New DOJ Guidance on the Evaluation of Corporate Compliance Programs
Dear Clients and Friends,

The Criminal Division of the United States Department of Justice (“DOJ”) recently released a guidance document on the evaluation of corporate compliance programs (the “Evaluation Guidelines”). While the Evaluation Guidelines are designed for white-collar prosecutors to evaluate the effectiveness of compliance when determining whether to bring charges, this document also serves as a helpful resource for companies seeking to establish new or evaluate and enhance their existing compliance programs. The Evaluation Guidelines acknowledge that each company’s risk profile warrants individualized solutions and focus on three overarching points of inquiry:

1) Is the company’s compliance program well designed?
2) Is the program effectively implemented?
3) Does the compliance program actually work in practice?

Each of those three questions is broken down into sub-categories that measure the quality of a company’s compliance program’s design (risk assessment, policies and procedures, training and communications, confidential reporting and investigation process, third-party management, and mergers and acquisitions), implementation (commitment by senior and middle management, autonomy and resources, incentives and disciplinary measures) and effectiveness (periodic testing and review, investigation, analysis and remediation of misconduct).

Compliance programs cannot be “off the shelf” programs, but should be tailored to each company’s risk profile and business model; neither can a compliance program be a “paper program”, instead it should be implemented in an effective manner and periodically reviewed and revised, as necessary. The Evaluation Guidelines restate those fundamental notions, but also provides new emphasis to certain areas, for example:

- Risk Assessment that Builds on “Lessons Learned” – the Evaluation Guidelines recommend that a company’s compliance program is tailored to its unique risk profile, evaluating, among other factors, location of operations, industry sector, regulatory landscape, competitiveness of the market, transactions with foreign governments, and use of third parties. Moreover, the criteria for the risk assessment should be periodically reviewed and updated in light of past experience and discovered misconduct.
- Importance of Compliance Personnel - the importance of the compliance function within the organization is accessed not only through resources allocated to it, but also through its stature within the company, access to key-decision makers, authority and autonomy.
- Efficient Oversight of the Company’s Third Parties - the Evaluation Guidelines stress the importance of oversight of third parties. Companies should conduct risk-based due diligence of its third-party relationships and ensure their ongoing monitoring. The document highlighted that agents, consultants and distributors are “commonly used to conceal misconduct, such as payment of bribes to foreign officials in international business transactions,” thus emphasizing the need to know reputations and relationships of those partners, as well as having the strong business rationale for needing those partners in the transaction.

For the full text of the Evaluation guidelines, please click here:
To learn more about how to build an effective compliance program for your company, please contact :
Gene Kleinhendler at
Our Services >