Updated DOJ Guidance Steers Effective Compliance And Remediation Programmes.
Legal News & Analysis - Asia Pacific - Regulatory & Compliance
14 May, 2019
The US Department of Justice Criminal Division (DOJ) has issued updated guidance on the Evaluation of Corporate Compliance Programs (guidance). Under the guidance, DOJ prosecutors evaluate the effectiveness of a company’s compliance programme when conducting an investigation, determining whether to bring charges or negotiating plea or other arrangements.
“Whether in the US, Asia Pacific or elsewhere, the guidance sets out useful prompts for a best practice compliance framework” observes Hong Kong corporate crime and investigations partner, Jeremy Birch. “Given the propensity of regulators to borrow from each other’s procedures and practices, it will also be of interest to companies subject to regulatory scrutiny, investigation or enforcement outside the US, as a benchmark for appropriate remediation and resolution.”
The guidance covers many of the same areas as the previous version, providing additional context to the multifactor analysis of a compliance programme.
Key takeaway: substance over form
Where misconduct occurs, it does not, by itself, mean that a company’s compliance programme was ineffective at the time of the misconduct. The guidance states: “if a compliance program did effectively identify misconduct, including allowing for timely remediation and self-reporting, a prosecutor should view the occurrence as a strong indicator that the compliance program was working effectively.” Today’s regulators scrutinise compliance programmes for how they are monitored, measured and developed over time. A paper programme, which ticks the boxes without real impact, likely will not attract the same credit as one that effectively promotes a sound compliance culture through an outcomes-based approach. The questions raised by the guidance set out a roadmap – rather than a checklist – for compliance practitioners and advisers in regulatory proceedings alike. This highlights an effective, risk-based compliance programme which minimises the risk of misconduct occurring and, where it does occur, mitigates the potential consequences for the company.
Individualised, risk-based scrutiny
The guidance emphasises that the DOJ does not use a checklist or rigid formula to assess the effectiveness of corporate compliance programmes. Instead, each company’s risk profile and the solutions it has taken to reduce its risks warrant their own, individualised, evaluation.
Notwithstanding this approach, the guidance recognises that there are common questions to ask in the course of making an individualised evaluation of a compliance programme. This is organised under three overarching questions:
(1) Is the compliance programme well-designed?
Prosecutors will examine whether a compliance programme is well-designed and comprehensive, ensuring there is a clear message that misconduct will not be tolerated, and that policies and procedures are in place to integrate the programme into the company’s operations and workforce.
To evaluate the effectiveness of a compliance programme, prosecutors are encouraged to consider factors including:
(2) Is the compliance programme implemented effectively?
The guidance draws a distinction between a “paper program” or one “implemented, reviewed, and revised, as appropriate, in an effective manner.” To evaluate the effective implementation of a compliance programme, prosecutors are encouraged to consider:
(3) Does the compliance programme work in practice?
Due to the backward-looking nature of an investigation, the guidance requires prosecutors to evaluate the adequacy and effectiveness of a company’s compliance programme both at the time of the offence and at the time of the charging decision, as well as any remedial efforts.
To evaluate whether a compliance programme works in practice, prosecutors are encouraged to consider:
For further information, please contact:
Kyle Wombolt, Partner, Herbert Smith Freehills