Skip to main content
Top Button
DOJ Updates Guidance Regarding Corporate Compliance Programs DOJ Updates Guidance Regarding Corporate Compliance Programs

DOJ Updates Guidance Regarding Corporate Compliance Programs

The Department of Justice (DOJ) emphasizes the effectiveness of a company’s compliance program in new guidance that addresses how it will assess such programs in criminal cases. Released on April 30, the “Evaluation of Corporate Compliance Programs”[1] expands on what the DOJ will look for in a compliance program and emphasizes the importance of a system customized to meet the particular characteristics of a company. While the updated guidance does not reflect a major change in focus, it does provide a more detailed roadmap for companies, compliance officers and counsel seeking to establish a robust compliance program that will reduce the risk of misconduct and meet prosecutors’ expectations.

The statement updates the DOJ’s February 8, 2017 list of questions for prosecutors to consider in measuring a company’s commitment to compliance, a key factor in determining whether credit is warranted as part of a corporate resolution. The three “fundamental questions” that form the basis of an evaluation of a compliance program, not surprisingly, remain the same bedrocks of this assessment. Prosecutors are still directed to ask:
  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively?
  3. Does the corporation’s compliance program work in practice?[2]
The new guidance maintains the format of question-based topics around which the 2017 document is organized. The principal changes within the new guidance are an expanded analysis of the topics that includes an explanation of the relevance of each and the incorporation of language from the U.S. Sentencing Guidelines and the DOJ’s Justice Manual, an effort to “better harmonize the guidance with other Department guidance.”[3] Notably, the new guidance also includes an additional topic (increasing the total from 11 to 12), Investigation of Misconduct, as a new factor for consideration. This factor is part of the core focus on whether the company’s compliance program works in practice. (The other topics in this grouping are Continuous Improvement, Periodic Testing and Review along with Analysis and Remediation of Any Underlying Misconduct.) The updated guidance emphasizes the need for “a well-functioning and appropriately funded mechanism for the timely and thorough” investigation of suspected misconduct. It also highlights the importance of establishing and publicizing an anonymous reporting system, as well as tracking investigation results and using them to make improvements. Companies are well advised to compare their approaches to compliance against these benchmarks—and to do so explicitly by referencing what the DOJ is recommending.

The updated guidance highlights the need for customized compliance programs designed to meet the particular characteristics of each company. Accordingly, the DOJ will not employ a rigid formula to measure a program’s effectiveness, but rather, will “make an individualized determination in each case.”[4] As a result, the policy allows a company to fashion an appropriate compliance program that addresses the specific risks it faces. The updated guidance illustrates this principle by providing examples of varied, but effective, approaches companies have taken.


While the DOJ’s most recent update does not represent a sea change as to what the DOJ expects in a compliance program, it does provide a more detailed and practical understanding of what constitutes effective compliance from its perspective. By adding context, providing examples and underscoring key features, the new guidance serves as a valuable aid for companies interested in mitigating risk and potentially benefiting from these additional compliance features should it be necessary to engage in a dialogue about how the company attempted to curtail unlawful conduct. It is vital for companies to have a strong internal elaboration of the risks and the mitigation steps, including compensating controls, so that any conversation with the DOJ can be grounded in a thoughtful manner.

For more information, please contact Tim Belevetz, Dan Polatsek, Guillermo Christensen or another member of our White Collar Criminal Defense & Investigations team.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.
[1] U.S. Department of Justice, Criminal Division, “Evaluation of Corporate Compliance Programs” (April 30, 2019) (“Guidance”).
[2] Id. at 2.
[3] U.S. Department of Justice, “Criminal Division Announces Publication of Guidance on Evaluating Corporate Compliance Programs” (April 30, 2019), available at
[4] Guidance at 1.
View Full Site View Mobile Optimized