The Justice Department Monday published a new version of its guidance on how it evaluates compliance programs when making corporate charging decisions.
The new version updates the original document from 2017 and another version from 2019.
Most of the changes are to make sure compliance programs aren’t “snapshots” but dynamic, and updated to fit new circumstances.
There is also new language about ensuring that the compliance function is adequately resourced.
The DOJ’s Brian Benczkowski said the revised version of the guidance “reflects additions based on our own experience and important feedback from the business and compliance communities.”
When deciding whether to bring an enforcement action against companies for FCPA and other violations, the DOJ evaluates the compliance program’s effectiveness.
The guidance is intended to help prosecutors conducting criminal investigations ask companies the right questions about their compliance programs. Compliance professionals also use the guidance when they’re designing and updating compliance programs.
The newest version of the guidance includes more focus on third-party risk and how the compliance program identifies and deals with it. For example, “Does the company engage in risk management of third parties throughout the lifespan of the relationship, or primarily during the onboarding process?”
The DOJ’s Evaluation of Corporate Compliance Programs (Updated June 2020) is here.
And here’s a compare version marked to show all the changes from the 2019 guidance. Download the compare version here.