The Challenge of addressing DOJ Compliance Guidance
With the DOJ’s June 2020 update to their guidance on corporate compliance programs, regulators have further sought to provide guidance and transparency to organisations by clearly communicating their expectations of what a well-designed and properly executed compliance programme should look like.
Compliance officers can start by answering the three questions the DOJ instructs prosecutors to ask at the start of their evaluation: 1) Is the corporation’s compliance programme well designed? 2) Is the programme adequately resourced and empowered to function? 3) Does the programme work in practice?
The DOJ guidance then provides detailed questions to evaluate each response. Someone measuring a risk and compliance programme’s design, for example, should start by reviewing its risk assessment. How did the company define its risk profile? Did it tailor its programmes to detect the specific types of misconduct identified, and allocate resources accordingly? Did it periodically review and revise its assessment? By proactively addressing the questions posed in the DOJ guidance, organizations can prevent the need for prosecutors to seek answers in the wake of compliance failure.