We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
13 May 2019
New guidance issued by the US Department of Justice (DOJ) is the latest confirmation of the importance of implementing a robust compliance programme that is not simply well designed, but which is also adaptable and functions effectively. Issued on 30 April 2019, and titled "Evaluation of Corporate Compliance Programmes", the DOJ's latest guidance for its Criminal Division builds on prior guidance that encouraged prosecutors to assess the adequacy of corporate compliance programmes with respect to charging, sentencing, and plea and settlement decisions. The new guidance reiterates three fundamental questions that a prosecutor should ask:
As this latest guidance makes clear, companies have a strong incentive to maintain an effective compliance programme. Most importantly, these programmes must:
This requires sufficient resources and attention, updating, and periodic auditing and testing to ensure that each company's programme is evolving to account for changing business conditions and risks.
The DOJ guidance provides a list of subsidiary topics and questions that will drive prosecutors' evaluation of the adequacy, implementation and functioning of a compliance programme:
Largely structured as a series of questions, the DOJ guidance does not provide a complete roadmap to designing and implementing a compliance programme. Nevertheless, the DOJ and other regulators achieve several objectives through the promulgation of such documents, including by providing genuine insight (which has been long sought by industry) into the particular criteria by which their compliance efforts will be judged.
Good intentions are not enough for a compliance programme to act as a shield in the event of a subsequent government investigation. The DOJ's latest guidance reflects the realities that compliance programmes must be appropriately tailored to address particular foreseeable risks and that "[e]ven a well-designed compliance program may be unsuccessful in practice if implementation is lax or ineffective". Although the guidance's sample topics and questions "form neither a checklist nor a formula" for prosecutorial decision making, they emphasise consistent themes of meaningful programme implementation and operational testing designed to probe whether a company has created an effective rather than merely a 'paper programme'. In light of this guidance, companies will do well to commit the necessary focus and resources toward the ongoing oversight and auditing of compliance programmes, including well after particular policies and procedures have been promulgated.
As the DOJ guidance makes clear, companies should test their compliance programmes to ensure that the processes in place function as designed and lead to the identification and remediation of compliance issues. In practice, this means that companies should take stock of their compliance programmes at regular intervals and in real time following incidents or credible allegations of misconduct. One meaningful way to test a compliance programme is to systemically ask the questions set out in the DOJ guidance with regard to a company's existing compliance programme. The answers may go a long way towards identifying areas in which the functioning of a compliance programme can be improved – particularly those gaps that the DOJ would focus on should the company later find itself facing an investigation.
In addition, a company must devote attention to the company's communications about compliance, from top management and throughout the organisation, and to the structure of the compliance department and allocation of resources critical to its functioning. Companies that designate minimal resources to internal and external support for compliance will signal to the government that they are not focused on maintaining an effective programme.
Importantly, a company seeking to implement enhancements should proceed with an eye towards being able to later articulate and affirmatively demonstrate – including to the DOJ – how the changes align with applicable guidance and promote a compliance programme's efficacy. That reality is particularly acute for companies in the early stages of internal or government investigations, when – despite the need to focus on core investigative issues – the remedial action and compliance programme improvements occurring in parallel have the potential to strongly impact the terms of a resolution.
As a company assesses its compliance programme in light of this general DOJ guidance, it should also bear in mind other sources of guidance – typically more targeted in scope, but at times more specific with respect to the criteria – promulgated by the DOJ and other regulators, including:
On 2 May 2019 the US Department of Treasury's Office of Foreign Assets Control (OFAC) released "A Framework for OFAC Compliance Commitments", which is "intended to provide organizations with a framework for the five essential components of a risk-based [sanctions compliance programme]" and which further identifies several "root causes" that have led to apparent sanctions violations. As indicated by the government's recent focus on compliance programming, multinational companies must confront and manage the various compliance risks they face, and it is important to ensure that such targeted compliance guidance are factored into the assessment and implementation of a compliance programme.
In sum, this guidance and other recent announcements underscore the government's emphasis on updated, evolving and fully functional compliance programmes, with a level of sophistication and scope to match a company's individualised business and risks. As the DOJ guidance and others have illustrated, regulators' expectations for corporate compliance programmes have never been higher. However, to a greater extent than in the past, companies have a clearer blueprint to follow when developing and carrying out the sort of enhancements that regulators will increasingly expect. Ultimately, an approach that prioritises ongoing evaluation and refinement of a compliance programme will not only help a company to identify and address issues in the first instance, but also serve a company well should the day come when a compliance issue draws the attention of government enforcement agencies.
For further information on this topic please contact Gejaa Gobena or Lillian S Hardy at Hogan Lovells US LLP's Washington DC office by telephone (+1 202 637 5600) or email (email@example.com or firstname.lastname@example.org). Alternatively, contact Matthew C Sullivan at Hogan Lovells US LLP's Philadelphia office by telephone (+1 267 675 4600) or email (email@example.com). The Hogan Lovells US LLP website can be accessed at www.hoganlovells.com.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.