The U.S. Department of Justice recently updated its extensive guidance to federal prosecutors across the country regarding how to evaluate corporate compliance programs. This document is a must-read for company leadership, including general counsel and chief compliance officers. It identifies the factors and analysis federal prosecutors will use to determine whether a company under investigation deserves to avoid criminal prosecution. It is important to note that prosecution may involve personal liability for company senior leadership.
Assistant Attorney General Brian Benczkowski explained that recent feedback from the business and compliance communities prompted a few important revisions to earlier guidance. Although DOJ did not revise prior guidance regarding whether a compliance program is well-designed and whether it works in practice, it did make changes regarding how prosecutors will assess whether a compliance program was effectively implemented.
First, individualized assessments of each company will include consideration of a company’s size, industry, geographic footprint, regulatory landscape and other factors, both internal and external to the company’s operations, that might impact its compliance program. And the assessments will have a dual time-frame focus: considering the company as it existed at the time of the offense under investigation, and at the time of the charging decision and resolution. Prosecutors will consider why the company chose to set up the compliance program the way it did, and how and why the program evolved over time.
Second, to ensure that compliance programs are effectively implemented, prosecutors will examine whether the risk-based focus of the program depends upon reviews of operations that are static (i.e., a snapshot at the time of process review) or dynamic (i.e., based on continuous access to operational data and information across functions). To the extent the company has encountered compliance issues and addressed them, prosecutors will look to see how the company incorporated the lessons learned from those experiences into an evolving program. Even if the company has not encountered such issues itself, prosecutors will examine what the company has done to identify the experiences of other companies operating in the same industry or region. Such external awareness is now expected.
Third, prosecutors will evaluate whether the company uses technology to support compliance training needs and efforts. Effectively implemented compliance programs need to ensure that company policies and procedures are published in searchable formats, so they are easily accessible to company employees. And, companies should endeavor to track employees’ efforts to access these policies so they can improve training and guidance on topics of most concern to employees. Companies should relay information in a manner tailored to each employee group’s size, sophistication or subject matter expertise.
Many companies provide training in online formats. Prosecutors will determine whether there is a process by which employees can ask questions arising from online training. How does the company track whether the training has an impact on behavior or operations?
Fourth, use of technology has also become an expectation for prosecutors in evaluating reporting mechanisms. How does the company measure whether employees are aware of a hotline or other means of reporting concerns? Does the company test the effectiveness of hotline calls, such as by tracking a report from its inception to its completion? Does it analyze the frequency of similar reports or the cumulative results of such calls over time?
Fifth, for companies that engage with third parties such as consultants, prosecutors will examine whether company employees understand the business rationale for including the third party in a transaction, and the risks associated with engaging those third parties. What demonstrates that this understanding is present? This factor will have particular relevance in situations involving third-party interaction with foreign officials.
Sixth, with regard to mergers and acquisitions (M&A,) the guidance affirms two features as elements of a well-designed compliance program: (1) comprehensive due diligence of a target, and (2) a process for timely and organized remediation of deficiencies and integration of the new entity into the company’s compliance program, post-M&A. The DOJ provides additional guidance on these elements, especially related to the second one. Was the company able to complete pre-acquisition due diligence and, if not, why not? What is the company’s process for implementing compliance policies and procedures, and conducting post-acquisition audits, at newly acquired entities?
Seventh, prosecutors have long been interested in assessing the resources allocated to support the compliance program. The recent guidance makes explicit that they will examine how the company invests in the training and development of the compliance and other control personnel. Prosecutors will expect compliance personnel to have access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls and transactions. They also should not face impediments limiting access to relevant data sources, but if they do, the company should be taking measurable steps to address those impediments.
DOJ leaders recognize that most companies want to be compliant with all applicable laws, regulations and rules. Those same leaders explained that this guidance is designed to encourage companies to effectively implement ever-improving compliance programs. To do so, they will need to use technology to enhance the provision, tracking and testing of compliance program components.
McGuireWoods is available to assist your company in interpreting and implementing this important guidance, including legal counsel in our regulatory compliance, internal investigations, government contracting, corporations and M&A, and white-collar defense practice areas.
McGuireWoods’ defense, national security and government contracting industry team provides industry-leading services to clients operating throughout the defense, government services, aerospace and technology industries, both inside and outside the Beltway. With strong defense and national security credentials, including multiple attorneys holding government clearances, we are uniquely positioned to guide clients through the complex issues that arise in the highly regulated and fast-changing defense, government and aerospace sectors.
McGuireWoods’ Government Investigations & White Collar Litigation Department is a nationally recognized team of nearly 60 attorneys representing Fortune 100 and other companies and individuals in the full range of civil and criminal investigations and enforcement matters. Our team is comprised of a deep bench of former senior U.S. officials, including a former Deputy Attorney General of the United States, former U.S. Attorneys, more than a dozen federal prosecutors, and an Associate Counsel to the President of the United States. Strategically centered in Washington, D.C., our Government Investigations & White Collar Litigation Department has been honored as a Law360 Practice Group of the Year and has earned the trust of international companies and individuals through our representation in some of the most notable enforcement matters over the past decade.