On April 30, 2019, Assistant Attorney General (AAG) Brian A. Benczkowski issued an updated version of the Department of Justice’s (DOJ) guidance document “Evaluation of Corporate Compliance Programs,” which is intended to assist prosecutors in evaluating corporate compliance programs and guide corporations in creating them. The new guidance rewrites a prior version issued in February 2017 and consolidates several DOJ sources used to evaluate compliance programs. DOJ’s stated goal in this recent update is to “better harmonize the guidance with other Department guidance and standards while providing additional context to the multifactor analysis of a company’s compliance program.”
Compliance as preventive medicine
As healthcare companies know all too well, the DOJ is often the ultimate arbiter of a business’s compliance program, regardless of industry or business size. Accordingly, although written for prosecutors, the guidance provides a helpful road map for businesses reviewing and updating their compliance plans and should be considered mandatory reading for those operating in highly regulated industries, such as healthcare, life sciences, financial services, and energy. As the healthcare industry regularly accounts for the vast majority of collections from DOJ’s civil enforcement (more than $2.5 billion—nearly 87% of the total recoveries in FY 2018), compliance remains critically important as preventive medicine for providers. As such, this guidance is instructive not only for companies that are currently under government scrutiny, but also for companies that are building or updating their compliance programs.
Prosecution of business organizations
For companies and prosecutors looking to analyze a compliance program, the new guidance is intended to be comprehensive. Though neither binding law nor a “rigid formula” that prosecutors must follow, the guidance does reveal design and implementation elements that create a strong corporate compliance program from DOJ’s perspective.
Several DOJ documents already inform how prosecutors and courts assess a corporation’s compliance program. For example, the Justice Manual (formerly known as the U.S. Attorney’s Manual), the main source of DOJ policies and procedures, includes “Principles of Federal Prosecution of Business Organizations.” Those principles—often referred to as the “Filip Factors” from their author, then Deputy Attorney General Mark Filip—are factors that prosecutors should consider when assessing a compliance program and deciding whether to prosecute. These factors include “the adequacy and effectiveness of the corporation’s compliance program” at both the time of the offense and the time of the charging decision, and remedial efforts to “implement an adequate and effective corporate-compliance program or to improve an existing one.”
In February 2017, DOJ’s Fraud Section provided insight into how federal prosecutors evaluate the adequacy of a compliance program by releasing 119 “common questions that [DOJ] may ask in making an individualized determination” regarding corporate compliance programs. The 2017 guidance offered some general questions that prosecutors might ask to make an assessment, but it did not provide the corresponding answers on compliance program effectiveness, nor did it offer a checklist or formula for evaluating a program.
The effectiveness of compliance programs currently appears in other DOJ policy memoranda as well as in the U.S. Sentencing Guidelines Manual (USSG), although there is no substantial guidance for prosecutors. Specifically, USSG §§ 8B2.1, 8C2.5(f), and 82C.8(11) provide that, when calculating an appropriate fine, prosecutors should give consideration to whether a corporation had an effective compliance program in place at the time of misconduct. In addition, in October 2018, AAG Benczkowski issued a new memorandum entitled, “Selection of Monitors in Criminal Division Matters,” which applies to Criminal Division matters. The memo instructs prosecutors to consider, at the time of resolution, whether the corporation has made “significant investments in, and improvements to, its corporate compliance program and internal controls systems,” and whether “remedial improvements to the compliance program” have been tested to demonstrate that the program would prevent or detect similar misconduct.