In 2020, the DOJ emphasized another two key points with its publication of: Evaluation of Corporate Compliance Programs (2020 Guidance):
Corporate compliance programs, to be deemed genuine and effective by the DOJ, must be examined, tested, and updated on a continual basis, including (and perhaps especially) during a government investigation.
Compliance efforts should integrate current data analytics, capabilities wherever possible. If deficiencies are found, then changes should be made, and the 2020 Guidance makes clear that DOJ expects regular review of compliance efforts.
The quality of a company’s compliance program continues to be a major factor in deciding on the appropriate resolution of a government investigation. The 2020 Guidance makes clear a program’s effectiveness will be considered at the close of an investigation as well as when the underlying company conduct occurred.
Consequently, under DOJ policy, the strength of a company’s past and present compliance efforts will ordinarily have an effect on the terms of a resolution, including the often quite important matter of whether a monitor is required (and the scope of a monitorship).
The DOJ’s guidance can help business leaders make decisions to lessen exposure to investigations.
Effective compliance programs will not only show people what they should do, it will help those people understand what they should not do. In addition, they may also profile the consequences that follow for bad behavior.
If a company invests the time to show a person how to make the right decisions, and it requires the people to acknowledge that they understand corporate policy, the business protects itself. Good compliance programs will encourage both corporate accountability, and personal accountability. If there is a breach of policy, the company should create a record and demonstrate the steps that it has taken to make things right.
To demonstrate individual accountability, the company will record disciplinary measures taken against people charged with violations of compliance policies. If a company shows that it pays more than lip service to compliance, it may lessen exposure to a government investigation.
Compliance programs serve as an insurance policy. Although business leaders may strive to do the right thing every time, rogue employees can expose the business to risks. The compliance program may influence the lens through which prosecutors view the company. That said, some metrics show that the mere existence of a compliance program doesn’t show commitment to compliance. Solely requiring employees to sign forms showing that they’re familiar with the corporate polices won’t move the needle if a pattern of fraud is uncovered.
In 2012, the prosecutors brought criminal charges against Garth Peterson, a trader at Morgan Stanley. Documents noted that Peterson had gone through seven compliance-training sessions and 35 related reminders on bribery. Despite that training, he pleaded guilty to bribery charges. Compliance initiatives had little influence on Peterson, because he viewed them as pro forma, something he needed to do in order to keep his job.
If a business doesn’t create a compliance program with robust follow-through, it may be ineffective and dubious from the perspective a government investigator. Prosecutors will not give credit for compliance programs that fail to inspire appropriate conduct.
A company protects itself when it comes up with innovative ways to help people within the organization embrace the principles of compliance—but also understand the consequences for non-compliance.