Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

DOJ Guidance on Corporate Compliance Programs: A Checklist for Directors

By Jennifer Kennedy Park, Joon H. Kim, Jonathan S. Kolodner & Lisa Vicens on May 7, 2019
Email this postTweet this postLike this postShare this post on LinkedIn

As discussed in our most recent blog post, on April 30, 2019, the Criminal Division of the U.S. Department of Justice (“DOJ” or “the Department”) announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”).  The Guidance is relevant to the exercise of prosecutorial discretion in conducting an investigation of a corporation, determining whether to bring charges, negotiating plea or other agreements, applying sentencing guidelines and appointing monitors.[1]  The Guidance focuses on familiar factors: the adoption of a well-designed compliance program that addresses the greatest compliance risks to the company, the effective implementation of the company’s compliance policies and procedures, and the adequacy of the compliance program at the time of any misconduct and the response to that misconduct.  The Guidance makes clear that there is no one-size-fits-all compliance program and that primary responsibility for the compliance program will lie with senior and middle management and those in control functions.

For the first time, however, the Guidance singles out some actions that a company’s board of directors should take in connection with corporate compliance programs.  This Guidance is relevant both to public and to private companies.  While no single factor or combination of factors will dictate the manner in which prosecutorial discretion should be exercised in any respect, the Guidance provides that boards should[2]:

  1. Consider receiving briefings from management to assess the design of the company’s compliance program, and to ensure that it reflects and addresses “the varying risks presented by, among other factors, the location of [the company’s] operations, the industry sector, the competitiveness of the market, the regulatory landscape, potential clients and business partners, transactions with foreign governments, payments to foreign officials, use of third parties, gifts, travel and entertainment expenses, and charitable and political donations.”[3] Directors should also exercise reasonable oversight over the company’s regular risk assessments.
  2. Require reports from company management to assess whether the company’s compliance program has been effectively implemented, is effectively operated and is reviewed and evaluated on a periodic basis to adapt to evolving regulatory and compliance risks and to employee concerns.
  3. Read the company’s code of conduct, which should set forth the company’s commitment to full compliance with relevant Federal laws.
  4. Be periodically trained on the company’s policies and procedures and certify that they have taken such training.
  5. Set the appropriate tone for the rest of the company and clearly articulate the company’s ethical standards. Senior leaders should encourage compliance through their words and actions and model proper behavior.
  6. Be available to personnel within the compliance function. The Guidance directs that the compliance function should be sufficiently autonomous from management through, for example, direct access to the board of directors or the board’s audit committee.
  7. Receive periodic briefings from personnel within the compliance function, including in executive or private sessions.
  8. Establish a reporting system reasonably designed to provide management and directors with timely and accurate information sufficient to allow them to reach an informed decision regarding the organization’s compliance with the law.
  9. Receive regular reports from internal audit on, among other things, the compliance function and financial controls.
  10. Follow up on the reporting by personnel within the internal audit and compliance functions, especially with respect to audit findings, risk assessments and any ongoing remediation.

For further detail regarding the Guidance, please click here for the full alert memorandum.

[1] https://www.justice.gov/criminal-fraud/page/file/937501/download.

[2] In certain of the factors set out below, it may be more appropriate for a committee of the board, such as the Audit Committee or the Compliance Committee, to undertake the relevant actions in the first instance.

[3] U.S. Dep’t of Justice, Criminal Div., Fraud Section, Evaluation of Corporate Compliance Programs Guidance Document Apr. 2019, at 2-3.

Jennifer Kennedy Park

Jennifer Kennedy Park’s practice focuses on white-collar defense, enforcement actions and complex civil litigation.

Read more about Jennifer Kennedy ParkEmail
Photo of Jonathan S. Kolodner Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Read more about Jonathan S. KolodnerEmail
  • Posted in:
    Corporate Governance and Compliance
  • Blog:
    Cleary M&A and Corporate Governance Watch
  • Organization:
    Cleary Gottlieb Steen & Hamilton LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo