As part of the Department of Justice’s Compliance Initiative, the DOJ Fraud Section recently published “Evaluation of Corporate Compliance Programs,” offering further detail about how DOJ will analyze compliance programs in the context of business investigations. In the memo, the Fraud Section sets forth the framework for the inquiry it will make whenever there is an investigation into allegations of corporate misconduct. This framework includes over six pages of “Sample Topics and Questions” covering eleven different compliance-related areas:
-
analysis and remediation of underlying misconduct
-
senior and middle management
-
autonomy and resources
-
policies and procedures
-
risk assessment
-
training and communication
-
confidential reporting and investigation
-
incentives and disciplinary measures
-
continuous improvement, periodic testing, and review
-
third party management
-
mergers and acquisitions
These areas of emphasis focus on separating the “real” compliance programs from those that exist merely on paper (or only in someone’s mind). The new DOJ guidance recognizes that a “one size fits all” approach is unworkable in this context; the inquiry into these areas will be customized based on factors such as the facts at issue, the particular industry, and the type and size of company. The publication of this framework after earlier comments made by DOJ Compliance Counsel Expert Hui Chen foreshadows what is likely to be an increasingly data-driven “analytics”-style approach to the evaluation of corporate compliance programs. The new guidance not only gives compliance officials information about what the evaluation process of a compliance program will look like and what the likely areas of inquiry will be, but also provides a road map for a company to set up a robust compliance program – one that could more quickly uncover any “root causes” of misconduct and/or more effectively address any allegations of misconduct during an investigation.