On June 1 the criminal division of the U.S. DOJ revised its guidance to DOJ attorneys on how to evaluate corporate compliance programs. DOJ considers the “adequacy and effectiveness” of a company’s compliance program in deciding whether to charge a company with a crime and what penalties the government may seek, and this guidance provides them direction on how to do it. This guidance is a useful companion to the U.S. Sentencing Commission’s guidelines on what constitutes an effective ethics and compliance program aimed at preventing and detecting misconduct. The publication of these revised guidelines is a good reminder of the importance of effective compliance and environmental risk management programs not only to criminal prosecutors, but also civil enforcement authorities and a broad range of non-governmental stakeholders.
The adequacy of compliance programs is frequently relevant in civil enforcement actions brought by federal agencies such as U.S. EPA and state environmental enforcers. More broadly, environmental compliance and management programs, such as those based on ISO 14001, are generally recognized as foundations for effective environmental risk management and environmental and social governance (ESG) or corporate social responsibility (CSR) strategies. So, the application of DOJ’s revised guidance may not be limited to criminal enforcement, and it would be prudent for organizations implementing sustainability, CSR or ESG strategies to take it into account as well.
Effective environmental compliance and risk management programs bring their own reward as well. They can help organizations do the right thing, prepare for the unforeseen, prevent errors, and mitigate adverse effects when issues do occur. Applying well-established business practices to manage environmental issues can help organizations internalize and integrate sustainability and ESG into everyday conduct. This can support concrete and meaningful strategies that may decrease the risk of charges of “green washing” or “social washing” (i.e., is the organization “walking the talk”?).
DOJ’s revised guidance reflects DOJ’s growing experience with compliance programs as well as input from the business community. DOJ poses three basic questions:
-
Is the corporation’s compliance program well designed?
-
Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
-
Does the corporation’s compliance program work in practice?
The balance of the 20-page document unpacks each of those questions. For example, program design elements include risk assessment, policies and procedures, and training and communications (including “hotlines”). DOJ points out that the scope of an effective program should extend to third parties (e.g., entities in the value chain, contractors) and be part of merger, acquisition and divestiture activities.
The latter two questions posed by DOJ get to the fundamental question: can the organization demonstrate that they take the program seriously and that it works. These are questions of equal importance to other stakeholders, including employees, neighbors, customers and investors. In these portions of the guidance, DOJ addresses issues ranging from demonstrated management commitment to effective auditing, root cause analysis and corrective action procedures.
Throughout the guidance, DOJ suggests a dynamic and operational approach to compliance programs based on constant management participation, the regular and transparent flow and evaluation of data, continual improvement and flexibility to address new situations and facts, and relentless checking and verification of performance. A key “take away” is that an effective compliance program shouldn’t be sitting on a shelf (or the cloud) collecting dust but should be demonstrably implemented on a daily basis at all levels of the organization and, as appropriate, its value chain.
While this note has focused on the relevance of DOJ’s guidelines to environmental matters, they apply to programs aimed at compliance with laws of any sort, from anti-trust to the FCPA. The guidelines are written in a manner that allows organizations to design programs covering multiple laws but sharing common elements.
Organizations looking to implement or enhance their environmental compliance and management systems, or their sustainability, ESG or ESG strategies, would be well-served to take a close look at the revised DOJ guidance.