Editor’s Note: The Criminal Division earlier this month announced the release of a guidance document for white-collar prosecutors on the evaluation of corporate compliance programs. The document, entitled “The Evaluation of Corporate Compliance Programs,” updates a prior version issued by the Division’s Fraud Section in April 2019. The guidance document sets forth topics that the Criminal Division has frequently found relevant in evaluating corporate compliance programs and it may be beneficial for legal, business, and information technology professionals in the eDiscovery ecosystem as they consider audits, investigations, and litigation in the area of corporate compliance.
An extract from the updated DOJ Criminal Division Evaluation of Corporate Compliance Programs Document
Evaluation of Corporate Compliance Programs
General Introduction Extract
This document is meant to assist prosecutors in making informed decisions as to whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligations).
Because a corporate compliance program must be evaluated in the specific context of a criminal investigation, the Criminal Division does not use any rigid formula to assess the effectiveness of corporate compliance programs. We recognize that each company’s risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make a reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program. There are, however, common questions that we may ask in the course of making an individualized determination. As the Justice Manual notes, there are three “fundamental questions “a prosecutor should ask:
- “Is the corporation’s compliance program well designed?
- “Is the program being applied earnestly and in good faith? “In other words, is the program adequately resourced and empowered to function effectively?
- “Does the corporation’s compliance program work “in practice?
See JM 9-28.800.
Mergers and Acquisitions Section Extract
A well-designed compliance program should include comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls. Pre-M&A due diligence, where possible, enables the acquiring company to evaluate more accurately each target’s value and negotiate for the costs of any corruption or misconduct to be borne by the target. Flawed or incomplete pre- or post-acquisition due diligence and integration can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.
The extent to which a company subjects its acquisition targets to appropriate scrutiny is indicative of whether its compliance program is, as implemented, able to effectively enforce its internal controls and remediate misconduct at all levels of the organization.
- Due Diligence Process – Was the company able to complete pre-acquisition due diligence and, if not, why not? Was the misconduct or the risk of misconduct identified during due diligence? Who conducted the risk review for the acquired/merged entities and how was it done? What is the M&A due diligence process generally?
- Integration in the M&A Process – How has the compliance function been integrated into the merger, acquisition, and integration process?
- Process Connecting Due Diligence to Implementation – What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post-acquisition audits, at newly acquired entities?
Evaluation of Corporate Compliance Programs (PDF) Mouseover to ScrollEvaluation-of-Corporate-Compliance-Programs-June-2020-Revision
- The Workstream of eDiscovery: Considering Processes and Tasks
- New From NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)
Generative Artificial Intelligence and Large Language Model Use
ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude 2, Midjourney, and DALL-E3, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).
ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.
ComplexDiscovery is a distinguished digital publication that delivers journalistic insights into cybersecurity, information governance, and eDiscovery developments and technologies. It adeptly navigates the intersection of these sectors with international business and current affairs, transforming relevant developments into informational news stories. This unique editorial approach enables professionals to gain a broader perspective on the intricacies of the digital landscape for informed strategic decision-making.
Incorporated in Estonia, a nation celebrated for its digital innovation, ComplexDiscovery OÜ adheres to the most rigorous standards of journalistic integrity. The publication diligently analyzes global trends, assesses technological breakthroughs, and offers in-depth appraisals of services involving electronically stored information. By contextualizing complex legal technology issues within the broader narrative of worldwide commerce and current events, ComplexDiscovery provides its readership with indispensable insights and a nuanced understanding of the eDiscovery industry.