On February 8, 2017, the Fraud Section of the Department of Justice (DOJ) quietly published pointed and specific guidance on how it assesses – and intends to assess – compliance programs in a report titled “Evaluation of Corporate Compliance Programs” (“the Report”).1 Much of the substantive guidance in the Report draws from pre-existing DOJ materials and is consistent with other well-known compliance guidance. The Report provides insight into the questions corporate counsel should expect from DOJ prosecutors during a criminal investigation and it highlights common indicators of a strong corporate culture of compliance.
Since at least 1999, when the “Holder Memo” addressed principles of prosecution of business organizations, companies have looked to a variety of DOJ publications for clues on how compliance programs were evaluated and weighed in the context of corporate criminal investigations. The Report is an explicit continuation of DOJ materials that previously addressed compliance programs, including the United States Federal Sentencing Guidelines,2 the United States Attorney’s Manual3 and A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the FCPA Guide”).4 Earlier materials, such as the Federal Sentencing Guidelines and U.S. Attorney’s Manual, have helped defense lawyers frame corporate cooperation with criminal investigations, but proved less effective guides to DOJ compliance program evaluations (as has been made clear many times over, an effective compliance program is not a complete defense for a corporation). Although the 2008 “Filip Factors” listed in the U.S. Attorney’s Manual instruct prosecutors to consider the effectiveness of a compliance program when conducting an investigation or negotiating a resolution, they lack the detail necessary to evaluate complex international compliance programs that rely on layers of internal corporate review and data analysis. More recent guidance, such as the FCPA Guide, provides insight into how the effectiveness of companies’ compliance programs would be assessed by the DOJ in the event of an investigation. That is, valuable after-the-fact measures that provide only a baseline for creating compliance policies and turning them into an effective compliance program.
The Report gives a further window into what DOJ prosecutors are looking for and in particular, what the DOJ internal compliance counsel is looking for, when analyzing a company’s compliance operation. Though its approach is consistent with prior DOJ guidance, the new release could mark a subtle departure from the DOJ’s allowance that compliance programs are individually evaluated in light of a company’s specific needs and risk profile. Instead, the Report is a roadmap of questions that companies and their counsel should expect and be able to answer – and, importantly, they should be able to explain why inapplicable questions are not relevant to a company’s specific needs or risk profile. Two pronounced themes that are present throughout the Report are accountability from individuals and an expected corporate culture of compliance.
The Report reflects the DOJ’s continued interest in individual responsibility, as recently articulated in the 2015 Yates Memo, which prioritized individual accountability in corporate investigations.5 The Report further evidences the DOJ’s interest in pursuing individuals in cases of corporate wrongdoing. The Report identifies 11 broad topic areas,6 along with numerous subtopics and questions that prosecutors may ask when evaluating a compliance program. Several of these topics, subtopics and specific questions focus on individual responsibility; some examples:
The 11 broad topic areas in the Report also set forth a detailed framework of the DOJ’s corporate culture expectations. For example, the Report includes questions regarding:
While none of these questions is novel, it is undeniably essential that a responsible company official be able to provide satisfactory answers to them in the face of enforcement scrutiny.
Even though the Report contains guidance previously addressed through existing DOJ materials, it provides a sharper lens into how the DOJ evaluates the effectiveness of corporate compliance programs. Only time will tell the extent to which the DOJ treats the Report as a checklist (which it explicitly denies it does or will) when it subjects a compliance program to close scrutiny and even then, whether the DOJ’s approach will be publicly discernable in resolved cases.
1 The report is available here.
6 These topics include: Analysis and Remediation of Underlying Conduct, Senior and Middle Management, Autonomy and Resources, Policies and Procedures, Risk Assessment, Training and Communications, Confidential Reporting and Investigation, Incentives and Disciplinary Measures, Continuous Improvement, Periodic Testing and Review, Third Party Management and Mergers & Acquisitions.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Phil Bezanson is a partner at Bracewell LLP in Seattle, where he represents corporate clients, senior management and boards of directors, as well as individual clients in internal investigations, securities enforcement, criminal defense and regulatory matters. Phil is a member of the Bracewell LLP team that has worked on recent high-profile and complex cases, including the Deepwater Horizon explosion; the George Washington Bridge lane closure; General Motors’ ignition switch investigations; “Pay to Play” cases in New York, New Mexico and Illinois; the stock options backdating cases; and a variety of matters involving the Foreign Corrupt Practices Act, accounting and public disclosure practices at publicly traded companies and trading desks at financial institutions.