Must read for compliance officers: Fresh guidance from the US Department of Justice (DoJ) on effective compliance programs.
Does the company have an anonymous reporting mechanism, and, if not, why not? How is the reporting mechanism publicized to the company’s employees? Has it been used?
Are the reporting and investigating mechanisms sufficiently funded? How has the company collected, tracked, analyzed, and used information from its reporting mechanisms? Does the company periodically analyze the reports or investigation findings for patterns of misconduct or other red flags for compliance weakness.
Is the risk assessment current and subject to periodic review? Have there been any updates to policies and procedures in light of lessons learned? Do these updates account for risks discovered through misconduct or other problems with the compliance program?
Comprehensiveness – What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of risks it faces, including changes to the legal and regulatory landscape?
Responsibility for Operational Integration – Who has been responsible for integrating policies and procedures? Have they been rolled out in a way that ensures employees’ understanding of the policies? In what specific ways are compliance policies and procedures reinforced through the company’s internal control systems?
With its more comprehensive style, the DoJ provides a clearer guideline for companies about what to expect when under investigation by US authorities. Having an effective compliance program in place by the time of misconduct can have a positive effect on the outcome of the prosecution or resolution, as long as the program matches the key requirements outlined in the guide. Therefore, the updated DoJ guide is essential reading for all compliance professionals – regardless of where their companies’ headquarter are located.