July 12, 2020

Volume X, Number 194

July 10, 2020

Subscribe to Latest Legal News and Analysis

July 09, 2020

Subscribe to Latest Legal News and Analysis

DOJ Issues Detailed Guidance on Evaluating Corporate Compliance Programs

On April 30, 2019, the Department of Justice (DOJ) released an updated version of its “Evaluation of Corporate Compliance Programs” (the “Guidance”). The DOJ has previously published guidance on the same topic, most recently in February 2017. The Guidance, while building on prior principles, offers significantly more detail about how prosecutors will evaluate compliance programs. Specifically, the Guidance now directs that prosecutors should ask three fundamental questions:

  1. Is the corporation’s compliance program well designed?

  2. Is the program being applied earnestly and in good faith?

  3. Does the corporation’s compliance program work in practice?

Under this framework, the Guidance provides 12 specific factors over 18 pages (double the 2017 version’s length) for prosecutors to consider. Along with re-organizing the material and adding an additional factor, the Guidance now also includes contextual notes introducing each topic. As with previous materials, the factors and questions in the Guidance are not meant to be a checklist or a “rigid formula.” Rather, the DOJ encourages prosecutors to evaluate compliance programs in the context of a company’s business and to make individualized determinations.

1. Is the Program Well Designed?

The Guidance now contains a more comprehensive analysis to determine whether a “program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing” and whether management is appropriately enforcing that program. Key elements include:

  • Risk Assessment: Prosecutors should understand how a company has identified, assessed, and defined risk in light of its specific business and risk profile. The Guidance instructs prosecutors to examine the company’s risk management process, risk-tailored resource allocation, and updates and revisions to its compliance program in reaction to lessons learned.

  • Policies and Procedures: Prosecutors should then evaluate whether the company’s policies and procedures aim to reduce the risks identified in its assessments. The Guidance suggests that, at a minimum, a company should have an accessible code of conduct that sets forth the company’s commitment to compliance. It should also have policies and procedures that encourage compliance in day-to-day operations. Prosecutors should assess the design, comprehensiveness, and accessibility of those policies and procedures, as well as the individuals responsible for implementing and acting as gatekeepers of the processes. Importantly, the Guidance removed language from this factor suggesting that prosecutors should consider whether misconduct violated a specific policy, how the misconduct was funded, and whether vendors were involved.

  • Training and Communication: The Guidance states that a “hallmark of a well-designed compliance program is appropriately tailored training and communication.” Prosecutors should therefore assess a company’s efforts to provide periodic, risk-based training; to relay information appropriately given the company’s sophistication, size, and expertise; to provide practical advice; and to address prior compliance issues. Updates to this factor include considering whether training is given in all high-risk areas and whether supervisors receive additional training.

  • Confidential Reporting Structure and Investigation Process: Unlike previous versions, the Guidance expressly instructs prosecutors to consider whether a compliance program provides whistleblower protection—that is, whether there is a “trusted mechanism by which employees can anonymously or confidentially report” allegations of misconduct without fear of retaliation. Prosecutors should assess whether qualified personnel review and timely respond to complaints. The government also will evaluate the level of resources dedicated to investigations and the tracking of results.

  • Third-Party Management: The Guidance reinforces that prosecutors should assess whether a company uses a risk-based due diligence approach to its third-party relationships. This includes evaluating whether a company considers a third party’s reputation and relationships with foreign officials as well as asking whether the company has an appropriate business rationale for using a third party. Further, prosecutors should assess how, once engaged, a company monitors and trains a third party and addresses any red flags.

  • Mergers and Acquisitions: Similarly, prosecutors should assess whether a company’s compliance program includes comprehensive due diligence of acquisition targets. The Guidance notes that pre-acquisition scrutiny indicates whether a company’s compliance program can effectively enforce internal controls and remediate misconduct.

2. Is the Program Effectively Implemented?

The Guidance continues to discourage mere “paper programs” and instructs prosecutors to consider the following when determining if a compliance program is effectively implemented:

  • Commitment by Senior and Middle Management: The Guidance emphasizes “conduct at the top.” It instructs prosecutors to assess whether senior management clearly articulates and disseminates ethical standards and whether senior management leads by example, including through remediation efforts. It also instructs prosecutors to examine whether middle management reinforces and encourages those standards.

  • Autonomy and Resources: Prosecutors should evaluate whether compliance personnel have sufficient seniority, resources, and autonomy from management. Compliance personnel also should have appropriate experience and qualifications. The Guidance, however, recognizes that sufficiency depends on the size, structure, and risk profile of each company. The Guidance now also directs prosecutors to determine if internal audits are conducted at a level that ensures independence and accuracy.

