Publications - 29/01/20
Compliance Programs Evaluation Criteria: Guidelines used by the US Department of Justice
The United States Department of Justice (DOJ) provides guidance on the criteria and evaluation methods it uses in order to evaluate non-investigational company compliance programs and possible criminal proceedings in the Evaluation of Corporate Compliance Program (Updated Evaluation Guidance). The last version of this document was published in April 2019.
The Evaluation Guidance aims to guide and assist DOJ’s prosecutors in the decision-making process when assessing whether, and to what extent, the companies´ compliance program was effectively enforced at the time the offense took place and at the time of the charging decision. Accordingly, the guide provides background information so that prosecutors can determine: (i) the form of prosecution, (ii) the monetary penalty, if applicable, and (iii) the compliance obligations contained in the decision of any corporate criminal case (such as enforcement or monitoring).
Despite of not having the force of law, the Updated Evaluation Guidance is a reference of great importance for companies regarding compliance issues at the global level and has significant persuasive value in the DOJ´s decisions. The Updated Evaluation Guidance does not provide a strict procedure to be followed by the DOJ in assessing compliance policies of companies under investigation. However, the document provides valuable guidance for elaborating and implementing compliance programs for companies or any type of commercial transaction or financial transaction in the United States or that have any connection to the US market.
The relevance of these considerations is a result of the extraordinarily wide jurisdictional scope of the Foreign Corrupt Practices Act (FCPA), related not only to market agents companies in the United States as well as foreigners. In fact, the so-called “interstate commerce” may define the FCPA’s jurisdiction over US telephone calls, sending emails using servers located in the United States, or performing bank transactions that are passed by the US banking system, even briefly.
Moreover, the FCPA provisions have jurisdiction over individual and legal entities. The law applies to US citizens and “issuers” in the US – any company, US or foreign, that is listed on a US stock exchange or that register reports combined with the Security Exchange Commission (SEC) – acting anywhere in the world. Although the requirements are directed at issuers, they also apply to its subsidiaries and affiliates, so the issuer is responsible for ensuring that all of its affiliates and subsidiaries (including foreign and joint ventures) comply with the accounting regulations. The FCPA’s jurisdiction also extends to all executives, directors, employees, agents or shareholders acting on behalf of these legal entities, regardless of their place of residence or nationality. Even though these provisions do not apply directly to privately held companies, it is recommended that “non-issuers” respect them, since they assist in managing the risk of breach of anti-corruption rules. 
Therefore, the DOJ’s recommended practices in the Updated Evaluation Guide has a preventive nature and should be observed and incorporated into companies compliance programs as the best practices.
The Updated Evaluation Guidance covers much of the content of its predecessor, a document with the same name (published February 2017) and focuses on the implementation of coaching system to prosecutors regarding the effectiveness of compliance programs. In addition, the Updated Evaluation Guidance addresses each of the areas in a contextualized manner, including short presentations explaining the relevance of each topic and in some cases, including quotes from the Justice Manual and the U.S. Sentencing Guidelines.
The guide’s twelve topics (one more than in its 2017 edition) are presented in the form of answers to three key questions, brought up by the document as guidelines for assessing the effectiveness of corporate compliance programs of companies:
- Is the company’s compliance program well structured?
The Updated Evaluation Guidance emphasizes that the “starting point for a prosecutor to assess whether a compliance program is well structured is to understand the company’s business from a commercial perspective, how the company identified, assessed and defined its profile risks and to what extent the program devotes resources to the risk aspects”. The most relevant highlighted topics within this area includes:
Risk Assessment: Verify if the compliance program has been “structured to identify specific misconduct most likely to occur within the context of the company’s business particularities”, particularly in “complex regulatory environments”. It is necessary to ask how and how often the company’s compliance culture is measured and how this analysis is used to ensure the improvement of the company’s program.
Policies and Procedures: A well-structured compliance program have policies and procedures that contains “content and ethical standards that can reduce the risks which were identified by the company during its risk analysis”. Relevant compliance program items are: design, comprehensiveness, accessibility, responsibility for operational integration and gatekeepers (“what, if any, guidance and training has been provided to key gatekeepers in the control processes”).
