Skip to content.
Get Started Today
Contact Us Today

We respect your privacy and won’t share your information with outside parties. View our privacy statement.

Thank you for your interest in NAVEX. We’ll be in touch with you shortly. If you have any immediate questions, please give us a call on +44 (0)20 8939 1650.

DOJ Guidance on Corporate Compliance

What is the DOJ Corporate Compliance Guidance?

The Evaluation of Corporate Compliance Programmes is the U.S. Department of Justice’s guidance to federal prosecutors on how to determine the size and severity of punishment a company should face in the event of a compliance failure.

The Challenge of addressing DOJ Compliance Guidance

With the DOJ’s June 2020 update to their guidance on corporate compliance programs, regulators have further sought to provide guidance and transparency to organisations by clearly communicating their expectations of what a well-designed and properly executed compliance programme should look like.

Compliance officers can start by answering the three questions the DOJ instructs prosecutors to ask at the start of their evaluation: 1) Is the corporation’s compliance programme well designed? 2) Is the programme adequately resourced and empowered to function? 3) Does the programme work in practice?

The DOJ guidance then provides detailed questions to evaluate each response. Someone measuring a risk and compliance programme’s design, for example, should start by reviewing its risk assessment. How did the company define its risk profile? Did it tailor its programmes to detect the specific types of misconduct identified, and allocate resources accordingly? Did it periodically review and revise its assessment? By proactively addressing the questions posed in the DOJ guidance, organizations can prevent the need for prosecutors to seek answers in the wake of compliance failure.

What the DOJ’s New Guidance on Evaluating Corporate Compliance Programs Covers

Risk Assessment

How have you identified, assessed, and defined your risk profile? What is the rationale behind the programme design decisions you’ve made?

Commitment by Senior & Middle Management

Does your company create and foster a culture of ethics and compliance? How have your senior leaders and middle managers demonstrated their commitment to compliance?

Policies & Procedures

Do you have a code of conduct? Do your policies and procedures incorporate a culture of compliance into your day-to-day operations? Are your policies easy to reference and update?

Autonomy & Resources

Do compliance personnel have sufficient authority, resources and autonomy? Do they have continuous access to operational data and information across functions?

Training & Communications

Is your training risk-based? How do you measure training effectiveness? Do you offer shorter, targeted training on key issues?

Incentives & Disciplinary Measures

Have disciplinary actions and incentives been fairly and consistently applied across the organisation? Do you monitor investigations to ensure consistency?

Confidential Reporting & Investigation

Do you have a way for employees and third parties to anonymously or confidentially report misconduct? Do employees feel comfortable using it? How do you measure its effectiveness?

Continuous Improvement, Periodic Testing, & Review

Does your compliance programme conduct periodic audits and control testing? Does your company review and adapt its compliance programme based upon lessons learned?

Third Party Management

Do you apply risk-based due diligence to your third party relationships? Do you engage in risk management of third parties throughout the lifespan of the relationship?

Investigation of Misconduct

Do you have a well-functioning and appropriately funded mechanism for timely and thorough investigations of misconduct?

Mergers & Acquisitions

Does your organisation conduct pre-acquisition due diligence? Do you have a process for integrating acquired entities into existing compliance programme structures?

Analysis & Remediation of Any Underlying Misconduct

To what extent is your company able to analyse and address the root causes of misconduct?

Steps You Can Take to Meet DOJ Guidance on Corporate Compliance Programs

Step 1

Review NAVEX’s annotated copy of the DOJ guidance to view the latest changes from the June 2020 update.

Step 2

Consult NAVEX’s Corporate Compliance Evaluation Matrix to determine which products and services correspond the specific area of corporate compliance you want to address.

Step 3

Evaluate and improve your policies and procedures to reduce targeted risks and incorporate a culture of integrity into your day-to-day operations.

Step 4

Offer multiple whistleblower incident management reporting methods, including a compliance hotline to create effective reporting mechanisms that allow for properly scoped investigations conducted in a timely manner.

Step 5

Provide training tailored for the unique risks of your organisation in a form and language appropriate for each audience.

Step 6

Integrate risk-based third-party due diligence into your procurement and vendor management processes to assess and continuously monitor the qualifications and associations of third-party partners.