How indestructible is your corporate compliance program?
A weak link could spell disaster.
At the beginning of the year, the Fraud Section of the US Department of Justice published Evaluation of Corporate Compliance Programs.
It's a guide for companies that highlights common questions that the DOJ will ask when evaluating a company’s compliance program.
It's a simple document, only 8 pages long, that asks very obvious, and common sense questions.
These aren't new questions. In fact, the factors listed have been previously expressed in policy statements issued by the US Government.
The guideline does reinforce key factors for all companies designing, enhancing, or implementing compliance programs, and helps them clearly understand the DOJ’s expectations.
Not surprisingly, one of the key factors involves confidential reporting and investigation.
It asks about the effectiveness of the company's reporting mechanism. This is assuming there is a reporting mechanism in place. If there isn't, then a company may look less structured in the eyes of the DOJ during an investigation.
- Is the company compiling and analyzing the information from its reporting system? What is the company doing with this valuable information? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information?
Is the personnel involved in any investigation properly qualified to do so?
- How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?
How is the company responding to what it finds when investigating? And what is the company doing with that information?
- Has the company’s investigation been used to identify root causes, system vulnerabilities, and accountability lapses, including among supervisory manager and senior executives? What has been the process for responding to investigative findings? How high up in the company do investigative findings go?
This guideline also references what is commonly known as 'tone at the top'. However, it references this as 'Conduct at the Top'.
This is a suggestion that there should be increased attention on whether the 'actions and decisions of company leadership reflect a sincere commitment to effective compliance.'
- How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question? What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts? How does the company monitor its senior leadership’s behavior? How has senior leadership modelled proper behavior to subordinates?
Even if a company isn't in the process of active US enforcement action, this evaluation criteria provides helpful compliance program guidance and benchmarking for companies looking to design, enhance, and implement strong programs.
And we can help. Let us know if you'd like us to help you review or update any of your policies, including Code of Conduct, Whistleblower Policy, Fraud Policy. We can help save you some valuable time.