inside the doj’s latest compliance program guidance · inside the doj’s latest compliance...

1

Inside the DOJ’s LatestCompliance Program GuidanceCrystal R. JezierskiJohn P. Cunningham

SCCE Regional Compliance & Ethics ConferenceWashington, DC, September 8, 2017

2017DOJ Compliance Program Evaluation Guidance

2

© 2017 Baker & McKenzie LLP

DOJ Compliance Program Evaluation Guidance

3

� Issued in February 2017

� Latest pronouncement on expectations for effective compliance programs

� Key prior guidance:

� FCPA settlement agreements and DOJ/SEC pronouncements

� FCPA Pilot Program

� Resource Guide to the FCPA

� Demonstrates increased sophistication of DOJ's compliance expertise

� "Ground rules" for

� Companies subject to federal investigation or prosecution

� Companies designing, enhancing or implementing compliance programs

� Emphasis on 11 core topic areas and program assessment questionsThe Guidance represents the most universally applicable and clearly articulated statement of

the Fraud Section’s primary focus areas when determining the efficacy of compliance programs.


Program Evaluation Areas

Analysis and remediation of underlying misconduct 1

Senior and middle management2

Autonomy and resources3

Policies and procedures4

Risk assessment5

Training and communications 6

Confidential reporting7

4

3


Program Evaluation Areas (cont’d)

Incentives and disciplinary measures8

Continuous improvement9

5

Third party management10

Mergers and acquisitions11


Overview of 11 Program Evaluation Areas

6

Aimed at determining the root cause of the misconduct subject to prosecution and identifying any early signs that should have put the company on notice of possible misconduct, as well as any remediation measures implemented by the company after discovering the misconduct.

Focuses on management's actions and statements demonstrating their leadership efforts in the company's compliance and remediation efforts. The DOJ's Fraud Section also indicates here that it expects companies to provide examples of the collaborative efforts between senior leaders and other stakeholders in a "shared commitment" to promote compliance.

1 Analysis and remediation of underlying misconduct

2 Senior and middle management

The DOJ acknowledges that it cannot mechanically apply a checklist or formula

and that each company's unique profile should be taken into consideration.

4



7

Seeks to illuminate how independent, experienced, qualified, and well-funded a company's compliance function is.

Emphasizes the importance of adopting effective compliance policies and procedures and integrating them into the existing operational framework. Specific questions ask the company to identify the employee responsible for integrating corporate compliance policies and to reveal any other positions or departments consulted during this process.

3 Autonomy and resources

4 Policies and procedures (a. Design and accessibility; b. Operational integration)





8

Targets the company's risk management process, including its procedures for regularly identifying industry, geographic, and other company-specific risks, and effectively addressing these risks through the compliance program.

Relates to employee training programs and their effectiveness, as well as senior management communications to employees made in response to misconduct. Explores whether companies provide customized training to higher-risk employees and what analysis is undertaken to determine who should be trained (and on what subjects). Also inquires into the resources available to employees to obtain guidance on compliance concerns.

5 Risk assessment

6 Training and communications



5



9

Focuses on the mechanisms available for company employees to report potential misconduct, the company's procedure for investigating reported issues, and how precisely a company responds to investigative findings, including proper staffing and matter scoping.

Seeks visibility into policies used to incentivize employees on compliance and ethical behavior and the disciplinary actions employed by companies to address compliance failures (e.g., withholding bonuses or promotions, warning letters, termination). Indicates that the Fraud Section commonly inquires about fairness and consistency in disciplinary decisions.

7 Confidential reporting and investigation

8 Incentives and disciplinary measures





10

Directed at the type and frequency of internal audits, testing, and monitoring leveraged by companies to ensure that compliance programs are being followed, are effective, and are regularly enhanced as issues or weaknesses are identified in the program.

Explores the company's procedures around the engagement, screening, monitoring, and management of third parties based on risk profile and red flags. Looks to determine whether relationship managers are trained on third-party compliance risks. Designed to explore whether mechanisms are in place to ensure that work by third parties is actually performed and whether compensation is commensurate with the services rendered.

9 Continuous improvement, periodic testing and review



Third party management10

6



11

Aimed at vetting policies and procedures intended to identify compliance risks in merger and acquisition transactions, as well as gauging the compliance function's involvement in the due diligence and compliance program integration processes.



Mergers and acquisitions11


Compliance Best Practices – Five Essential Elements

12

� We recommend an organizational framework for assessing, designing, enhancing and defending compliance programs that distills the 11 DOJ evaluation areas into essential compliance program elements:

Five Essential Elements of Corporate Compliance (Baker McKenzie) DOJ Evaluation Guidance - Topics

Leadership� Senior and Middle Management� Autonomy and Resources

Risk Assessment � Risk Assessment

Standards and Controls � Policies and Procedures� Third Party Management� Mergers and Acquisitions

Training and Communications � Training and Communications

Monitoring, Auditing, and Response

� Confidential Reporting and Investigation� Incentives and Disciplinary Measures� Continuous Improvement, Periodic Testing and Review� Analysis and Remediation of Underlying Misconduct

Take ownership of your programs: resource, tailor to risk, integrate into your business, update/enhance, and test.

7


Speakers

13

John P. Cunningham

Partner, Washington DC

+ 1 202 835 6148

[email protected]

Crystal R. Jezierski

Partner, Washington DC

+ 1 202 835 6168

[email protected]

Thank you!

8

Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a global law firm with member law firms

around the world. In accordance with the common terminology used in professional service organizations, reference to a

"partner" means a person who is a partner or equivalent in such a law firm. Similarly, reference to an "office" means an

office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results

do not guarantee a similar outcome.


www.bakermckenzie.com

inside the doj’s latest compliance program guidance · inside the doj’s latest compliance...

Documents