<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NL78X4T" height="0" width="0" style="display:none;visibility:hidden">

2020 Compliance Program Updates: US Department of Justice

2020 Compliance Program Updates: US Department of Justice

On June 1st, the US Department of Justice set forth additional clarification and revised guidance for corporate compliance programs.

The Covid-19 virus has changed organizations' compliance structure quite considerably. 

And while businesses are currently trying to navigate their way through Covid-19, they best take note of these changes to prevent any future regulation infractions, or other issues they are suddenly faced with.

According to the SEC, being shut off from the world has given employees ample opportunities to pass the time by filing SEC complaints. It would appear that whistleblowers have been busy - 35% busier than last year at this time.

If companies don't keep up with these new guidelines the Department of Justice has set forth, they could face serious consequences in the future.

What are some of the notable changes to compliance programs the US Department of Justice has set out?

Most of the changes made take into account the new and changing times and circumstances we're facing.

The DOJ’s Brian Benczkowski said the revised version of the guidance “reflects additions based on our own experience and important feedback from the business and compliance communities.”

In order to bring enforcement action against a company for FCPA violations, the DOJ needs to evaluate that company's compliance program's effectiveness.

Guidance is given to prosecutors when conducting criminal investigations against a company, aimed at helping them ask the right questions of that company's compliance program. This guidance is used by compliance professionals when designing an updating their compliance programs.

What's new? Here's an example. Additions are in bold:

A well-designed compliance program should include comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls. Pre-M&A due diligence, where possible, enables the acquiring company to evaluate more accurately each target’s value and negotiate for the costs of any corruption or misconduct to be borne by the target. Flawed or incomplete pre- or post-acquisition due diligence and integration can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.

What it means:

The Justice Department will give more consideration to the company’s plans for merger and acquisition targets. Even if a company can't perform perfect due diligence before the acquisition wherever possible, prosecutors will still want to see evidence that the company does have a plan in place to bring the acquisition into its compliance program after the deal closes.

Other additions were made to in the section about how compliance programs work in practice. These additions in bold:

How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?

What it means:

Well this one is timely and important considering the current state of affairs right now. Covid-19 has forced companies to evolve their corporate structures and look at their current risks. Performing fresh risk assessments at the moment should be a priority. If these new guidelines are to be in force for the next few years, no company wants to look back on a situation that happened now and realize they didn't proactively make appropriate adjustments.

Another mention is around how a company has communicated, or made accessible, their policies and procedures. Updates in bold:

How has the company communicated its policies and procedures to all employees and relevant third parties? If the company has foreign subsidiaries, are there linguistic or other barriers to foreign employees’ access? Have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?

What this means:

The bottom line is that every employee and relevant third party should have access to, and solid understanding of the company's policies and procedures. Prosecutors may look at how accessible these documents are including languages they are available in. Many organizations employ workers on a global level with varying language capabilities, educational background, and technical abilities. All of these situations need to be addressed so that all employees have equal access to the company's policies and procedures.

The virus has changed companies’ risks dramatically, so performing a fresh risk assessment should be a high priority.

You can see the DOJ’s Evaluation of Corporate Compliance Programs (Updated June 2020) here.

New Call-to-action


photo Amanda Nieweler
About the Author
Amanda writes for WhistleBlower Security about ethics, compliance, workplace culture, and whistleblower hotlines. Amanda brings her nearly two decades of risk and compliance experience to the WBS blog where she is dedicated to helping people and companies promote speak-up cultures.