On April 30, 2019, Assistant Attorney General Brian A. Benczkowski announced the release of an updated version of the Criminal Division's "The Evaluation of Corporate Compliance Programs" during a keynote address at the Ethics and Compliance Initiative 2019 Annual Impact Conference. This publication, which provides guidance to the Department of Justice's (DOJ's) white-collar prosecutors on their evaluation of corporate compliance programs, is an update to an earlier memorandum issued by the Fraud Section in 2017 and, according to the DOJ, is intended to align the guidance with other DOJ guidance and standards on point.
The guidance is meant to assist prosecutors who are investigating a company for violations of law in their evaluation of a company's compliance program. The guidance is organized around three main questions that prosecutors are to ask in their evaluation of a company's compliance program: 1) "Is the corporation's compliance program well designed?"; 2) "Is the program being applied earnestly and in good faith?"; and 3) "Does the corporation's compliance program actually work?" The answers to these questions ought to inform the DOJ's decision on whether to prosecute, on any monetary penalties to recommend, and on what compliance obligations could be included in any corporate criminal resolution.
In answering the first question ("Is the corporation's compliance program well designed?"), prosecutors are directed to conduct an evaluation of the company's business and how the company identified, assessed, and defined its risk profile, as well as how the company's program devotes resources based on that risk profile. Examination of the first question also includes an evaluation of the company's policies and procedures, training, reporting and investigations process, and third party due diligence. The final element of the evaluation is focused on the company's approach to due diligence in the context of a merger or acquisition, covering not only the pre-closing diligence of a target, but also post-closing integration efforts (e.g., integration into the company's compliance program, identification and remediation of misconduct identified during the pre- or post-closing integration of the target.)
In answering the second question ("Is the program being applied earnestly and in good faith?"), the guidance directs focus on the "tone from the top"—in other words, the inquiry focuses on whether the company's leaders are sending the right message, one emphasizing the management's commitment towards openness, honesty, integrity, and ethical behavior. A significant addition to the guidance since the 2017 memorandum is the statement that "compliance personnel must be empowered within the company." That is, a compliance program may not be considered effective without the appropriate devotion of resources, authority, and autonomy to conduct day-to-day oversight, audits, and investigations.
The final question ("Does the corporation's compliance program actually work?") directs prosecutors to evaluate whether a compliance program was effective at the time of the misconduct. The guidance provides that prosecutors should look at whether the program was subject to continuous improvement, periodic testing and review, how the company's investigation mechanism functions, and when misconduct is identified, whether a root cause analysis is undertaken, and the effectiveness of any remediation.
In his April 30 comments, Assistant Attorney General Benckowski stated "the [guidance is] neither a checklist nor a formula" and emphasized that DOJ, "recognize[s] that each company's risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make an individualized determination in each case." In closing his remarks, he added, "At the end of the day, the interests of the [D]epartment and private industry to root out corporate crime are very much aligned, and I hope and know that our collective efforts are having a positive, lasting impact on corporate behavior."
In light of the new guidance, companies would be well-served to benchmark their current compliance program against the DOJ memorandum. In particular, companies that have been or may become internationally acquisitive should take the opportunity to evaluate the extent to which their current approach to pre-acquisition diligence and post-acquisition integration are sufficiently robust to withstand DOJ scrutiny in the event misconduct were to be identified post-closing.
For more information about this DOJ publication, please email FCPA@wsgr.com, or contact any Wilson Sonsini member of the regulatory and compliance practice.