Must read for compliance officers: Fresh guidance from the US Department of Justice (DoJ) on effective compliance programmes.
Policies and Procedures: Access and Tracking
At a bare minimum, the Guidance states that corporations must demonstrate a robust code of conduct for the whole organisation and emphasises the importance of established policies and procedures that incorporate the culture of compliance into the company’s day-to-day operations.
The 2020 update increases the emphasis on employee access to policies and procedures and suggests companies might use policies as a tracking tool. The 2020 update includes the following changes to the section on accessibility (2020 update in bold):
“How has the company communicated its policies and procedures to all employees and relevant third parties? If the company has foreign subsidiaries, are there linguistic or other barriers to foreign employees’ access? Have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?”
Whistleblowing System: For Third Parties and User-Friendly
For assessing the effectiveness of the internal whistleblowing system, the DoJ has added (changes in bold):
“Does the company have an anonymous reporting mechanism, and, if not, why not? How is the reporting mechanism publicized to the company’s employees and other third parties? Has it been used? Does the company take measures to test whether employees are aware of the hotline and feel comfortable using it?”
This update strengthens the onus on corporations regarding their whistleblowing systems. In 2019 the Guidance mentioned “anonymous reporting mechanism” for the first time. This challenged corporations only offering an email address or a phone number for employees to speak up. From an organisational perspective, offering truly anonymous reporting channels is beneficial: studies indicate that companies who offer specialised channels receive more reports, and 59% of reporters choose to report anonymously when this option is available.
However, as per the 2020 update, companies should not simply be content offering an anonymous reporting mechanism, they should aim to widen its reach and consider making it available to other stakeholders beyond their own employees. The change also indicates that it is not enough for companies to simply offer an anonymous whistleblowing tool; they need to ensure that it is well-publicised and user-friendly.
One-size Doesn’t Fit All
The 2020 Guidance underscores the importance of prosecutors understanding each company’s unique circumstances and how they have influenced the development of its compliance programme. For example, prosecutors “should endeavour to understand why the company has chosen to set up the compliance programme the way that it has, and why and how the company’s compliance programme has evolved over time.”
It now asks prosecutors to make a “reasonable, individualized determination in each case” when evaluating a company’s compliance programme, taking into consideration the company’s “size, industry, geographic footprint, and regulatory landscape,” as well as the reasons why a company chose its programme’s structure and how the programme has evolved over time.
With this update the DoJ provides clearer guidelines for companies on what to expect when under investigation by US authorities. Having an effective compliance programme in place when misconduct takes place can have a positive effect on the outcome of the prosecution or resolution, as long as the programme matches the key requirements outlined in the guide. Therefore, the updated DoJ guide is essential reading for all compliance professionals – regardless of where their company is based.