In May, Acting Assistant Attorney General and Head of the Criminal Division in the Department of Justice (DOJ) Matthew R. Galeotti announced areas of focus and a new approach to self-disclosure: no longer would there be a presumption of declination if companies voluntarily disclosed misconduct. Going forward, companies will receive declination if they self-disclose, fully cooperate with the DOJ, and remediate promptly (and do not present aggravating factors).

While Independent Directors, Executive Leaders, General Counsels, and Chief Compliance Officers may breathe a sigh of relief, this new approach is by no means a relaxation of white collar crime enforcement. The DOJ’s expectations of compliance remain the same, and meeting the declination requirements is essential to avoid penalties.

The DOJ is offering leniency to companies that are first through the door, but this is a calculated risk for companies. This leniency is dependent on the thoroughness of an investigation into misconduct and the effectiveness of its compliance function. The former is easier than the latter. In addition, the DOJ remains committed to its whistleblowing incentive programs.

Self-disclosure opens a dialogue with the DOJ, not a monologue. Questions will be asked, and follow-up is likely. Senior leaders and legal and compliance teams should still expect their compliance programs to be heavily scrutinized, despite self-reporting. Despite the high turnover at the DOJ and its lean team of prosecutors, it’s foolish to think that anyone will forget or ignore previously set forth expectations of a data-driven compliance program. They know and understand the Evaluation of Corporate Compliance Programs, a prosecutor’s guide when evaluating a company’s compliance program during an investigation. 

Therefore, companies must be in a position where they have a strong compliance operation, regardless of whether they self-disclose or the DOJ comes knocking. Priority attention should be given to building an effective compliance program that prevents, detects, and investigates alleged misconduct effectively. A strong compliance function is more than a legal safeguard — it’s a business enabler and strategic differentiator.

Posting a policy to a portal is good, but not necessarily effective. An effective compliance program is notifying employees of policy changes, tracking access to the repository, and capturing queries to ensure clarity when delivering training. Additionally, training that touches on all the critical content is good, but not always effective. Effective training programs test comprehension, share knowledge, check results with leaders, capture trainee feedback, and integrate lessons learned from prior investigations. The common thread here is engaging with employees and capturing the data to substantiate effectiveness. 

Companies must assess the success of these initiatives by analyzing their employees’ perceptions. For example, is the low number of calls to the hotline indicative of less misconduct, or does it indicate that people fear retaliation when reporting? Equally, does a high number of calls demonstrate a healthy compliance culture or a toxic workplace? 

A compliance culture survey is one way of gathering this data. From these results, Compliance analyzes the impact of measures they’ve introduced and takes appropriate actions to ensure employees understand expectations, know where to seek advice, and feel comfortable reporting a concern. The surveys are used periodically to assess whether these continuous improvement efforts are improving the compliance culture.

Just a few questions sent out to employees will offer valuable insights, whether embedded into an extensive workplace survey or a simple, short “pulse” questionnaire. These should be voluntary and anonymous. Using a third-party provider helps build trust with employees as they won’t be reprimanded for giving honest answers. As a baseline, the questions should help the organization understand employee perceptions of:

• Leadership tone and commitment
• Comfort level to speak up
• Trust in the investigation process
• Clarity of expectations and training effectiveness
• Peer and managerial influence on ethical behavior 

It is also important to share the survey results with managers and employees, validate the culture survey data by comparing it to other data points (if available), and design the annual compliance plan to address any points uncovered through the culture survey.

The new approach by the DOJ demands a high-functioning compliance program that is focused on effectiveness. Companies must consider whether their culture, awareness, and internal controls to prevent, detect, investigate, and respond to misconduct are operating effectively. Chief Compliance Officers should check that their compliance program is operating effectively in practice, not just in theory, by:

• Developing a list of measures, activities, or program attributes that substantiate the effectiveness of the compliance program.
• Demonstrating how Compliance applies data, lessons learned, and root causes to tighten policies and controls, enhance training, share insights with managers, and drive early detection of possible misconduct.
• Utilizing surveys and other tools to capture the company’s commitment to operating ethically and consistently with its core values.