On April 30, 2019, the DOJ's Criminal Division published an updated Evaluation of Corporate Compliance Programs Guidance Document ("the Guidance") for prosecutors to use in evaluating corporate compliance programs. This is an evolution from the Fraud Section's February 2017 guidance on the same topic and is broader and more detailed. Notably, the updated Guidance did not remove substantive context from the 2017 guidance, but rather, clarified, reorganized, and supplemented the guidance. Critically, it now applies to the entire Criminal Division—not just the Fraud Section, and demonstrates the significance that the DOJ places on corporate compliance programs.

In building on the prior guidance, this updated version organizes the topics identified in 2017 into a framework grounded in three fundamental questions that prosecutors must ask:

  1. "Is the corporation's compliance program well designed?"
  2. "Is the program being applied earnestly and in good faith?" In other words, is the program being implemented effectively?
  3. "Does the corporation's compliance program work" in practice?

The Guidance stipulates that prosecutors should consider these questions at three points in time: the time of misconduct, the time of a charging decision, and the time of a resolution.

By adding this framework, and contextual information addressing the relevance of each question and subtopic, the new Guidance reinforces a clear message. Compliance programs ought to be risk-based, tailored and subject to regular evaluation and evolution because prosecutors will assess them on an ongoing basis. Further, this Guidance is applicable to any business that may be subject to federal criminal laws - from multinational corporations to limited partnerships.

Practitioners familiar with the DOJ's enforcement practices will already be familiar with that general message. However, looking past the reorganization, the new Guidance goes further to provide new insight into the considerations prosecutors must weigh when evaluating each element of a compliance program. A comparison of topics appearing in both the 2017 and 2019 Guidance documents, and the new contextual notes introducing those topics, shows that the 2019 Guidance contains a far clearer view into the DOJ's current approach to corporate compliance. As discussed further below, the new Guidance is therefore important not only for defending companies under federal investigation, but also for corporate compliance and legal professionals designing, implementing, and benchmarking their own compliance programs. The new Guidance allows such professionals to ask the same fundamental questions prosecutors will ask, providing much more clarity as to current best practices.

I. Compliance Program Design

The Guidance stipulates that the design of a compliance program should include zero tolerance for misconduct, clear policies and procedures, appropriate responsibility allocations, training programs, and incentive and discipline structures. Each aspect of program design must be risk-tailored to the company's individualized situation and adequately attentive to high-risk areas, rather than overly focused on low-hanging fruit. For example, "[a] well-designed compliance program should include comprehensive due diligence of any acquisition targets," specifically in the pre-acquisition context.

Accordingly, the Guidance appears to reflect the practical focus seen in other recent DOJ announcements and emphasize that compliance programs should not be "one-size-fits-all." Companies must conduct regular tracking and review of their compliance issues and implement changes to their programs based on the lessons learned. Moreover, the Guidance shows a clear expectation that compliance programs should be understandable to all employees, and lived out in practice.

To determine whether a company has appropriately tailored each aspect of its compliance program, the Guidance instructs prosecutors to consider relevant topics that appeared in the 2017 guidance. Key updates to those topics show that the evaluation of program design is now a more comprehensive analysis, much less rooted in whether the misconduct violated any existing policies or procedures. Prosecutors will now focus on the practical impact of policies and procedures, particularly with respect to third-party due diligence and management.

The key takeaways are summarized in the below charts; these charts reflect noteworthy additions to the updated Guidance, but do not provide a comprehensive summary of all changes from the 2017 guidance to the 2019 Guidance.

Please click here to view the full article.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.