New DOJ Guidance: What Is Your Compliance Program Worth?
On April 30, 2019, to provide greater transparency into prosecution decisions, the U.S. Department of Justice (DOJ) published “The Evaluation of Corporate Compliance Programs,” an update to its February 2017 guidance on the same topic. The new guidance complements the principles previously described by DOJ’s Fraud Section that prosecutors should consider when “conducting an investigation of a corporation, determining whether to bring charges, and negotiating plea or other agreements.” According to the Justice Manual, those factors include “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision” and the corporation’s remedial efforts “to implement an adequate and effective corporate compliance program or to improve an existing one.” The new guidance attempts to provide more detail as to how DOJ will evaluate corporate compliance programs in this context while better harmonizing the Criminal Division’s guidance with the rest of the department.
The guidance is organized in a comprehensive fashion under three basic, overarching questions that compliance departments should consider:
Is the corporation’s compliance program well designed?
Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
Does the corporation’s compliance program work in practice?
Under each of these questions, the updated guidance provides greater detail than past versions about the factors used to answer each specific question. While the same previous 11 factors still exist, a 12th – “Investigation of Misconduct” – has been added to assess how the program works in the real world.
This newly named factor assesses whether the compliance program contains a “mechanism for the timely and thorough investigation of any allegations or suspicions of misconduct.” DOJ now will explicitly assess two aspects of internal investigations. First, whether the program ensures the company conducts and documents properly scoped, independent investigations. Then, DOJ will evaluate how the company responds to the results of the investigations. Given the Investigation of Misconduct factor will be assessed by DOJ after alleged misconduct has been discovered, DOJ likely will review the investigation and response at hand as well as the company’s recent history of investigations and responses.
In addition to including a new factor, the guidance now contains questions that compliance officers should answer when assessing each factor. No longer does a company need to attempt to achieve the amorphous goal of doing its best to determine whether it has “appropriately tailored training and communications,” according to the guidance. Now, the guidance contains half a dozen questions to assess whether the company is conducting “risk-based training” that is effective in form and content, plus another half dozen to assess senior management’s communications about misconduct and the availability of guidance to employees. Far less is left to interpretation by the prosecutor or the company it is evaluating, hopefully creating a more transparent analysis.
This level of detail not only focuses the prosecutors on the appropriate factors to consider, but it also provides the company with a checklist for what DOJ might consider an effective compliance program. And an effective program can be highly beneficial to a company, as highlighted in recent public statements by DOJ. The department explicitly referenced a February 2019 case where DOJ declined to prosecute Cognizant Technology Solutions Corporation, in part because Cognizant maintained an effective program that allowed it to detect and report misconduct by two of its employees. This voluntary disclosure, combined with Cognizant’s full cooperation and remediation, led to DOJ’s decision. (See Assistant Attorney General Brian A. Benczkowski’s Keynote Address at the Ethics and Compliance Initiative 2019 Annual Impact Conference in Dallas, Texas on April 30, 2019, available here.) Because effective compliance programs either prevent misconduct or detect it early and allow the government to effectively investigate and prosecute wrongdoers, DOJ has strived to incentivize and reward companies that implement effective compliance programs. According to DOJ, Cognizant is one example of such a reward.
For compliance officers and corporate counsel, DOJ’s update provides an easier way to craft and evaluate internal controls. While it may appear to add levels of complexity, the purpose is clearly to understand the company’s compliance approach and then analyze how the program relates to the specific misconduct at issue. For lawyers who defend companies in ongoing investigations, this update provides an additional basis for evaluation and negotiation of whether remedial or punitive remedies are warranted. Transparency assists in both preventing and responding to DOJ inquiries, and the April 2019 update will provide a useful roadmap to navigating both.
* Special thanks to Kip B. Randall for his valuable contribution to this Alert.