September 28, 2020

Volume X, Number 272

September 28, 2020

Subscribe to Latest Legal News and Analysis

DOJ Guidance for Corporate Compliance Programs Calls for Continuous Tracking of Data and Program Adaptations

The Department of Justice (DOJ) Criminal Division recently issued updated guidance for white-collar prosecutors regarding the Evaluation of Corporate Compliance Programs ("Guidance"). The updated Guidance builds on updates issued in April 2019, and demonstrates DOJ’s continuing emphasis on corporate compliance programs in determining the outcome of criminal investigations. The Guidance, which calls for companies to be more nimble and adaptive, is intended to assist prosecutors assess the adequacy and effectiveness of a corporation’s compliance program, informing the ultimate resolution of criminal cases.

Based on the updated Guidance, companies should:

  1. Consider whether their IT infrastructure and compliance program policies support continuous gathering and monitoring of compliance-related data across functions;

  2. Ensure that “lessons learned” from inside the company, as well as from the relevant industry and region, are continuously tracked and incorporated into operations; and 

  3. Internally review – and continuously test the efficacy of – the resources and authority provided to the compliance function to ensure consistency with the new Guidance.

Updates to DOJ’s Three Fundamental Corporate Compliance Program Questions

The Guidance still relies on three fundamental questions to establish the framework for assessing a compliance program: 1) Is the compliance program well designed?; 2) Is it applied earnestly and in good faith?; and 3) Does it actually work in practice? While these general questions remain the same, the updated Guidance reframes the second as an inquiry into the compliance program’s resources and empowerment, rather than implementation of the program itself.

As in the past, the Guidance provides that DOJ will make an “individualized determination in each case,” although the updated version now states that the determination will be “reasonable,” and provides a more detailed list of the factors that will be considered in that individualized determination, including but not limited to: company size, industry, and geographic location.

The new Guidance provides multiple additional factors that prosecutors should consider under each prong of the evaluation framework, and states that prosecutors may consider these factors “both at the time of the offense and at the time of the charging decision and resolution.”

1. Is the Compliance Program Well-Designed?

This prong of the evaluation framework now places greater emphasis on periodic review of compliance programs; consistent incorporation of lessons learned; and accessibility of policies and procedures, as reflected in the following updated elements:

  • Company Perspective: The Guidance calls for greater consideration for the company’s perspective, emphasizing that prosecutors should “endeavor to understand” the company’s reasons for designing their program in a certain way, and how the program has evolved over time.

  • Periodic Review and Updates: Under the new Guidance, prosecutors will consider whether the periodic review of the program is limited to a snapshot in time, or conducted on a rolling basis “based upon continuous access to operational data and information across functions.” Prosecutors will also evaluate whether the periodic review has led to any updates in policies, procedures, or controls.

  • Lessons Learned: The Guidance emphasizes the importance of updating policies and instituting processes for tracking and incorporating lessons learned from periodic reviews, not only from the company’s own operations, but also those of other companies operating in the same industry and/or geographic region.

  • Accessibility of Policies: Policies and procedures should be easily accessible for employees, published in a searchable format, and DOJ will consider whether the company tracks employee access to the policies to “understand what policies are attracting more attention from relevant employees.”

  • “Truly Effective” Training and Communications: These updates focus on whether employees have the opportunity to ask questions arising out of trainings, company handling of employees who fail all or part of trainings, and whether the company has evaluated how training impacts employee behavior or operations. The revised Guidance also now specifically mentions companies investing in “shorter, more targeted training sessions” as a way to “timely identify and raise issues to appropriate compliance, internal audit, or other risk management functions.”

  • Effectiveness of Hotline Reporting: The Guidance now instructs prosecutors to consider whether a company’s anonymous reporting mechanism is publicized not only to employees, but also to third parties. DOJ will now evaluate whether companies are testing employee awareness of and comfort with using a hotline, as well as the overall effectiveness of the hotline.

  • Third Party Relationships: The Guidance emphasizes that companies should be aware of the risks posed by third-party partners. Prosecutors will now consider whether companies engage in risk management for third-party relationships not only during onboarding but also throughout the lifespan of the partnership.

