DOJ Guidance on Corporate Compliance Programs Provides Roadmap for Evaluation and Benchmarking

Todd Williams | August 3, 2017

Earlier this year the U.S. Department of Justice (DOJ) Fraud Section published its latest guidance on corporate compliance programs with the release of sample topics and questions designed to aid companies in the evaluation of compliance programs.

This latest guidance helps clarify the DOJ’s process for evaluating corporate compliance programs when negotiating with corporate executives and their counsel from companies under investigation.  The substance will be useful to entities seeking a roadmap for improving their own compliance programs.  The guidance, titled “Evaluation of Corporate Compliance Programs”, includes questions that the Fraud Section “has frequently found relevant in evaluating a corporate compliance program.” 

Although the content of the guidance does not amount to a significant departure from prior guidance issued by the DOJ and other organizations such as the U.S. Sentencing Commission and the Organization for Economic Co-operation and Development (OECD), the format of the guidance offers practitioners and in-house counsel a formalized set of questions to use as a starting point for a comprehensive compliance program evaluation. Of note, many of the questions are intended to prompt examination of the commitment by the board of directors and senior leadership regarding compliance-related decision-making, oversight, and resource allocation.

Some of the questions, excerpted below, exemplify the focus of the DOJ on senior management and the board of directors while evaluating a corporate compliance program:

Conduct at the top – How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?

Shared commitment – What specific actions have senior leaders and other stakeholders taken to demonstrate their commitment to compliance, including their remediation efforts? How is information shared among different components of the company?

Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Autonomy – Have the compliance and relevant control functions had direct reporting lines to anyone on the board of directors? How often do they meet with the board of directors? Are members of senior management present for these meetings?

Response to Investigations – Has the company’s investigation been used to identify root causes, system vulnerabilities and accountability lapses, including among supervisory managers and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go?

These excerpts, while only a representative example, give an idea of what the Justice Department will look at in any enforcement action.  Although the departure of the DOJ’s compliance counsel, Hui Chen, leaves open the question of how strictly the DOJ will hew to these guiding questions, the general trend towards focus on individual accountability and senior leadership is likely to continue.  This point was emphasized in the DOJ’s recent declination to prosecute CDM Smith Inc.  The Justice Department’s declination letter specifically cites CDM’s sharing of “all known relevant facts about the individuals involved in or responsible for the misconduct” and “the steps CDM Smith has taken and continues to take to enhance its compliance program”.