Bruce Ortwine (email@example.com) is a New York City-based Adviser, Global Legal and Compliance, to a major Japanese banking group.
On April 30, 2019, the U.S. Department of Justice (DOJ) Criminal Division updated its Evaluation of Corporate Compliance Programs (Guidance) on the evaluation of a company’s corporate compliance program (CCP). The evaluation is to be considered by DOJ white-collar criminal prosecutors in the event that a criminal offense is committed by an employee or third-party agent or contractor of the company. The evaluation of the CCP is offered as guidelines both to companies to determine the extent to which their own CCPs compare with the Guidance, and to prosecutors to determine whether to prosecute the company itself for the misconduct of its employee, etc. Although the Guidance provides transparency on the required components of an effective CCP, it fails to provide transparency on whether an effective CCP will spare a company from criminal prosecution.
In recent years, legal and regulatory requirements have significantly increased for corporations operating in the US and abroad. Federal and state criminal laws have been aggressively enforced for numerous types of criminal misconduct, including for crimes relating to bribery of foreign government officials and otherwise corrupt conduct, and money laundering. Moreover, a number of federal criminal laws have extraterritorial, or global, jurisdiction, meaning that a company—whether a US or a foreign entity that has contacts with the US—may be criminally prosecuted in the US for criminal misconduct that takes place outside the US.
Companies are required to have CCPs both in effect and appropriately enforced. The scope of a CCP should mirror the scope of the company’s business activities, customer base, and geographic locations in which it conducts its activities. Certain types of business activities (e.g., financial service activities), customers (e.g., cash-intensive businesses), and geographic locations (e.g., countries known as drug havens or known to have corrupt governments) are considered inherently high risk in nature. Companies need to develop comprehensive CCPs that include policies, procedures, and controls that mitigate those risks, and need to train and otherwise communicate to their employees and third parties about the requirements of full compliance with all applicable laws and regulations.