How Effective is Your Corporate Compliance Program?
February 27, 2017
On February 8, the Fraud Section of the United States Department of Justice (DOJ) posted on its website a document entitled “Evaluation of Compliance Programs” (the “Guidance”). This is the first formal guidance issued by the Fraud Section of the DOJ since the Trump administration took office. In the context of an investigation where your compliance program must be evaluated, how would your company fare?
The DOJ recognizes that every business is different. The Guidance provides a series of questions that captures the DOJ’s most current thinking on what constitutes best practices in an effective compliance program. A compliance program should be adapted to each company’s unique culture and particular risks – and the program needs to be supported by the words and deeds of all of management. The Guidance clearly addresses this issue, sometimes referred to as “tone at the top”. This isn’t the only area in which companies often fail the effectiveness test.
Many companies have a compliance program that includes policies and procedures but lack the appropriate structure for response and remediation. Some companies have a clearly defined compliance and remediation program but have not properly trained senior leaders and other stakeholders or thoroughly communicated the program across the company. In many instances, companies do not regularly evaluate their compliance program to ensure its relevance as the business matures or the landscape in which they operate changes.
Establishing an effective compliance and ethics program has become a necessity to protect any highly regulated organization, and a critical component of any company’s strategic and operational decisions. For a compliance program to be effective, as the Guidance clearly demonstrates, it needs to be more than a piece of paper; it needs to be customized, operationalized, communicated, institutionalized, and evaluated. A copy of the Guidance can be found here.*
Keep in mind that the Guidance is not a form or a formula. It is a useful resource for benchmarking and assessing your compliance program, or designing and implementing one from scratch. The Guidance can also be a resource for directors and officers, to help them understand whether their company’s compliance program will satisfy the DOJ’s expectations.
*Compliance officers and practitioners will recognize that many of the topics discussed in the Guidance emanate from other materials, including: the United States Sentencing Guidelines; A Resource Guide to the U.S. Foreign Corrupt Practices Act published in 2012 by the DOJ and the Securities and Exchange Commission; Good Practice Guidance on Internal Controls, Ethics, and Compliance adopted by the Organization for Economic Co-operation and Development (“OECD”) in 2010; and Anti-Corruption Ethics and Compliance Handbook for Business published in 2013 by OECD, the United Nations Office on Drugs and Crime and the World Bank.