOJ expects and how your program will be "graded." The document leaves the “how” up to companies, but certainly provides clarity on “what” is expected. For example, in section E on Third Party Management, the questions posed make it clear that the DOJ expects companies to conduct diligence on the third parties with whom they work and to exercise some degree of oversight, e.g. auditing and/or monitoring and training. However, the document leaves it to companies to determine exactly how to put these into practice.

The lack of detailed “how to” instructions should come as no surprise, as the DOJ—and other oversight agencies—frequently make clear that a compliance program needs to fit the company and be tailored to its unique risks taking into account factors such as size, industry and geographic footprint. 

Given the enforcement climate, companies would be well-served to review their compliance programs in light of the newly issued guidance. Indeed, the guidance provides a great roadmap for a company to self-assess its program. Can you answer the questions posed? Is the answer one with which you are comfortable? If not, its probably time to re-visit your program focusing on what the DOJ has made clear it expects.

If you have any questions about the information in this alert, please contact Butch Hulse (210-554-5280 or whulse@dykema.com) or your Dykema relationship attorney.