The Department of Justice’s updated guidance about compliance programs emphasizes the department’s focus on whether a company’s program actually works “on the ground.” In doing so, it challenges covered entities to consider whether their program addresses their particular compliance risks, whether it does so in a way that develops to account for new data, and whether employees understand the compliance requirements and where to go if they need help. The update notes that DOJ is well-positioned to test these questions by evaluating a corporate compliance program at a granular level. At the same time, it suggests that the department is willing to consider that a private regional enterprise doesn’t need the same multi-million-dollar compliance program as a Fortune 100 company.
