DOJ Revises Guidance On Corporate Compliance Programs: June 2020

On June 1, 2020, the U.S. Department of Justice (DOJ) Criminal Division revised and published an updated version of their guidance on “Evaluation of Corporate Compliance Programs”. Originally put into place a little over a year ago in April of 2019, the corporate compliance program document was intended to act as a resource for white-collar prosecutors. In addition to outlining department standards it goes into detail providing additional context behind the various elements that go into the analysis of a company’s compliance program [1].

Updates to the document serve to provide deeper context into the constantly shifting environment and the challenges that arise from this. This push for greater transparency and listening to public feedback and emerging trends shows the DOJ’s willingness to improve policies and inter workings within business communities.

Take-aways from the updated June 2020 guidance.

  • Post Acquisition Due Diligence: Corporations are expected to do their due diligence both before and after mergers with acquiring third party companies. This includes various compliance checks and auditing of the newly acquired company.
  • Ease of Access: The updated guidelines stresses the importance of training and compliance resources being readily and easily accessible for employees throughout the entire company. Employees should be properly equipped not only to heighten their own awareness but be proactive from the warning signs to prevent future conflicts.
  • Appropriate Use of Data: It is no secret that data is the elephant in the room when it comes to compliance. Both in terms that much of it contains PII and other sensitive information but also that misuse of data is not only illegal but can be extremely harmful. In this case the DOJ looks to use data in a proactive way to help get ahead of risk and act as a safeguard. A large portion of this document is around the impact of data analytics on compliance programs. The guidance document notes that robust data can be used to measure and improve on metrics and also help mitigate risk with periodic risk assessment activities.
  • Deeper Understanding of Context: It is not only enough to have safeguards in place but we also need to know why they are in place. New language dictates to “endeavor to understand why the company has chosen to set up the compliance program the way it has, and why and how the company’s compliance program has evolved over time” [2]. Various indicators of context can include factors such as company size, industry, regulatory challenges face, and other internal or external impacting information.


[1] Department of Justice Office of Public Affairs, Criminal Division Announces Publication of Guidance on Evaluating Corporate Compliance Programs, Press Release Number: 19-452 (June 4, 2020)
[View Source.]

[2] U.S. Department of Justice Criminal Division, Evaluation of Corporate Compliance Programs (Updated June 2020) , (June 4, 2020)
[View Source.]