Your Subscription

We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.





Login
Twitter LinkedIn




Login
  • Home
  • About
  • Updates
  • Awards
  • Contact
  • Directory
  • OnDemand
  • Partners
  • Testimonials
Forward Share Print
Hogan Lovells

DOJ updates roadmap to effective compliance programmes

Newsletters

06 July 2020

White Collar Crime USA

Introduction
Reframing a fundamental question
Individualised determinations
New questions, clearer direction
Comment


Introduction

On 1 June 2020 the US Department of Justice (DOJ), Criminal Division, updated its guidance on the Evaluation of Corporate Compliance Programmes, providing increased clarity on some of the key questions that prosecutors ask in assessing the adequacy of corporate compliance programmes when making charging, sentencing and plea and settlement decisions.

These updates fall into three main categories. First, the DOJ made a subtle yet significant clarification to its three fundamental questions. Second, it provided more detail on the way in which it makes individualised determinations in assessing compliance programmes. Third, throughout its guidance, the DOJ included more specific questions that it will ask about the nuances of a company's programming, which provide greater insight into the DOJ's expectations. Companies can look to these revisions for guidance to:

  • proactively create or enhance their compliance programmes; and
  • effectively advocate before the DOJ in the context of a criminal investigation.

Reframing a fundamental question

In 2019 the DOJ organised its guidance around the three fundamental questions that a prosecutor should ask in evaluating corporate compliance programmes, as initially outlined in the Justice Manual:

  • Is the corporation's compliance programme well designed?
  • Is the programme being applied earnestly and in good faith? In other words, is the programme being implemented effectively?
  • Does the corporation's compliance programme work in practice?

This second question – really, two questions – was arguably awkwardly framed. After all, earnest and good faith efforts do not guarantee effective implementation. As of June 2020, the DOJ has resolved this disconnect by now asking whether a corporation's compliance programme is adequately resourced and empowered to function effectively.

To test the sufficiency of this aspect of a programme, the DOJ poses questions regarding investment in the training of compliance and other control personnel, and whether those personnel have sufficient access to relevant data sources to allow for meaningful oversight. The emphasis on resources is notable, particularly at a time when economic conditions may place downward pressure on compliance budgets. The DOJ also emphasises that a company should foster a culture of ethics and compliance with the law at all levels of the company – including in the middle as well as at the top – conveying the importance of compliance leadership among those managers with more direct oversight of routine business operations.

Individualised determinations

Since its original guidance in 2017, the DOJ has eschewed a specific formula or one-size-fits-all checklist to evaluate corporate compliance programmes. The June 2020 updates are consistent with this approach, acknowledging the need for individualised assessment. Under the revised guidance, the DOJ expressly:

considers various factors including, but not limited to, the company's size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company's operations, that might impact its compliance program.

While these revisions may not affect how a company builds its compliance programme, they may be useful touchpoints for effective advocacy during an investigation.

New questions, clearer direction

In posing a plethora of new questions, the DOJ offers additional building blocks to corporations seeking to refine their compliance programmes. Many of these questions are directed at emphasising the importance of data analytics and continuous evolution in the design and implementation of compliance programmes. Among the new questions are the following, grouped by subject matter:

  • Risk assessments:
    • Is the period review limited to a snapshot in time or based on continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures and controls?
    • In addition, does the company have a process for tracking and incorporating into its period risk assessment lessons learned from the company's own prior issues or from those of other companies which operate in the same industry or geographical region?
  • Data and resources:
    • Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and testing of policies, controls and transactions? Do any impediments limit access to relevant sources of data and, if so, what is the company doing to address these?
  • Policies and training:
    • Have the company's policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to gain an understanding of which policies are attracting more attention from relevant employees?
    • Whether online or in-person, is there a process by which employees can ask questions arising out of the training?
  • Whistleblowing:
    • How is the company's anonymous reporting mechanism (to the extent that there is one) publicised to other third parties? Does the company take measures to test whether employees are aware of the hotline and feel comfortable using it? Does the company periodically test the effectiveness of the hotline (eg, by tracking a report from start to finish)?
  • Lifecycle management of third parties:
    • Does the company engage in risk management of third parties throughout the lifespan of the relationship or primarily during the onboarding process?
  • Consistency in disciplinary action:
    • Does the compliance function monitor its investigations and resulting discipline to ensure consistency?

