Client Alert – DOJ Criminal Division Releases Guidance on Evaluation of Corporate Compliance Programs

May 03, 2019
  • FisherBroyles News
  • Pharmacy Law

The Criminal Division of the United States Justice Department (DOJ) recently released a guidance document for its prosecutors as an adjunct to the agency’s Justice Manual. The Manual provides direction to prosecutors on the factors they should consider when conducting an investigation into alleged corporate wrongdoing. The adequacy and effectiveness of a corporation’s compliance program is one of the factors to be examined.  The “Evaluation of Corporate Compliance Programs” Guidance is meant to “assist prosecutors in making informed decisions as to whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution” for purposes of determining DOJ’s future course of action regarding any wrongdoing at the company.

While geared specifically to prosecutors, the head of DOJ’s criminal division, Brian Benczkowski, stated during prepared remarks earlier this week, “In drafting the updated version of the document, we have sought to provide additional transparency in how we will analyze a company’s compliance program.”

The Guidance is broken down into three parts, focusing on three “overarching questions” that prosecutors should consider when evaluating compliance programs:

  • Is the program well designed?
  • Is the program effectively implemented?
  • Does the compliance program actually work in practice?

I.     Is the compliance program well designed?

Section I of the Guidance focuses on some of the criteria that should be considered during an evaluation of the compliance program itself.

Prosecutors will evaluate whether or not a company has sufficiently and thoroughly considered its risks based upon its particular line of business, including the process used in assessing those risks, how resources are allocated to address those perceived risks and how the risk assessment is kept updated – particularly in regard to “lessons learned” from instances of misconduct.

Other areas covered in section I of the Guidance discusses compliance policies and procedures (essentially a code of conduct), training and communication regarding those policies and procedures, reporting and investigation processes and the management of risks associated with third parties and related due-diligence based on the nature of those relationships and the potential risks. Due diligence related to mergers and acquisitions are also addressed in this section.

II.     Is the Corporation’s Compliance Program Being Implemented Effectively?

Prosecutors will also look to whether or not even a well-designed compliance program is implemented in a way that, in practice, offers more than just a commitment on paper. Section II suggests that prosecutors evaluate the program by looking for “high-level commitment” by company leadership, including oversight, evidence of an adequately staffed compliance team (seniority, authority, experience, funding), and a process for disciplinary action (or incentives) that is managed consistently across the organization.

III.     Does the Corporation’s Compliance Program Work in Practice?

As noted in the Guidance, one of the most difficult tasks that prosecutors face is the “backwards looking” task of assessing a compliance program’s effectiveness at the time of the offense. Therefore, this phase of the assessment entails consideration of how the misconduct was initially detected, what resources were in place to investigate any suspected misconduct and the nature of the company’s remedial efforts. Prosecutors will look for evidence of internal audits, investigations that are “properly scoped” and run by qualified personnel and, very importantly “root cause” analysis and efforts at remediation, including an assessment of why existing policies and procedures failed.

The Guidance recognizes that each company is different, and that no criminal investigation can be conducted by a “one size fits all” approach. However, the document does present companies with very clear guideposts as to what they should be doing in terms of constructing and implementing a compliance program that would pass muster should they ever be the object of a DOJ criminal investigation.

For a review of your existing compliance program or the creation of a new one, please contact any member of the FisherBroyles Pharmacy and Health Care Law team.

Brian Dickerson, FisherBroyles Partner
Brian E. Dickerson
[email protected]

Anthony Calamunci, FisherBroyles Partner
Anthony Calamunci
[email protected]

Nicole Waid, FisherBroyles Partner
Nicole Hughes Waid
[email protected]

Amy Butler, FisherBroyles Partner
Amy Butler
[email protected]



About FisherBroyles, LLP

Founded in 2002, FisherBroyles, LLP is the first and world’s largest distributed law firm partnership. The Next Generation Law Firm® has grown to hundreds of partners practicing in 23 markets globally. The FisherBroyles’ efficient and cost-effective Law Firm 2.0® model leverages talent and technology instead of unnecessary overhead that does not add value to our clients, all without sacrificing BigLaw quality. Visit our website at to learn more about our firm’s unique approach and how we can best meet your legal needs.

These materials have been prepared for informational purposes only, are not legal advice, and under rules applicable to the professional conduct of attorneys in various jurisdictions may be considered advertising materials. This information is not intended to create an attorney-client or similar relationship. Whether you need legal services and which lawyer you select are important decisions that should not be based on these materials alone.

© 2021 FisherBroyles LLP