The U.S. Department of Justice's Criminal Division ("DOJ") issued a new and comprehensive guidance named "The Evaluation of Corporate Compliance Programs"[1] for prosecutors to help shaping their analysis of compliance programs on April 30, 2019. This updates previous guidance issued in February 2017 and provides more detailed and concrete factors in the assessment of compliance program effectiveness, for the purposes of determining the appropriate form of resolution or prosecution, penalty and compliance obligations, if any.

These factors stem from the following three essential questions federal prosecutors are expected ask to assess whether the program actually works, is thoroughly implemented throughout the company and has preventative consequences in terms of corporate misconducts:

(i) if the compliance program is well designed,

(ii) if the compliance program is effectively implemented, and

(iii) if the compliance program actually works in practice.

(i) Design of the compliance program

The DOJ has put forward a structure for the assessment of adequacy and coverage of the program's design in each company. The first step is a risk assessment. The program is required to be appropriately designed, to have the methodology to detect the types of misconduct that could occur in the company's line of commercial and regulatory environment, and should be frequently updated in this regard. The second topic is the company's policies and procedures. The company must establish an adequate set of accessible and enforced policies which address the related laws and which serve in reducing the risks identified as part of the company's risk assessment process. The DOJ is also to look into the persons involved in the creation of the policies and procedures, in terms of seniority and relevant business units. As an extension of this, the company is required to ensure that these policies and procedures has been implemented and are in effect through periodic risk-based trainings and communication, in other words, the company should raise the awareness of its employees with regard to its position on misconduct. Similarly, the guidance indicates that the company should have a confidential reporting structure and investigation process to enable employees to report misconducts anonymously and confidentially.

The guidance specifically focuses on third-party management and acquisition targets also. The prosecutors are required to evaluate the company's due diligence processes, controls regarding third parties, and the company's oversight on third-party partners based on their business field, region and relationships and reputation. It is significant to note that there should be a comprehensive due diligence process and well-developed programs for acquisition targets in order to identify the target's corrupt practices or misconduct, or any potential compliance issues.

(ii) Effectiveness in implementation of the compliance program

The guidance indicates simply a tone at the top is not sufficient. Effective implementation of a compliance program requires commitment by both senior and middle management in order to establish a culture of compliance. Prosecutors should consider whether the program has sufficient autonomy and resources to investigate and enforce the program, as well as incentives and disciplinary measures are being applied.

(iii) Compliance program in practice

The prosecutors are required to evaluate whether the program minimizes the risk of misconduct by investigating if it is operating effectively, improves continuously, and undergoes periodic testing, review, analysis and remediation of underlying misconducts are being made. This can be made through the observation of how and if the company was able to identify misconducts and nature of remediation, which are regarded as a strong indicator that the program is working effectively.

This article was first published in Legal Insights Quarterly by ELIG Gürkaynak Attorneys-at-Law in September 2019. A link to the full Legal Insight Quarterly may be found here


[1] The guide can be accessed through https://www.justice.gov/criminal-fraud/page/file/937501/download (Last Access Date August 2, 2019)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.