Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Putting Compliance Programs To The Test

How do you know if your company has an effective compliance program? The answer is crucial. If rogue employees violate the Foreign Corrupt Practices Act, having an effective compliance program becomes a factor in whether the company will face a criminal enforcement action and, if it does, whether it will be rewarded with reduced penalties. So what does an effective compliance program look like?

The FCPA doesn’t answer the question, and the Federal Sentencing Guidelines are short on details. That’s because all organizations have a different structure and no two operate the same way. So each one needs its own tailor-made program. The Federal Sentencing Guidelines describe hallmarks of an effective compliance program and what it should accomplish. And some features show up in FCPA Opinion Procedure Releases and deferred prosecution agreements. But the burden is always on each organization to figure out for itself how best to prevent, detect and respond to FCPA offenses.

So who finally decides what an effective compliance program looks like? Well, for better or worse, that’s left to the people at the Justice Department. They decide which organizations will face FCPA criminal enforcement actions, and part of their decision should involve evaluating whether the company has an effective compliance program. And how do prosecutors do that? They look to the U.S. Attorneys’ Criminal Resource Manual.

Relevant sections from the CRM appear between the lines below, with footnotes omitted and a couple of new paragraph breaks inserted, but otherwise unchanged. The provocative narrative is best read without our editorial filter — at least for anyone curious to know how their own compliance program might someday be judged.

The DOJ’s test of effectiveness, by the way, is consistent with the you’ll-know-it-when-you-see-it-approach in the Federal Sentencing Guidelines. And it comes with an even clearer message of encouragement and warning: honest compliance, even if it doesn’t prevent every FCPA violation, will be rewarded, while phony gestures will only multiply everyone’s troubles.

Here’s what the DOJ has to say to its U.S. Attorneys:


While the Department [of Justice] recognizes that no compliance program can ever prevent all criminal activity by a corporation’s employees, the critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives.

The Department has no formal guidelines for corporate compliance programs. The fundamental questions any prosecutor should ask are: “Is the corporation’s compliance program well designed?” and “Does the corporation’s compliance program work?” In answering these questions, the prosecutor should consider the comprehensiveness of the compliance program; the extent and pervasiveness of the criminal conduct; the number and level of the corporate employees involved; the seriousness, duration, and frequency of the misconduct; and any remedial actions taken by the corporation, including restitution, disciplinary action, and revisions to corporate compliance programs. Prosecutors should also consider the promptness of any disclosure of wrongdoing to the government and the corporation’s cooperation in the government’s investigation.

In evaluating compliance programs, prosecutors may consider whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct. For example, do the corporation’s directors exercise independent review over proposed corporate actions rather than unquestioningly ratifying officers’ recommendations; are the directors provided with information sufficient to enable the exercise of independent judgment, are internal audit functions conducted at a level sufficient to ensure their independence and accuracy and have the directors established an information and reporting system in the organization reasonably designed to provide management and the board of directors with timely and accurate information sufficient to allow them to reach an informed decision regarding the organization’s compliance with the law. In re: Caremark, 698 A.2d 959 (Del. Ct. Chan. 1996).

Prosecutors should therefore attempt to determine whether a corporation’s compliance program is merely a “paper program” or whether it was designed and implemented in an effective manner. In addition, prosecutors should determine whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation’s compliance efforts. In addition, prosecutors should determine whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it. This will enable the prosecutor to make an informed decision as to whether the corporation has adopted and implemented a truly effective compliance program that, when consistent with other federal law enforcement policies, may result in a decision to charge only the corporation’s employees and agents.

Compliance programs should be designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business. Many corporations operate in complex regulatory environments outside the normal experience of criminal prosecutors. Accordingly, prosecutors should consult with relevant federal and state agencies with the expertise to evaluate the adequacy of a program’s design and implementation. . . .


View the United States Attorneys’ Criminal Resource Manual, Title 9, Section 162 (Federal Prosecution of Business Organizations) here.

Share this post



  1. In your experience and research about the FCPA, have you come across any documents or relevant statutes that pertain to corporate liability if they sell their products through distributors? (thanks and incredibly helpful blog)

  2. I’m looking for some examples of effective compliance programs–any ideas on where to look?

    Thanks for your help!

  3. Anon asked, “In your experience and research about the FCPA, have you come across any documents or relevant statutes that pertain to corporate liability if they sell their products through distributors?” Distributors can be “intermediaries” and thus act (illegally) on behalf of companies subject to the FCPA. If you email us directly at [email protected] we’ll discuss it further. There are no special laws we’re away of pertaining to distributors and the FCPA.

Comments are closed for this article!