  • Incentives and Disciplinary Measures: Prosecutors should assess whether a company encourages compliance by establishing and consistently enforcing clear disciplinary procedures. Prosecutors may also consider a company’s efforts to incentivize compliance through providing certain benefits.

3. Does the Compliance Program Work in Practice?

The Guidance specifically recognizes that the mere occurrence of misconduct does not necessarily mean a program was ineffective at the time of the incident. Rather, prosecutors should view a company’s identifying, remediating, and self-reporting any misconduct as a strong indicator of its compliance program’s efficacy. To that end, prosecutors should consider how the company detected, investigated, and remediated the misconduct. Moreover, to determine whether a compliance program is effective at the time of a charging decision, prosecutors should evaluate if and how the program has evolved and whether the company has analyzed the misconduct’s cause and performed necessary remediation.

  • Continuous Improvement, Periodic Testing, and Review: Prosecutors should consider whether a company meaningfully reviews its compliance program to ensure that it is not “stale.” To do so, prosecutors should assess whether a company conducts periodic audits, updates risk assessments and compliance procedures, and measures its culture of compliance. Prosecutors also may recognize a company’s efforts to promote improvement and sustainability.

  • Investigation of Misconduct: Unlike previous versions, the Guidance now directs prosecutors to evaluate whether a compliance program contains a mechanism for timely and thorough investigations of alleged misconduct. Prosecutors should first determine whether a company properly ensures an independent and objective investigation appropriate in its scope. Next, prosecutors should evaluate how a company responds to the investigation.

  • Analysis and Remediation of Any Underlying Misconduct: The Guidance ends by emphasizing that an effective compliance program can identify and remediate root causes of misconduct as well as take appropriate and timely disciplinary actions. Prosecutors should consider whether these factors exist when evaluating a compliance program’s efficacy.

Key Takeaways

While the Guidance does not make any significant substantive changes to the DOJ’s previous material on the topic, it does provide additional details about the DOJ’s expectations regarding corporate compliance programs. This detailed analysis is beneficial for not only those involved in enforcement actions but also for compliance and legal professionals implementing and monitoring compliance programs. These professionals should ask the same three fundamental questions posed to prosecutors when evaluating whether a compliance program adheres to the DOJ’s best practices.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume IX, Number 127


About this Author

Daniel Collins, White Collar Defense, Trial Attorney, Drinker Biddle

Daniel J. Collins represents companies, boards of directors, and senior executives in responding to government and regulatory inquiries, conducting internal investigations, and handling other complex litigation matters. He is an experienced trial attorney, having tried more than 25 cases to verdict in criminal and civil proceedings in both federal and state courts. Dan currently serves as a Managing Partner of the firm and co-chair of the firm’s White Collar Defense and Corporate Investigations practice.

Dan, a former federal prosecutor, has...

Andrew Porter Litigation lawyer Drinker Biddle

Andrew C. Porter is a trial lawyer who takes a high-energy approach to all of his cases and defends his clients aggressively. Andrew is a member of Drinker Biddle’s White Collar Defense and Corporate Investigations team, and also works on complex commercial litigation matters. During his 15 years of public service as an assistant U.S. attorney in the U.S. Attorney’s Office for the Northern District of Illinois, Andrew led more than 100 investigations and tried more than 30 federal jury trials and two federal bench trials.

As an assistant U.S. attorney, Andrew investigated, prosecuted and supervised all aspects of federal criminal cases, including racketeering, securities fraud, money laundering, health care fraud and violent crime. Andrew’s understanding of how the government builds its cases gives him the best possible insight to prepare a successful defense. He is meticulous in getting ahead of the prosecution by learning all the relevant facts about his clients’ business, associates and issues and then successfully advocates for his client at every stage of the proceeding.

For the majority of his time at the U.S. Attorney’s Office, Andrew served as a supervisor, overseeing and training dozens of assistant U.S. attorneys on the successful investigation and prosecution of more than 1,000 defendants. He also served as the U.S. Attorney’s Office Gang Coordinator, overseeing gang investigations and collaborating with state and federal law enforcement partners to efficiently tackle gang-related crime. This work required leadership skills, sensitive communication, thorough investigations, and the cultivation of relationships with people from all walks of life.

(312) 569-1364
Natalie DeLave Litigation Attorney

Natalie K. DeLave assists clients with various aspects of litigation, including legal research and the drafting of motions and other memoranda.

While in law school, Natalie interned for the Honorable Manish S. Shah of the U.S. District Court for the Northern District of Illinois and for the Honorable Robert L. Miller, Jr. of the U.S. District Court for the Northern District of Indiana. She was a summer associate at Drinker Biddle in 2017.

Bar Admissions

  • Illinois


  • University of Notre Dame Law...