On Monday, June 1, 2020, the US Department of Justice (“DOJ”) published a new version of its Guidance on Evaluation of Corporate Compliance Programs (“Guidance”).
The Guidance is meant to assist prosecutors in the US on making informed decisions when assessing if the corporate compliance programs was effective at the time of the criminal offense under investigation.
In this version, the DOJ sought to emphasize the concept that corporate compliance programs must be dynamic and constantly improved based on the lessons learned and identified violations during its term. In addition, accordingly with the DOJ’s Assistant Attorney General for the Criminal Division, Brian Benczkowsk, the Guidance “reflects additions based on our own experience and important feedback from the business and compliance communities.”
See below the key amendments commented and adapted for the Brazilian reality by KLA Compliance & Investigation team:
Risk Assessment: The Guidance highlighted the importance of carrying out this procedure periodically. In accordance with its instructions, corporations must consider the results on the risk assessment for periodic review, with subsequent update of internal controls, policies and procedures. The risk assessment shall be also updated, so its scope is reviewed and adjusted, considering its lessons learned and failures of other companies in the same sector or region.
Policies and Procedures: The subtopics “Design” and “Accessibility” were improved in this new version of the Guidance. Both changes reinforce existing understandings. On the “Design” subtopic, the guidance reaffirmed the need to maintain current Policies and Procedures in force. On the second one, “Accessibility”, the Guidance added two indicators which demonstrate the DOJ’s concern with accessibility, namely, transparency and direct access – particularly for employees – to internal documents.
Trainings and Communication: In order to promote transparency among organizations, employees and third parties, the Guidance reinforced the need for corporations to develop means that deliver assertive communication. It is extremally important that employees and third parties can clarify any doubt about the compliance program during the trainings, whether in person or virtually. In addition, the Guidance also stressed the need to build systems to verify the comprehension and adherence of the themes explored on the trainings.
Confidential Reporting Structure and Investigation Process: Regarding the report mechanisms, the Guidance recommended that it should be disclosed not only to employees, but also to third parties. Besides that, the Guidance recommends that these mechanisms should be regularly monitored through adhesion, reliability and efficiency tests.
Third Party Management: When addressing Third Parties Management, the Guidance emphasized the importance of retroactively reviewing the due diligence about third parties, in order to ensure that these third parties remains in line with the values and principles of the company. Additionally, as a novelty, the Guidance addressed the need of knowing the risks posed by third-party partners to acquire a better understanding of potential interactions with public agents.
Due Diligence in Mergers and Acquisitions (M&A): The Guidance highlighted that the acquiring company must have absolute understanding of the compliance structure of the acquired company, in order to enable the companies to further integrate the newly acquired entities into their existing compliance program structures and internal controls in a timely and orderly fashion.
Autonomy and Resources of the Compliance Functions: The Guidance included new questions about how the compliance program was implemented. The DOJ also highlighted the importance to invest in further qualification and development of the compliance and other control personnel.
Continuous Improvement, Periodic Testing, and Review: A new question has been added as it relates to continuous improvement, in order to encourage companies to review and/or adapt its compliance programs based upon lessons learned from its own misconduct or bad experiences of companies that have similar risks. The maturity of a compliance program depends on how the companies faced these past experiences.
KLA’s Compliance & Investigation team has created a handbook, written in Portuguese, commenting and adapting all the Guidance’s content for the Brazilian reality. Click here to read the entire document. We are available to assist in addressing any questions you may have regarding these developments. For further clarification, please feel free to contact one of the following team’s members:
Filipe Magliarelli
Catarina Rattes