News & Announcements
Guidelines for Effective Compliance Programs
A criminal investigation could never happen to your company, right? Even so, the guidance recently released by the Department of Justice (“DOJ”) can be helpful to any company to ensure an effective compliance program.
Although the DOJ’s guidance is intended for DOJ prosecutors to use in assessing the effectiveness of a company’s compliance program during a criminal investigation, any company can use the guidelines to preventatively assess their programs. The guidance recognizes that there is no rigid formula and each company requires particularized evaluation, but there are three fundamental questions to consider in assessing a corporate compliance program.
Question 1: Is the corporation’s compliance program well designed?
The following considerations are assessed in determining whether the program is well designed.
- Risk Assessment: Is the program designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business?
- Policies and Procedures: Does the company have policies and procedures that reflect and deal with the spectrum of risks it faces?
- Training and Communications: Is the program being disseminated to, and understood by, employees in practice?
- Confidential Reporting Structure and Investigation Process: Is there an efficient mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct?
- Third Party Management: Does the company have an effective due diligence practice to assess and oversee its third-party partners?
- Mergers and Acquisitions: Does the company have an effective due diligence practice to assess any acquisition targets?
Question 2: Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
The following considerations are assessed to determine whether a compliance program is only a “paper program” or it is being implemented effectively.
- Commitment by Senior and Middle Management: What actions have the company’s leaders taken to demonstrate commitment to a culture of ethics and compliance?
- Autonomy and Resources: Are those charged with the compliance program’s day-to-day oversight acting with adequate authority and stature?
- Incentives and Disciplinary Measure: Does the company have clear disciplinary procedures that are consistently enforced, including incentives for compliance and disincentives for non-compliance?
Question 3: Does the corporation’s compliance program work in practice?
This question looks at whether the program functions effectively in practice.
- Continuous Improvement, Periodic Testing, and Review: Has the company engaged in meaningful efforts to review its compliance program and ensure that it can improve and evolve?
- Investigation of Misconduct: Is there a well-functioning and appropriately funded mechanism for timely and thorough investigations of allegations or suspicions of misconduct?
- Analysis and Remediation of Any Underlying Misconduct: Is the company able to conduct a root cause analysis of misconduct and timely and appropriately remediate to address the root causes?