During remarks at NYU Law’s Program on Corporate Compliance and Enforcement, Assistant Attorney General Kenneth Polite addressed the Department of Justice’s focus on white collar compliance. Polite provided some insight into what DOJ looks for in a corporate compliance program and suggested DOJ could require company CEOs and CCOs to personally certify as to the efficacy of their compliance programs and the accuracy of certain reporting.
Polite acknowledged the challenges facing compliance offices and their role in prevention. “That is why we closely evaluate corporate compliance programs during our corporate investigations and after our corporate resolutions, and give significant credit to companies that build strong controls to detect and prevent misconduct,” Polite remarked.
In his remarks, Polite provided more detail about how DOJ evaluates corporate compliance programs to ensure that companies are designing and implementing effective compliance systems and controls. Simply having programs in place isn’t enough, Polite indicated, stating that DOJ expect programs to be well-designed, adequately resourced, and empowered, and to actually work in practice.
In assessing whether a program is well-designed, DOJ will examine a company’s process for assessing risk and whether a tailored program was built to address a specific risk profile. “We want to see whether the company has implemented policies and procedures that are designed to address the key risk areas identified in its risk assessments, and that those policies and procedures are easily accessible and understandable to the company’s employees and business partners,” Polite explained. “We want to see that the company has established a process for reporting violations of law or company policy that encourages employees to speak up without fear of retaliation, and that those reports are taken seriously, appropriately documented, investigated, and—if substantiated—remediated.”
In the area of resources, Polite noted that DOJ looks beyond financial resources, headcount, and reporting hierarchies. “We will review the qualifications and expertise of key compliance personnel and other gatekeeper roles,” he remarked. “We want to know if compliance officers have adequate access to and engagement with the business, management, and the board of directors. We seek to understand whether and how a company has taken steps to ensure that compliance has adequate stature within the company and is promoted as a resource.”
Finally, DOJ wants to see evidence that the program works in practice. The department will consider whether a company is continuously testing the program’s effectiveness and making improvements, and whether the company can identify compliance gaps or violations. Other areas of focus include root cause analyses and whether the program results in successful outcomes, such as avoiding violations or disciplining misconduct.
Polite also addressed how the department determines whether a company is creating a culture of ethical practices and what DOJ considers when deciding whether to impose an independent corporate monitorship. “Our message is clear – companies that make a serious investment in improving their compliance programs and internal controls will be viewed in a better light by the Department,” Polite remarked. “Support your compliance team now or pay later.”
In order to ensure that chief compliance officers are empowered, Polite is considering requiring additional certifications from a company’s CEO and CCO. For example, when a company reaches the end of a deferred prosecution or non-prosecution agreement, DOJ is considering requiring the CEO and CCO to certify that the company’s compliance program is reasonably designed and implemented to detect and prevent violations of the law, and is functioning effectively. In cases where a monitor is not imposed and a company is required to provide annual self-reports on the state of their compliance programs, Polite’s team will consider requiring the CEO and the CCO to certify that all compliance reports submitted during the term of the resolution are true, accurate, and complete.
Polite emphasized that these steps are not intended to be punitive. Rather, this step “is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making,” Polite remarked. “It is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has an ethical and compliance focused environment.”
Source:
