On April 30, 2019, the Criminal Division of the US Department of Justice introduced new guidance to help white-collar prosecutors evaluate corporate compliance programs, as required by the principles of federal prosecution delineated in the Justice Manual. The guidance, titled Evaluation of Corporate Compliance Programs, updates guidance published by the Criminal Division’s Fraud Section in February 2017 and is divided into three sections. Part I addresses risk assessment, policies and procedures, channels for reporting such as confidential “hotlines,” investigation processes, training, oversight of third parties, and mergers and acquisitions. Part II focuses on implementation. And Part III focuses on how to measure the efficacy and success of compliance programs. Together, the three parts provide a road map for answering the three fundamental questions that, according to the Justice Manual, a prosecutor should ask in evaluating a company’s compliance program:
- Is the corporation’s compliance program well designed?
- Is the program being applied earnestly and in good faith?
- Does the corporation’s compliance program work?
Recognizing that no compliance program can prevent all criminal conduct by a company’s employees, the new guidance makes clear that the existence of misconduct does not, in and of itself, mean that a compliance program was ineffective at the time of the offense.