Skip to main content
Top Button

Corporate Prosecutions: Department of Justice Issues Guidance on Evaluating Internal Compliance Prog

February 22, 2017 by
Corporate Prosecutions: Department of Justice Issues Guidance on Evaluating Internal Compliance Programs
Investigation and prosecution of corporations is nothing new for the U.S. Department of Justice. In fact, in her September 2015 memorandum on the subject, former Deputy Attorney General Sally Yates noted that “[f]ighting corporate fraud and other misconduct is a top priority of the Department of Justice.” ( This renewed focus by the Department on corporate wrongdoing means that companies in all sectors of the economy need to be increasingly vigilant in maintaining and improving their internal compliance programs. For more information on the Yates memo, see Ice Miller’s summary of key provisions at
When deciding whether or not to charge a corporation criminally, prosecutors will consider the effectiveness of a corporation’s compliance program and its efforts to take remedial action in the wake of a breach. Recently, the Fraud Section of the DOJ published a list of common questions that it is likely to ask when evaluating a company’s compliance program. While each investigation will be tailored in part to the particular corporate structure of the company being investigated, these questions are important to keep in mind in developing and maintaining a corporate compliance program. For example:
  • What were the actions of a company’s senior leadership both in discouraging the misconduct and in undertaking remedial efforts after there has been a breach?
  • How does compliance fit into the overall culture of a corporation? Do compliance professionals have sufficient autonomy to do their jobs effectively? Are compliance departments adequately funded and supported within the company?
Overall, the Department breaks down its analysis of compliance programs into nine separate categories:
  1. Analysis and remediation of underlying misconduct;
  2. Senior and middle management
  3. Autonomy and resources;
  4. Policies and procedures;
  5. Risk assessment;
  6. Training and communications;
  7. Confidential reporting and investigation;
  8. Incentives and disciplinary measures; and
  9. Continuous improvement, periodic testing and review.
For a more detailed explanation of these categories, see:
Companies should keep each of these questions in mind in evaluating their internal compliance programs and making changes even before an investigation is looming.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances. 

View Full Site View Mobile Optimized