Ethics Control Blog | Ethicontrol

Compliance in 2020 - DOJ recommendations

Written by Sofia Merzlikina | 31/07/20 08:18

 

Compliance is a business process, and as a process, it can be measured, managed, and, most importantly, improved. —  T. Fox

 

Compliance as a field of study and work is a relatively new practice: it took nearly 30 years in the USA to recognize the importance of compliance in managing a business. Good relations between the business and the government are the key to economic growth - that’s why not only we emphasize the importance of compliance in this process but DOJ. 

Image: DOJ

 

We will skip the vast historical background of compliance (which of course takes more than 30 years) and stop on the critical day of compliance recognition. 1995 is the year when companies that have compliance systems get credit for the first time compared to the companies which don’t. Seems like a small step, but it was revolutionary: right after the implementation of government policy on compliance the world of compliance started to evolve, even though at a quite low speed. 

To give preference to specific compliance systems and encourage the companies with comprehensive guidelines, federal prosecutors needed a set of criteria. The lack of evaluation criteria is still a weak spot in compliance, which takes two directions: criteria are insufficient or inappropriately designed. By inappropriate design, we mean the juridical approach to business matters which couldn’t show any effectiveness for years. At first, DOJ hired experts for creating the guidelines for compliance with no experience in corporate culture and business management, and that had to change.

 

Timing

 

Let’s have a look at the compliance development timeline to make it more clear:

  • 1995 - first encouragement from the government to the companies which have taken substantial compliance measures

  • 1999 - compliance programs take part in prosecutorial decision-making by the decision of the DOJ
  • 2015 - DOJ finally acquires compliance expertise
  • 2017 - DOJ issues Evaluation of Corporate Compliance program
  • 2020 - New criteria added to the Evaluation of Corporate Compliance.

 

A prominent breakthrough in compliance happens in 2015 when DOJ applies to its work a simple but fundamental truth - only business knows what works for business and what makes it fail. Therefore, that’s obligatory for lawyers who participate in the drafting of compliance programs and later their evaluation to have relevant corporate compliance experience. 

Compliance becomes a serious tool that now comes not from lawyers to lawyers but from lawyers to businesses. With a strong compliance system the company wins a favorable attitude from the government from a long-term perspective: no especially close monitoring from the DOJ, accusations of breaking FCPA, and financial risks. That’s true only if everything is in order, of course. 

Now, when compliance rules are closer to business realities, we can have a closer look at DOJ 2020 recommendations for compliance departments. Nothing radically new but an updated guideline with attention to detail - that’s a result of the 2019-2020 DOJ examination of business needs.

 

New guidance

 

What’s on the list?

  • Compliance evaluation has changed - now DOJ doesn’t recognize “one size fits all” solutions. The companies may be evaluated individually according to the location, industry’s features, and more - it’s better to be prepared.
  • Policies should be not only published but accessible. This access should be tracked to understand which strategies get more attention from employees who are relevant for certain activities.
  • Short training sessions for the staff are to replace the long ones. DOJ emphasizes the importance of efficient ad hoc training which works on a short-term perspective and concentrates on the moment of “now.”
  • Enhancing risk assessment by considering regional specifics of business units (close attention should be paid to third parties).
  • A compliance program should be both well-financed and have a sufficient headcount to be efficient.
  • Every change in the compliance program should be documented, with no exceptions.
  • Periodic review of risk assessment is a must: programs should be regularly updated accordingly to detect breaches.
  • The performance of control personnel and compliance should be evaluated. According to this evaluation, the company should invest in the further development of the staff or change its strategy.
  • Close attention to third parties which pose the highest risk of breaking FCPA - you should always evaluate if a third party partner is inevitable in doing business overseas.
  • Particular attention should be given to data processing, storage, and utilization.

 

Again, nothing new, but DOJ added several essential details to the compliance evaluation that we can’t miss. Our conclusion is simple: compliance still needs to reinvent itself and prove its worthiness with no exceptions during the pandemic time.

 

Bribery and corruption under the FCPA have been illegal since 1977, and they remain so today. Compliance programs are the way to operate within the boundaries of the law; this is true even now. - T. Fox 

 

Compliance, therefore, may change its form but we need to consider that it’s still about fairness and strict abidance by law.

 

We are thankful to Corporate Compliance Insights for their detailed reviews of DOJ recommendations and professional comments on the topic.
View full post