Evaluating Corporate Compliance Programs? Updated DOJ Criminal Division Guidance

The updated guidance document on corporate compliance from the Department of Justice sets forth topics that the Criminal Division has frequently found relevant in evaluating corporate compliance programs. The information shared in the guidance may be beneficial for legal, business, and information technology professionals in the eDiscovery ecosystem as they consider audits, investigations, and litigation in the area of corporate compliance.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: The Criminal Division earlier this month announced the release of a guidance document for white-collar prosecutors on the evaluation of corporate compliance programs.  The document, entitled “The Evaluation of Corporate Compliance Programs,” updates a prior version issued by the Division’s Fraud Section in April 2019. The guidance document sets forth topics that the Criminal Division has frequently found relevant in evaluating corporate compliance programs and it may be beneficial for legal, business, and information technology professionals in the eDiscovery ecosystem as they consider audits, investigations, and litigation in the area of corporate compliance.

An extract from the updated DOJ Criminal Division Evaluation of Corporate Compliance Programs Document

Evaluation of Corporate Compliance Programs

General Introduction Extract

This document is meant to assist prosecutors in making informed decisions as to whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligations).

Because a corporate compliance program must be evaluated in the specific context of a criminal investigation, the Criminal Division does not use any rigid formula to assess the effectiveness of corporate compliance programs. We recognize that each company’s risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make a reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program. There are, however, common questions that we may ask in the course of making an individualized determination. As the Justice Manual notes, there are three “fundamental questions “a prosecutor should ask:

  1. “Is the corporation’s compliance program well designed?
  2. “Is the program being applied earnestly and in good faith? “In other words, is the program adequately resourced and empowered to function effectively?
  3. “Does the corporation’s compliance program work “in practice?

See JM 9-28.800.

Mergers and Acquisitions Section Extract

A well-designed compliance program should include comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls. Pre-M&A due diligence, where possible, enables the acquiring company to evaluate more accurately each target’s value and negotiate for the costs of any corruption or misconduct to be borne by the target. Flawed or incomplete pre- or post-acquisition due diligence and integration can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.

The extent to which a company subjects its acquisition targets to appropriate scrutiny is indicative of whether its compliance program is, as implemented, able to effectively enforce its internal controls and remediate misconduct at all levels of the organization.

  • Due Diligence Process – Was the company able to complete pre-acquisition due diligence and, if not, why not? Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities and how was it done? What is the M&A due diligence process generally?
  • Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
  • Process Connecting Due Diligence to Implementation – What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post-acquisition audits, at newly acquired entities?

Read more on the Evaluation of Corporate Compliance Programs 


Evaluation of Corporate Compliance Programs (PDF) Mouseover to Scroll

Evaluation-of-Corporate-Compliance-Programs-June-2020-Revision

Original Source: U.S. Department of Justice Criminal Division


Additional Reading

Source: ComplexDiscovery

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

A (Brand) New Approach? Considering the Framework and Structure of eDiscovery Offerings

Today’s eDiscovery providers may benefit from the lessons learned in the creation of the Sgt. Pepper’s Lonely Hearts Club Band album by creating a concept for branding and packaging their offerings within that brand in a connected, theme-based way that represents the offerings’ promise and capability in a way that is easy to understand and remember.



Check Out the New Approach Now!

Interested in Contributing?

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

The Price of Success? The eDiscovery Pricing Survey (Winter 2021)

Based on the complexity of data and legal discovery, it is...

Deep State? Thirteen Research Reports on the State of eDiscovery Business in 2020

As part of its coverage of the business of eDiscovery, ComplexDiscovery...

X-Road® In Alignment with Digital Public Goods Standard

X-Road® implements a set of standard features to support and facilitate...

Five Great Reads on eDiscovery for November 2020

From market sizing and cyber law to industry investments and customer...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

The Price of Success? The eDiscovery Pricing Survey (Winter 2021)

Based on the complexity of data and legal discovery, it is...

Deep State? Thirteen Research Reports on the State of eDiscovery Business in 2020

As part of its coverage of the business of eDiscovery, ComplexDiscovery...

A Season of Change? Eighteen Observations on eDiscovery Business Confidence in the Fall of 2020

In the fall of 2020, 77.2% of eDiscovery Business Confidence Survey...

The Continuing Case of Budgetary Constraints in the Business of eDiscovery

In the fall of 2020, 49.4% of respondents viewed budgetary constraints...

Epiq Acquires Hyperion Global Partners

According to Ziad Mantoura, SVP and General Manager for Epiq's legal...

Smarsh Acquires Digital Reasoning

According to the media release, Tim Estes, Founder and CEO of...

Reynen Court Secures Additional Funding

According to the media release, Reynen Court has secured $4.5 million...

DISCO Raises $60 Million

According to the media release, DISCO will use this investment to...

Five Great Reads on eDiscovery for November 2020

From market sizing and cyber law to industry investments and customer...

Five Great Reads on eDiscovery for October 2020

From business confidence and captive ALSPs to digital republics and mass...

Five Great Reads on eDiscovery for September 2020

From cloud forensics and cyber defense to social media and surveys,...

Five Great Reads on eDiscovery for August 2020

From predictive coding and artificial intelligence to antitrust investigations and malware,...