Training and Communications: Highlights the importance of comprehensive policies and training of prosecutors, which enables them to question if the compliance procedures are enforced through the company’s internal control systems and whether they are integrated into the corporate structure.
Confidential Reporting Structure and Investigation Process: Prosecutors should observe the effectiveness of whistleblowing mechanisms, consider whether investigations are properly conducted by a qualified team, assess the accountability and examine the responses obtained from investigations, as well as ascertain the correct use of resources and proper monitoring of the results.
Third Party Management: A compliance program must perform its due diligence regarding the company’s business relationships with third parties. In this sense, the prosecutor’s analysis should be based on the following factors: the risk involved and the process of business/commercial interaction, the existence of appropriate control mechanisms, the management of relationships and the actions taken by the company and their consequences.
Mergers and Acquisitions: It is important to examine the due diligence process used in mergers and acquisitions and the connection between the due diligence and the implementation of the compliance program of the company.
- Is the compliance program being implemented with integrity and good faith? In other words, is the program being effectively implemented?
The DOJ points out that “even a well-implemented compliance program can be unsuccessful if in practice its implementation is poor or inefficient.” In this context, relevant topics highlighted within this area include:
Commitment of the Company’s Senior and Middle Management: Verify the conduct of the company’s executive leaders, and if the ethical guidelines provided for in the company’s policies and procedures are properly followed.
Autonomy and Resources: During their assessment, prosecutors should ensure that the company’s compliance team has the right structure, experience, qualification, autonomy and right resources. Also, it’s necessary to analyze how the compliance area is constituted in comparison to other strategic areas of the company, in terms of compensation, decision making power, among other criteria.
Incentives and Disciplinary Measures: Check that companies have clear, ordered and in place disciplinary procedures that are properly followed and consistently applied across different sectors of the organization.
- Does the company’s compliance program work in practice?
The DOJ recognizes that the mere existence of misconduct does not mean that the company’s compliance policy is deficient. In assessing the effectiveness of a compliance program at the time of the offense and indictment, prosecutors should consider how the irregularity was identified, the investigative resources available, and the adequacy of the remedial measures that were used by the company. Relevant topics highlighted within this area include:
Continuous Improvement, Continuous Testing and Review: Following the provisions of the Justice Manual, prosecutors should consider whether the review of the company’s compliance program is conducted taking in consideration improvements and gained knowledge. Also, it is the prosecutor’s duty to verify not only if internal audits were conducted, but also to analyze the attitudes taken by the companies in order to detect irregular conducts.
Conduct Deviation Investigation: Verify if the investigation was properly conducted by a qualified team and what was the company’s reaction level achieved with the investigation.
Misconduct Analysis and Remediation: It is necessary to examine the source of the irregularity, the weaknesses in the company’s internal controls, eventual payment system problems and the adequacy of supplier management. It is also critical to consider whether there are signs of irregularity prior to the transgression, such as actions taken by the company to prevent the wrongdoing from happening again and if the company took the appropriate measures to punish and remediate the detected irregularity.
Compliance issues are in spotlight, and are, by definition, dynamic and controversial. The jurisdictional barriers are extremely reduced and are multi-faceted in a global approach. In fact, no country or company is immune to corruption and that is why companies should remain permanently vigilant.
Companies need to be constantly following the trends of the main players in the international scenario, in order to be improving their internal control and internal mechanisms. The DOJ is one of the most important players in building international compliance guidelines and its guidance focused in achieving results. Therefore, companies should carefully analyze the Updated Evaluation Guidance and adjust compliance policies to ensure that their operations are genuinely committed to best practices. These efforts contribute companies to follow an ethical and competitive path.
Janaina Müller is an associate of De Paula Dias
Carolina Machado is an international counsel in compliance and dispute resolution matters
 The full document can be found at: https://www.justice.gov/criminal-fraud/page/file/937501/download