The pixel Skip to content

Client Advisory: DOJ 2019 Evaluation of Corporate Compliance Programs

Home > Perspectives > Client Advisory: DOJ 2019 Evaluation of Corporate Compliance Programs

Assistant Attorney General Brian Benczkowski announced on April 30 that the Department of Justice’s (DOJ) Criminal Division has issued updated guidance for prosecutors evaluating whether corporate compliance programs are adequately designed when weighing the factors in the Principles of Federal Prosecution of Business Organizations.[1] Titled “Evaluation of Corporate Compliance Programs (ECCP)” [2]  (the “2019 Guidance”), the document seeks to guide prosecutors in their decision to charge or reach a disposition. The previous version of this document was released in February 2017 by the Criminal Division’s Fraud Section.[3] 

The 2019 Guidance covers familiar territory relating to core compliance requirements, such as the importance of a risk assessment, policies and procedures, training, and the need for strong management—and in those respects, is not radically different from its predecessor. At 18 pages, however, the document is more than twice the length of the 2017 version (which listed 11 sample topics along with questions for prosecutors to consider in their determination of a corporation’s commitment to compliance). The 2019 Guidance is not only more comprehensive, with greater context, but also breaks down in detail the issues prosecutors should consider when evaluating the effectiveness and sustainability of corporate compliance programs.

The document begins with three “fundamental questions” that prosecutors should ask themselves when contemplating the charging decision, and offers considerations for each:

  • Is the compliance program well designed? Considerations here include an evaluation of a corporation’s risk assessment, policies and procedures, training and communications, confidential reporting structure and investigation process, third party management, and mergers and acquisitions.
  • Is the compliance program being implemented effectively? Factors that are relevant to this question include an evaluation of the commitment by senior and middle management, and whether the compliance and relevant control functions have sufficient autonomy and resources.
  • Does the compliance program work in practice? Key factors in this analysis include an evaluation of the corporation’s continuous monitoring of activity, periodic testing and review, its track record of investigating misconduct, and whether the company has remediated any underlying misconduct

The 2019 Guidance provides a clearer, more detailed roadmap for prosecutors to follow when evaluating corporate compliance programs and reinforces the need for corporations to demonstrate that their programs are not just effective at one point in time, but are responsive to the changing compliance landscape. The new guidance is therefore far more expansive than its predecessor. Some of the issues it emphasizes include:

    • Continuous improvement to the compliance program, noting that this is one hallmark of an effective compliance program. Although the previous guidance contained a section on this topic, the 2019 Guidance also includes questions about the company’s compliance culture.
    • The need for sustainable compliance programs, an issue the 2017 version did not directly address. In fact, the 2019 Guidance notes that prosecutors have discretion to “reward efforts to promote improvement and sustainability,” and suggests that “prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale.”
    • A fully integrated approach to corporate compliance that includes obtaining critical feedback from business units.
    • An evaluation of how the corporation collects, tracks, analyzes and uses information from its reporting mechanisms. This question was not included in the 2017 guidance.
    • Investigation into misconduct, including a “mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents.” This topic was not included in the 2017 guidance.  

Ever since the original “Thompson Memorandum” in 2003 criticized compliance programs that were “mere paper programs,”[4] corporations have sought guidance from the government on ways they can ensure that their programs pass muster. In this vein, the 2019 Guidance will be a welcome addition and will allow companies who use it effectively to evaluate their own programs and move quickly to meet new or changing risks.

[2] U.S. Department of Justice Criminal Division, Evaluation of Corporate Compliance Programs, updated April 2019, available at
[3] U.S. Department of Justice Criminal Division Fraud Section, Evaluation of Corporate Compliance Programs, February 8, 2017. 
[4] Memorandum from Deputy Attorney General Larry D. Thompson, January 20, 2003, at 1, available at….

The risk landscape is constantly changing. Hear about the latest with Exiger.