In February 2017, the U.S. Department of Justice’s Fraud Section issued its evaluation of corporate compliance programmes. The evaluation provides a detailed overview of sample questions addressed by the DOJ in evaluating these programmes in the context of investigations. While the DOJ does not provide innovative insights into the appropriate structure of corporate compliance programmes, the guidance contained in the evaluation document – jointly with other available tools such as the recently published ISO 37001 – can assist multinational companies in reassessing the design of their programmes, as well as those of their JV partners and target companies in M&A transactions. Companies should therefore pay close attention to this evaluation document when creating and implementing their compliance programmes.
The general framework of the 2017 evaluation document originates from various previously-issued U.S. enforcement policies, which seek to encourage companies to establish and maintain internal compliance programmes. The discussion of compliance programmes dates back to at least 1991, when the U.S. Organization Sentencing Guidelines were adopted by the Sentencing Commission. According to those sentencing guidelines, in determining criminal sentences, U.S. judges should take into account a company’s compliance programme as a mitigating factor. The sentencing guidelines include a high-level description of the major components of compliance programmes. These guidelines were later followed by the United States Attorney’s Manual (USAM), which instructed prosecutors to consider compliance programmes when deciding whether to investigate, charge or otherwise resolve fraud cases involving companies. In its evaluation, the USAM specifically emphasised the vital importance of the programme’s effectiveness. Further guidance followed in various DOJ speeches and publications, such as the highly-publicised Resource Guide to the U.S. Foreign Corrupt Practices Act.
The 2017 evaluation document addresses eleven dimensions of corporate compliance programmes; for each of these eleven areas, the document specifies questions typically considered by the DOJ when evaluating the existence and effectiveness of corporate compliance programmes in the context of criminal investigations. Similarly to previously published DOJ policies and memos, the 2017 evaluation document recognises that companies differ from one another, and so do their compliance programmes. Hence, the document clarifies that the set of questions referred to may require some adjustments in evaluating concrete compliance policies.
The Guidance focuses on the following eleven topics:
Compliance programmes provide companies with various benefits. First and foremost, they may reduce unlawful conduct and could help avoid reputational and financial damage. A well-designed compliance system can also be beneficial in cultivating the right culture of compliance, and promoting ethical conduct by their employees. In addition, meeting regulatory and enforcement authorities’ expectations with respect to the design and implementation of compliance programmes can prove highly useful for companies in mitigating their liability and reputation exposure.
In an effort to encourage companies to implement effective compliance programmes, regulatory and enforcement authorities consider corporate compliance programmes when determining enforcement actions; a rigorous and up-to-date compliance programme may lead enforcement authorities to abandon enforcement actions against the company altogether (see, for instance, Morgan Stanley). Similarly, such programmes may be taken into consideration when prosecutors decide whether to enter into an NPA or DPA, and when determining the terms and conditions of a settlement, including when deciding whether to require the appointment of a corporate monitor as part of the settlement.
On various occasions, the DOJ has clarified that to be seriously considered as a factor in the determination of enforcement actions, corporate compliance policies must be effective; that is, they must be well-designed and genuinely implemented in order to properly address the unique corporate risk profile. The DOJ’s 2017 evaluation document provides yet another reminder of the multifaceted dimensions of compliance programmes. Together with existing tools, such as the ISO 37001, the evaluation document not only provides companies with a benchmark for the evaluation of their compliance programmes, but also emphasises the importance of keeping relevant compliance records and making a company’s efforts to ensure compliance demonstrable to enforcement authorities in case of investigation (for more information on ISO 37001, see also In context November 2016).
16 November 2020
12 November 2020
23 October 2020
15 October 2020
15 October 2020
14 October 2020
14 October 2020
12 October 2020
17 September 2020
16 July 2020