Earlier this year the Department of Justice (DoJ) issued two publications for prosecuting attorneys to provide guidance on assessing the effectiveness of corporate compliance programs. The two publications (April 2019 and July of 2019) further develop and update the “Evaluation of Corporate Compliance Programs,” issued by the Criminal Division’s Fraud Section released in February 2017 (2017 Compliance Guidance).
There are many separate federal laws that in some way address corporate compliance programs. A nexus point to consider in the construction of your compliance program is the Department of Justice’s Justice Manual in conjunction with the U.S. Sentencing Commission’s Sentencing Guidelines (specifically Chapter Eight). Of course, the ultimate byproduct of your compliance function will depend on the size, structure, and risk profile of the particular company. The two guidance documents help in tying this complex maze together.
I know it might sound trite, but the success of a compliance program lives and dies based on the tone at the top. Leadership does matter in so many ways. Chief among them is setting the tone for the company’s culture of compliance. The DoJ referenced different sections of the Justice Manual when addressing a company’s culture.
In the April 2019 guidance the DoJ refers to JM 9-47.120(2)(c) criteria for an effective compliance program include “[t]he company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated.” In the July 2019 guidance the DoJ cites “[i]f senior management does not actively support and cultivate a culture of compliance, a company will have a paper compliance program, not an effective one.”8 Indeed, employees should be “convinced of the corporation’s commitment to [the compliance program].” JM § 9-28.800.
The DoJ drumbeat of explaining the importance of a properly constructed and designed compliance program has been ongoing since 1992. It was in 1992 that the U.S. Sentencing Commission stated that an “organization must have established compliance standards and procedures” to what we now know the standard of “prevent and detect” all forms of corporate misconduct.
With a refining of the requirements in conjunction with the increased enforcement actions the government is pushing the business community towards implementing effective compliance programs. The cost of not doing so can no longer be looked at as a cost of doing business.