The DOJ’s new compliance program guidance moves away from an antiquated model of a generic, “off-the-shelf” compliance programs, taking a deeper dive into reviewing compliance program effectiveness.
The Department of Justice (DOJ)’s 2020 Evaluation of Corporate Compliance Programs (“Guidance”) assists prosecutors in making informed decisions about an organization’s compliance program at the time of charging decisions. It doubles the 119 questions and factors raised in their 2019 version.
Guidance continues to focus on three core questions derived from the Justice Manual, namely whether a compliance program is: well designed; being applied earnestly and in good faith; and works in practice.
The DOJ has continued to move away from the “antiquated model of a generic off-the-shelf” compliance program and focus more on how an organization acts in response to risk assessments. It takes a “deeper dive” into how a program functions in practice.
Guidance questions ask, “is the compliance program continuously updated to incorporate changing risks, resource needs, and lessons learned from assessments, monitoring, and testing?”
Many questions are related to effective monitoring of compliance and whether a company’s compliance program has continuous access to operational data and information across functions. The DOJ underscores the importance of having regular reviews of the compliance program and clarifies that this should not be “cookie-cutter” or “check the box” type reviews. These reviews should lead to useful findings that result in meaningful changes and improvements.
Compliance programs should always be a work-in-progress and continuously improving. Greater emphasis is also given on the adequacy of compliance resources, quality of trained staff, and empowerment. The importance of oversight of any third-party agents that act on a company’s behalf is stressed, including whether the company engages in risk management of third parties throughout the lifespan of the relationship. The questions include whether the company completed pre-and post-acquisition due diligence and a process for timely and orderly integration of acquired entities into existing compliance program structures and internal controls.
There are many questions about the structure and operation of the compliance program, the effectiveness of compliance training, and how compliance-related policies are developed and made available to covered persons. Among the most significant challenges are questions that refer to evidencing a “culture of compliance” in the various elements of the compliance program.
The DOJ’s guidance, as does the OIG’s, cites compliance surveys to evidence compliance knowledge of employees and compliance culture of the organization.
Additional insights on DOJ guidance
On August 20, SAI Global hosted a webinar featuring the team at Strategic Management Services, who has extensive experience in compliance and government enforcement. The program discussed:
- Evolution and direction of DOJ on evaluating compliance programs
- Analysis of DOJ’s revised “Evaluation of Corporate Compliance Programs” guidance
- Practical assistance for compliance officers for evidencing answers to DOJ questions
Watch the webinar on-demand: Meeting Challenges of the New DOJ Compliance Program Guidelines.
Or, read a detailed Q&A with highlights from the webinar.
See additional insights from SAI Global for managing healthcare compliance during the pandemic.
Learn more about our risk and compliance solutions for healthcare and health insurance organizations.
Or, contact us to see how SAI Global has helped organizations like yours.