Communications Litigation Today was a Warren News publication.
NOTE: The following report appears in both International Trade Today and Export Compliance Daily.

Justice Department Signals Higher Expectations for Compliance Programs in Guidance

The Justice Department released an updated compliance program guidance urging industry to rely more on data, learn from past compliance penalties and improve compliance training. But the guidance, issued June 1, also introduces a “subtle” shift in how prosecutors will assess compliance programs, law firms said: More of an emphasis will be placed on determining whether programs are built to adapt to new compliance risks or whether they only rely on bare minimum measures.

“DOJ is taking a hard look at whether corporations are merely taking a ‘snap shot” of compliance risk and then relying on outdated, static compliance responses or are developing … [a] program that is constantly reassessing risks,” Loeb & Loeb said in a June alert. The agency wants companies to be “thoughtful and creative” when thinking of ways to evolve their compliance programs, especially through the use of data, said Morrison & Foerster. “Companies should be … thinking through the ways its organization can utilize data to identify patterns, trends, relationships, and anomalies as real-time early warning systems,” the law firm said in a June 3 alert.

In the guidance, the Justice Department said it will review whether companies are implementing “periodic” updates to policies, procedures and compliance controls to identify risks resulting from outdated programs. Companies should also be examining risks from faulty compliance programs run by “other companies operating in the same industry.” The guidance contains a list of government compliance guidelines, including the Treasury Department's framework for sanctions compliance (see 1905030055).

The Justice Department also emphasized employee compliance training. While the agency said any training is useful, companies should constantly monitor whether the training is proving effective. “The Guidance instructs prosecutors to ask whether the company has evaluated the extent to which training has had an impact on employee behavior and operations,” Morrison & Foerster said. Prosecutors should also look for whether a company’s compliance policies and procedures are published in a “searchable format” for easy access and whether “the company tracks access to the various policies” to identify “which ones are attracting more attention from relevant employees.”

The guidance “leaves little doubt that DOJ expects companies to constantly monitor compliance risk and the effectiveness of corporate compliance programs in addressing this risk,” Loeb & Loeb said. It also represents the Justice Department’s “heightened focus and increasing sophistication” when evaluating compliance programs during investigations, Sidley Austin said in a June 4 post. The law firm said companies should review the guidance and update their programs “before a problem arises.”