Navigating DOJ’s Compliance Program Guidance
In April this year, the U.S. Department of Justice (DOJ) Criminal Division released their latest guidance for corporate compliance programs in Justice News. “The Evaluation of Corporate Compliance Programs,” was originally issued by the Division of Fraud in 2017. In this critical 2019 policy update, Assistant Attorney General, Brian A. Benczkowski, said it best, “Effective compliance programs play a critical role in preventing misconduct, facilitating investigations, and informing fair resolutions.”
DOJ Criminal Division looked to prosecutors’ recent experiences in evaluating corporate compliance programs to help inform the newest policy updates. Prosecutors asked (and will continue to ask) these three questions to help determine whether a compliance program is practically designed.
Is the compliance program:
well-designed?
effectively implemented?
actually working in practice?
The DOJ also outlines several key elements that should be factored into any well-designed compliance program, such as:
company policies and procedures
mergers and acquisitions
All of these elements are important, but just because something is well-designed doesn’t mean it will be used as expected. I like to refer to those compliance programs as the “dog and pony shows.” They may look good on paper but are meaningless at the end of the day. You have to have the courage to ask yourself if you’ve created a culture that truly encourages use of a hotline and anonymous tip program. Prosecutors know that intent is as important as content. For example, many of us remember the sad story of Enron and the wake of devastation they left behind. Sadly, their 60-plus page Code of Ethics now has more value a dusty, iconic symbol of greed on eBay than the well-written program that sat at the core of their risk reduction program. Enron was simply checking the box and the damage that can happen when short-term thinking and profit take precedence over doing the right thing.
Nothing encourages use of hotlines and case management solutions like having a “confidential reporting structure and investigation process.” There are a lot of companies that have a hotline and case management system who never promote it or benefit from it; why spend time, money, and resources just to “check the box”?
In my career in compliance, I have routinely heard statements like,
“Yes, we need a hotline/helpline, but we aren’t really going to promote it”, or
“What if someone reports a real concern, then it will be discoverable” or
“If we encourage employees to use it, then 80% of what we receive will be meaningless complaints about co-workers stealing lunches or double parking.”
I would rather sift through a large pile of employee complaints if it meant, even for a moment, there was a chance to manage my corporate risk more proactively and I could catch employee concerns before they blow-up in the press and every corner of the internet. As we all know, Social Media can be a friend or an adversary; it’s more important than ever that companies adapt to a rapidly changing social and business climate.
Know your risks! Understand your blind spots! It’s like the old saying about not knowing what you don’t know. How can you investigate, understand, and mitigate real employee concerns that you aren’t aware of? If the problem is compounded by a lack of where and how to report concerns, it sends a message that maybe their opinion isn’t wanted. If people feel uncomfortable speaking with HR or management directly, they have many outside options to speak-up. The #MeToo movement is a perfect example of this phenomena.
I’ll hop off my compliance stump for now and leave you with this, if your company is subject to US jurisdiction, (and there’s a decent chance you or your company is), then it’s worth your time to read the updated compliance guidance from the DOJ, think like a prosecutor and start answering those three magic questions! Design, Implement, Apply!
Keep up with Ethix360 for more information on the challenges compliance, legal and HR professional face.
The ETHIX360 blog brings you weekly updates on all things human resources and compliance.
MEET THE AUTHOR
Stephanie Farmer is a seasoned ethics and compliance (E&C) professional. She has earned an MA in both Business and Professional and Applied Ethics and is a graduate of The Ethics & Compliance Initiative Managing Ethics in an Organization Program. Prior to and during her E&C career, Stephanie served in the United States Marine Corps Reserves and the North Carolina Air National Guard.
ABOUT ETHIX360
At ETHIX360, our goal is simple: to provide an affordable, flexible, and comprehensive answer to employee communication, policy management, corporate training and case management on issues related to corporate ethics, code of conduct, fraud, bribery, and workplace violence.
