In February 2017, the Fraud Section of the Department of Justice’s Criminal Division published guidance on how it assesses corporate compliance programs. This is the first formal guidance issued by the Fraud Section under the Trump Administration. It also underscores the influence of the DOJ’s compliance expert, Hui Chen, who was hired by the Fraud Section in November 2015 after serving as the global head for anti-bribery and corruption at Standard Chartered Bank.
Entitled “Evaluation of Corporate Compliance Programs,” the guidance provides a window into how federal prosecutors measure a company’s compliance operations in cases of corporate misconduct. The guidance provides a structure for shaping and strengthening corporate compliance policies and an outline for communicating with the DOJ’s Fraud Section.
Corporate Compliance Programs and the Filip Factors
In 2008, the DOJ provided its “Principles of Federal Prosecution of Business Organizations,” which outlined the so-called Filip Factors, named for then Deputy Attorney General Mark Filip. These factors guide how federal prosecutors should scrutinize compliance programs when assessing corporate wrongdoing. The Filip Factors consider such matters as “the existence and effectiveness of the corporation’s pre-existing compliance program” and the corporation’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.” The DOJ’s new guidance expands on the Filip Factors by providing a list of inquiries that prosecutors may raise or weigh when examining corporate misdeeds.
Covered Topics & Questions in DOJ’s Guidance
The guidance is divided into 11 sections.[1] These broad topics outline the DOJ’s corporate compliance expectations. For example, the guidance analyzes (1) the design of compliance policies and procedures; (2) whether employees are equipped to recognize and react to corporate misconduct; (3) the status of the company’s compliance program; (4) the compliance officers’ access to upper-level management; (5) whether the company takes appropriate disciplinary actions in the event of misconduct; and (6) the availability of corporate resources for compliance.
Each of the sections includes a series of questions designed to evaluate compliance programs. The questions are couched in terms of how a compliance program manages existing misconduct. For instance, the questions address management’s response to corporate malfeasance and the attitude for compliance generally within the company:
- How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question?
- What specific actions have senior leaders … taken to demonstrate their commitment to compliance, including their remediation efforts?
- Who has been responsible for integrating policies and procedures [for the compliance program]? With whom have they consulted (e.g., officers, business segments)?
- What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions?
Other questions gauge the disciplinary measures taken in response to corporate misconduct:
- What disciplinary actions did the company take in response to the misconduct and when did they occur?
- Has the company ever terminated or otherwise disciplined anyone … for the type of misconduct at issue?
- Were managers held accountable for misconduct that occurred under their supervision?
- Have the disciplinary actions and incentives been fairly and consistently applied across the organization?
The new guidance stresses that companies must do more than react to potential transgressions. Rather, the DOJ expects companies to broadly investigate and fix any identified issues with a stout compliance program. In deciding whether to proceed, prosecutors will carefully evaluate the methodology the company uses to identify and respond to the compliance risks it faces.
The DOJ does not consider the topics and questions identified in the guidance as a “checklist” or “formula” when judging corporate culpability or the effectiveness of a compliance program. Rather, for any particular case “the topics and questions … may not all be relevant, and others may be more salient given the particular facts at issue.”
Conclusion
For those who work in the compliance field, the “Evaluation of Corporate Compliance Programs” is an important read. It provides companies with a detailed list of topics and questions to review in their efforts to improve compliance programs. The guidance further confirms that companies must exhibit meaningful compliance programs that are followed and enforced to limit corporate exposure. While the guidance was issued specifically by the Fraud Section of the DOJ’s Criminal Division, and thus not binding on any other DOJ component, the topics addressed are a helpful roadmap for companies looking to bring their business practices into compliance with the expectations of the DOJ. Companies would be well-served in using the guidance as an opportunity to reevaluate their compliance programs and ensuring that they are effective in detecting, preventing and responding to potential misconduct.
[1] (1) Analysis and Remediation Underlying Misconduct; (2) Senior and Middle Management; (3) Autonomy and Resources; (4) Policies and Procedures; (5) Risk Assessment; (6) Training and Communications; (7) Confidential Reporting and Investigation; (8) Incentives and Disciplinary Measures; (9) Continuous Improvement, Periodic Testing and Review; (10) Third Party Management; and (11) Mergers and Acquisitions.
This advisory is published by Alston & Bird LLP’s Government & Internal Investigations practice area to provide a summary of significant developments to our clients and friends. It is intended to be informational and does not constitute legal advice regarding any specific situation. This material may also be considered attorney advertising under court rules of certain jurisdictions.