The Paul Hastings team neatly sums up the new guidance from the DOJ on how to assess compliance programs during the course of a criminal investigation.  

There are three main questions the guidance seeks to deal with: 

  • Is the Program Well Designed?
  • Is the Program Effectively Implemented?
  • Does the Compliance Program Actually Work in Practice?

This article goes through each of those concepts in question and it is interesting to see how the DOJ is approaching these - trying to put some meat on the bone and move away from "tick-box" compliance, as stated in the article: "...the additional language and context provided by DOJ puts businesses on notice once again of the importance of implementing a well-designed, effective and appropriate resourced compliance program."

It is important for organisations to consider all aspects of their compliance program, and gaining an independent view of this is often advantageous - as it can test it both in theory (by reviewing documents etc) and in practice (through site visits and data analytics, etc).  This is something we regularly work on and we will be incorporating the new guidance into our work programs, just as any compliance department should be reassessing their programs based on the new guidance.