The Evaluation of Corporate Compliance Programs, first published five years ago, is now one of the most important compliance tools, not only for the DOJ prosecutors it’s addressed to, but also for compliance professionals outside government. One reason the 20-page Evaluation is so influential is its unique format. There’s a series of “fundamental questions” anyone can use to determine a compliance program’s effectiveness. So, where did the Evaluation of Corporate Compliance Programs come from?
It’s an original work, for sure. Strikingly so. But it’s also a compilation of prior guidance. We know that from the internal citations and a list of resources in the first footnote. The footnote says, “Many of the topics [in this guidance] also appear in the following resources.”
Let’s look at each of those “other resources” in the same order they appear in the footnote, using three questions: What is it? Why is it relevant? Where to find it?
1. Justice Manual, JM 9-28.000 Principles of Federal Prosecution of Business Organizations and JM 9-47.000 – Foreign Corrupt Practices Act of 1977.
What is it? The Justice Manual (formerly the U.S. Attorneys Manual) provides internal DOJ guidance. It’s the federal prosecutors’ handbook.
Why is it relevant? It’s cited more than 20 times in the Evaluation and is listed first in footnote 1. Anyone wanting to know how to receive credit for self-disclosure, cooperation, and remediation should head straight to the FCPA section of the Justice Manual.
2. United States Sentencing Guidelines, Chapter 8 – Sentencing of Organizations
What is it? The Introductory Commentary says, “This chapter is designed so that the sanctions imposed upon organizations and their agents, taken together, will provide just punishment, adequate deterrence, and incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct.”
Why is it relevant? Chapter 8 is the source of the ten elements of an effective compliance program, which later became the hallmarks of an effective compliance program in the FCPA Resource Guide. The Sentencing Guidelines are cited nine times in the body of the Evaluation of Corporate Compliance Programs.
Where to find it? United States Sentencing Guidelines, Chapter 8 – Sentencing of Organizations is here.
3. Memorandum entitled “Selection of Monitors in Criminal Division Matters,” issued by Assistant Attorney General Brian Benczkowski on October 11, 2018
What is it? This is how the DOJ and its prosecutors determine when to require a compliance monitor.
Why is it relevant? The memorandum, addressed to “All Criminal Division Personnel,” has a lot to say about evaluating corporate compliance programs. For example, “In assessing the adequacy of a business organization’s remediation efforts and the effectiveness and resources of its compliance program, Criminal Division attorneys should consider the unique risks and compliance challenges the company faces, including the particular region(s) and industry in which the company operates and the nature of the company’s clientele.”
Where to find it? Memorandum entitled “Selection of Monitors in Criminal Division Matters” is here.
4. DOJ corporate enforcement actions
What is it? The DOJ’s FCPA website includes an index of enforcement actions organized chronologically and alphabetically.
Why is it relevant? Entries for most corporate FCPA enforcement actions include links to charging documents, plea agreements, and DPAs or NPAs. Those documents typically describe deficiencies in defendants’ existing compliance programs and required enhancements and remedial actions.
Where to find it? DOJ FCPA enforcement actions are indexed here.
5. A Resource Guide to the U.S. Foreign Corrupt Practices Act
What is it? The DOJ and SEC first published this guidance in 2012 and updated it in 2020. It’s meant to “provide companies, practitioners, and the public with detailed information” about what the FCPA requires and how the feds enforce it. The foreword to the 2020 edition correctly says the FCPA Resource Guide “represents one of the most thorough compilations of information about any criminal statute.”
Why is it relevant? Just a decade ago, it was still hard to find accurate, authoritative, and user-friendly FCPA guidance. Then came the FCPA Resource Guide. It’s compiled from enforcement actions, anonymized declinations, summaries of case law, and DOJ opinion releases. The current version is ten chapters, 124 pages, and 443 footnotes. All compliance professionals (and potential FCPA defendants and their lawyers) should study the FCPA Resource Guide.
Where to find it? A Resource Guide to the U.S. Foreign Corrupt Practices Act can be downloaded here.
6. Good Practice Guidance on Internal Controls, Ethics, and Compliance, adopted by the OECD Council on February 18, 2010
What is it? It’s guidance to companies about “establishing and ensuring the effectiveness of internal controls, ethics, and compliance programs or measures for preventing and detecting the bribery of foreign public officials.”
Why is it relevant? The OECD Anti-Bribery Convention came into force in early 1999. It is legally binding on signatories (now 44) and requires them to criminalize bribery of foreign public officials. The United States has worked mainly through the OECD to create “a level playing field” for multinational companies.
Where to find it? The OECD’s Good Practice Guidance on Internal Controls, Ethics, and Compliance is here.
7. Anti-Corruption Ethics and Compliance Handbook for Business (OECD Handbook)
What is it? A result of the 2010 G20 Anti-Corruption Action Plan is this 2013 handbook, intended to help small and medium-sized businesses with limited resources prevent corruption. The handbook was developed largely “by companies, for companies,” with help from the OECD, the United Nations Office on Drugs and Crime (UNODC), and the World Bank.
Why is it relevant? The 128-page OECD Handbook is divided into three sections: an overview of anti-corruption laws; a how-to for risk-assessment; and a step-by-step guide (with suggested provisions) for creating an anti-corruption compliance program.
Where to find it? The OECD Handbook can be downloaded here.
8. Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations, published in July 2019 by the DOJ’s Antitrust Division
What is it? The DOJ’s internal guidance for evaluating antitrust compliance programs uses the Justice Manual, the U.S. Sentencing Guidelines, and the Evaluation of Corporate Compliance Programs.
Why is it relevant? Anti-corruption and antitrust compliance programs have more similarities than differences. So it’s not surprising this antitrust compliance guidance owes a lot to the Evaluation of Corporate Compliance Programs, including its “fundamental questions” format.
Where to find it? Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations is here.
9. A Framework for OFAC Compliance Commitments, published in May 2019 by the Department of the Treasury’s Office of Foreign Assets Control
What is it? OFAC sets out its five essential components of a risk-based sanctions compliance program and includes an appendix of root causes that OFAC found in real sanctions cases.
Why is it relevant? Sanctions violations can be a form of corruption and sometimes occur together with bribery. See, for example, enforcement actions involving Innospec and Weatherford. OFAC’s essential components of a sanctions compliance program are management commitment, risk assessment, internal controls, testing and auditing, and training. Root causes of sanctions violations include improper due diligence, de-centralized and inconsistent compliance functions and programs, bad information and the wrong tools, and so on.
Where to find it? A Framework for OFAC Compliance Commitments is here.