  • Mergers & Acquisitions: The updated Guidance emphasizes the need for pre-acquisition due diligence and post-acquisition audits, and now instructs prosecutors to evaluate whether the company has a process for integrating newly acquired entities into existing compliance program structures.

2. Is the Compliance Program Being Applied Earnestly and in Good Faith?

Previously this element of the Guidance’s framework was based on an evaluation of whether the compliance program was implemented effectively. In the updated version, the Guidance instead asks whether the program is “adequately resourced and empowered to function effectively,” and contains the following changes:

  • Role of Middle and Top-Level Management: DOJ will now consider whether middle-level managers, in addition to top-level managers, have committed to implementing a culture of compliance. The Guidance clarifies that companies must foster a culture of ethics and compliance “at all levels.”

  • Data Resources: The Guidance places greater emphasis on data resources as a measure of whether a compliance personnel have sufficient resources to be effective. Prosecutors will weigh whether compliance and control personnel “have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions” (emphasis added). Prosecutors will also evaluate whether there are any impediments to data access and the company’s efforts to address those impediments.

  • Consistent discipline: The updated Guidance now instructs prosecutors to consider whether the compliance department monitors its investigations and resulting discipline to ensure that they are achieving consistent results across the organization.

3. Does the Compliance Program Actually Work in Practice?

Echoing the changes to the first prong of analysis, the new Guidance also includes a new factor regarding lessons learned for evaluating whether the program works in practice. Prosecutors will now consider whether the company reviews and adapts its compliance program based on lessons learned from its own, and other similar companies’, experiences.

© 2020 Beveridge & Diamond PC National Law Review, Volume X, Number 157


About this Author

Joshua H. Van Eaton Environmental Litigation Attorney Beveridge & Diamond Washington, DC

Joshua H. Van Eaton helps clients resolve high-stakes compliance, enforcement, and litigation matters.

He brings the perspective gained from a distinguished U.S. government service career to provide clients with strategic counsel on air, water, and waste issues with a focus on mobile source emissions. He also litigates those matters and advises on proactive environmental compliance strategies.

Prior to joining Beveridge & Diamond, Josh served as Senior Trial Attorney in the Environmental Enforcement Section of the Environment and Natural Resources Division (ENRD) of the U...

Jessalee L. Landfried Litigation Attorney Beveridge & Diamond Washington, DC

Jessalee maintains a general regulatory and litigation practice, with a particular focus on air, climate, subsurface contamination, and environmental compliance assessments.

Jessalee L. Landfried regularly counsels clients in the energy, tech, and automotive sectors on a variety of programs and compliance issues arising under the Clean Air Act, RCRA, and the Clean Water Act. In addition to her regulatory practice, she represents clients in litigation arising under a broad range of federal and state environmental statutes, including environmental class action suits. She also maintains an active pro bono practice, with experience in employment discrimination, housing, and immigration matters.

She received her law degree from Duke Law School, where she was the President of the Environmental Law Society and served on the Executive Board of the Duke Environmental Law & Policy Forum. During law school, Jessalee was a law clerk at the White House Council on Environmental Quality and the Southern Environmental Law Center. She also earned a Master of Environmental Management from Duke, with a concentration in economics and transportation policy. She won the North Carolina Women in Transportation Graduate Scholar award for her work to promote bicycling and walking and was also named the North Carolina Bar’s Zoning, Planning, and Land Use Fellow.

Jessalee is located in Durham, NC, and practices out of our Washington, DC office. 

Lindsey K. Selba Environmental Litigation Attorney Beveridge & Diamond Baltimore, MD

Lindsey Selba is a responsive and thoughtful team player who maintains a general environmental, litigation, and regulatory practice in addition to a pro bono practice.

Her work at the firm has focused primarily on Clean Air Act (CAA) and Clean Water Act (CWA) citizen suit litigation. In one matter, she successfully represented a client against citizen complaints of regulatory deviations and nuisance. Lindsey collaborated with technical personnel to demonstrate substantial compliance and developed a factual record to support a motion for summary...