As the DOJ acknowledges, not all questions will be relevant to all companies. Nevertheless, the updated compliance guidance reveals the DOJ's expectations for effective compliance programmes and can thus serve as a guide for companies looking to improve or create their own programmes.

Comment

These refinements are only the latest in a series of updates to the DOJ guidance and policies that have, broadly speaking, improved the clarity and transparency of the DOJ's exercise of prosecutorial discretion. For instance, in February 2017 the DOJ's Fraud Section issued its first compliance guidance document, which was then updated in April 2019 and again now. In 2018, then-Deputy Attorney General Rod Rosenstein issued a memorandum entitled "Policy on Coordination of Corporate Resolution Penalties", directing DOJ attorneys to "consider the totality of fines, penalties, and/or forfeiture imposed by all [DOJ] components as well as other law enforcement agencies and regulators in an effort to achieve an equitable result" – in other words, to help prevent undue 'piling on' by multiple enforcement authorities. Thereafter, in October 2018 Assistant Attorney General Brian A Benczkowski issued a memorandum entitled "Selection of Monitors in Criminal Division Matters", providing clarity as to the criteria to be considered when determining whether a corporate compliance monitor is warranted. In 2019 the DOJ issued a new guidance memorandum entitled "Evaluating a Business Organisation's Inability to Pay a Criminal Fine or Criminal Monetary Penalty", concerning how the DOJ's Criminal Division evaluates companies' claims that they cannot pay a proposed criminal fine or monetary penalty. Further, in 2019 the DOJ clarified certain policies governing voluntary self-disclosures in Foreign Corrupt Practices Act and export control and sanctions cases.

Beyond their clarifications, the June 2020 updates are consistent with an effort to account for the practical realities associated with investigations and enforcement actions against corporations. Just as important, they are another piece of an increasingly clear roadmap for companies looking to implement, enhance, defend or gain mitigation credit for their compliance programmes.

For further information on this topic please contact Peter S Spivack or Jennifer Brechbill at Hogan Lovells US LLP's Washington DC office by telephone (+1 202 637 5600) or email (peter.spivack@hoganlovells.com or jennifer.brechbill@hoganlovells.com). Alternatively, contact Megan Dixon at Hogan Lovells US LLP's San Francisco office by telephone (+1 415 374 2300) or email (megan.dixon@hoganlovells.com). The Hogan Lovells US LLP website can be accessed at www.hoganlovells.com.

Matthew Sullivan, counsel, assisted in the preparation of this article.

The materials contained on this website are for general information purposes only and are subject to the disclaimer.

ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.

Forward Share Print

Authors

Peter S Spivack

Peter S Spivack

Jennifer Brechbill

Jennifer Brechbill

Megan Dixon

Megan Dixon

Register now for your free newsletter

View recent newsletter

More from this firm

  • 2021 enforcement horizon: new administration's civil and criminal enforcement efforts
  • SEC ramps up enforcement activity in wake of COVID-19
  • Individual prosecutions under FCPA: more trials and more case law
  • DOJ memorandum provides clarified guidance on corporate inability-to-pay claims
  • Court expresses concern with government's outsourcing of corporate internal investigations

More articles

  • Home
  • About
  • Updates
  • Awards
  • Contact
  • My account
  • Directory
  • OnDemand
  • Partners
  • Testimonials
  • Follow on Twitter
  • Follow on LinkedIn
  • Disclaimer
  • Privacy policy
  • GDPR Compliance
  • Terms
  • Cookie policy
Online Media Partners
Inter-Pacific Bar Association (IPBA) International Bar Association (IBA) European Company Lawyers Association (ECLA) Association of Corporate Counsel (ACC) American Bar Association Section of International Law (ABA)

© 1997-2021 Law Business Research

You need to be logged in to make a comment. Log in here.
Many thanks. Your comment has been sent.

Your details



Your comment or question *