On February 8, 2017, just as the new Attorney General Jeff Sessions was confirmed by the U.S. Senate, the Fraud Section of the U.S. Department of Justice (DOJ) issued a memorandum setting forth factors by which the DOJ will evaluate corporate compliance programs when determining whether to investigate, charge, or resolve criminal allegations against an organization under Title 9 of the U.S. Attorneys' Manual (USAM). See U.S. Dep't Of Justice, Criminal Division, Fraud Section, Evaluation of Corporate Compliance Programs (attached). Largely, the memorandum builds on and clarifies existing guidance under Title 9 of the USAM and Chapter 8 of the U.S. Sentencing Guidelines. It also draws on the joint DOJ and U.S. Securities and Exchange Commission Resource Manual on the Foreign Corrupt Practices Act, as well as materials on corporate ethics and compliance infrastructure prepared by the private Organization for Economic Cooperation and Development.
It is hard to know whether the release may signal focus and commitment by the new administration, or if it is simply a holdover from the prior administration. Ultimately, however, the memorandum is another tool that can be used by compliance professionals in the implementation, evaluation or expansion of internal corporate compliance programs to successfully prevent or mitigate circumstances that may otherwise lead to corporate criminal liability.
The memorandum cautions organizations that it is not designed as a prescriptive or formulaic checklist that will apply to every matter or every organization. While the document incorporates the experience of the Fraud Section, it emphasizes that DOJ will continue to make an "individualized determination" when assessing a compliance program in the context of its criminal enforcement discretion. It lists eleven factors that DOJ will consider when assessing a corporate compliance program:
- the company's analysis of the root cause of the misconduct at issue, prior indicators of the misconduct, and steps taken to remedy the misconduct;
- the response of senior and middle management to the misconduct and their effort to ensure the company demonstrates compliant behavior;
- the autonomy and resources provided to the company's compliance department;
- the compliance policies and procedures implemented by the company and the company's integration of those policies and procedures into its daily operations;
- the company's approach to risk assessment;
- compliance-related training and the company's dissemination of compliance materials and principles to employees;
- the effectiveness of internal reporting and investigations;
- the disciplinary measures and incentives implemented by the company with respect to compliance issues;
- the use of internal audits, control testing, and other measures to continuously improve the compliance department;
- the company's application of its compliance measures to third parties working with the company; and
- the company's due diligence activities taken during mergers and acquisitions.
Effective compliance programs and compliance-related elements of environmental management systems require ongoing evaluation and improvement; the DOJ's new memorandum sets forth a roadmap to government expectations regarding such programs or system elements to prevent or address potential malfeasance. Although this guidance was set forth by DOJ's Fraud Section, other sections of DOJ will consider similar questions when evaluating corporate compliance programs based on existing and generally applicable policies. Consequently, even in the wake of a change in administration, companies can look to the memorandum's guidance to create, implement, and improve their compliance infrastructure.