The US Department of Justice’s (DOJ) revised compliance program document “The Evaluation of Corporate Compliance Programs,” released June 1, 2020, helps organizations understand how DOJ evaluates compliance programs for effectiveness. Below are the the top takeaways from this revision that you should be aware of. For a deeper dive into this revision, listen to our webinar recording.
- Three questions the DOJ looks to answer are:
- Is the corporation’s program well designed?
- Is the program being applied earnestly and in good faith? (In other words, is the program adequately resourced and empowered to function effectively?)
- Does the corporation’s program work in practice?
- Under the June 2020 updates, the DOJ will increase its focus on evaluating how effectively compliance programs are tailored to the organization’s risk profile, including the company’s size, industry, geographic footprint, regulatory landscape and other factors.
- Compliance programs should continuously evolve to pass muster under the DOJ’s updated guidance. Programs are expected to adapt based on review of new data, as well as lessons learned from the company’s own experiences and the experiences of similar companies.
- The design of compliance programs will be even more closely scrutinized. The DOJ has added more detailed questions on program design, including, among others, have the policies and procedures been published in a searchable format?; how do employees ask questions during on-line trainings; and does the company take measures to test whether employees are aware of the compliance hotline and feel comfortable using it?
- The importance of adequate resources for the compliance function—both financial and data resources—is emphasized in the updated guidance. The compliance team should be empowered to function “effectively,” including having sufficient access to relevant data.
- Due diligence around third parties and acquisition targets heightened attention under the updated guidance. Business rationale for needing a third-party partner, risk management steps, compliance integration and post-acquisition compliance audits should all be considered.
- The “tone in the middle” is equally important as the “tone at the top” under the revised guidance. Company leaders and managers should instill a “culture of compliance” at all levels and execute the program across the entire organization.
- Board audit and compliance committees will be tasked with working with senior leadership to evaluate and implement changes to the compliance program suggested by the revised DOJ guidance. Committee members should give serious consideration to the revisions presented in the guidance, discuss them with the general counsel and the chief compliance officer and recommend possible plan changes to the full board.