What is new and different in the Evaluation of Corporate Compliance Programs (2019 Guidance) from its original iteration, which was released in February 2017 (2017 Guidance)? The 2017 Guidance provided direct insight into how prosecutors were thinking about compliance programs. This was driven home with the practical question format of the document. The 2019 Guidance builds on this individual prosecutorial insight by adding information on how the Justice Department is directing its line prosecutors to think about an organization’s ethics and compliance obligations.
When you read the 2019 Guidance in conjunction with its clear antecedent, the Benczkowski Memo released in October 2018, you’ll see critical elements for companies to avoid monitorship. These include investments to improve corporate compliance programs and internal controls as well as program testing to demonstrate the prevention or detection of similar misconduct in the future. Timing is a key differentiator between these two elements of guidance: The Benczkowski Memo focuses on expectations during an FCPA investigation or enforcement action; the 2019 Guidance focuses on what you should do before you get to that point.
While a key theme of the 2017 Guidance was operationalizing compliance programs, a key theme of the 2019 Guidance is corporate culture. The word “culture” is used prominently throughout the 2019 Guidance. It appears in topic areas spanning from policies and procedures to leadership’s tone from the very top – starting with the board of directors, to senior management, down through middle management. It also emphasizes creating, measuring and improving culture. Moreover, a clear message insists that an organization needs to actually assess its culture. Culture needs to be represented in embedded corporate values and not simply through squishy social science concepts. Simply put, culture is a foundational internal control that guides the behavior of employees. Without that internal control, all other rules, regulations, policies and controls will be less effective.
While a key theme of the 2017 Guidance was operationalizing compliance programs, a key theme of the 2019 Guidance is corporate culture.
Another key theme of the 2019 Guidance was continuous monitoring. Certainly this concept was laid out in the 2017 Guidance, which generally followed the 10 Hallmarks of an Effective Compliance Program format. However, continuous monitoring received much stronger emphasis in the 2019 Guidance, especially around how information is used. The important part is not where your information came from – whether that be from a hotline report, annual risk assessment, culture survey, internal investigation, root cause analysis, monitoring, auditing, or in some other manner. The DOJ cares most about how you used the information to improve your compliance program. This emphasis on data application, although present in the 2017 Guidance, was not as prominent.
Michael W. Peregrine, writing in the Harvard Law School Forum on Corporate Governance and Financial Regulation, believes that the 2019 Guidance also furthers the role of the board of directors in compliance oversight. He points to three key changes to highlight this evolution:
- Material change in format from the 2017 Guidance to the 2019 Guidance
- Specific references to the board’s role in the oversight of a compliance program
- New perspective and emphasis on risk assessments, ongoing vitality of compliance policies and procedures; effectiveness and tailoring of compliance training, and the need for a well-functioning whistleblower program.
It is clear that the 2019 Guidance builds upon its predecessor, as well as on other Justice Department pronouncements and changes, including the 2017 FCPA Corporate Enforcement Policy, the 2018 Anti-Piling on Policy, the 2018 M&A Safe Harbor Policy, and the Benczkowski Memo. Any information released by the Justice Department provides additional context for compliance program strategy. The 2019 Guidance continues that tradition.