US DOJ Evaluation “Hallmarks Summary”
Three fundamental questions related to effectiveness of corporate compliance programs:
- Is the organization’s compliance program well designed?
- Is the program being applied earnestly and in good faith?
- Does the corporation’s compliance program work in practice? (emphasis added)
Justice manual §9-28.800
Section I – Design of the compliance program
Hallmarks summary
Risk Assessment. The program is appropriately designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business and complex regulatory environment.
Policies and Procedures. The program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the organization as part of its risk assessment process. A code of conduct sets forth, among other things, the organizations commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.
Training & Communications. A hallmark of a well-designed compliance program is appropriately tailored training and communications.
Confidential Reporting Structure and Investigation Process. A hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the organization’s code of conduct, organization policies, or suspected or actual misconduct.
Third-party management. A well-designed compliance program should apply risk-based due diligence to its third-party relationships. The degree of due diligence may vary based on the size and nature of the organization’s transactions.
Mergers & Acquisitions (distant or-semi-autonomous units integration). A well-designed compliance program should include comprehensive due diligence of any acquisition (Integration) targets.
Section II – Compliance program is adequately resourced and empowered to function effectively
Hallmarks summary
Commitment by Senior and Middle Management. It is important for an organization to create and foster a culture of ethics and compliance with the law. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the top.
Autonomy and Resources. Effective implementation requires those charged with a compliance program’s day-to-day oversight to act with adequate authority and stature.
Incentives and Disciplinary Measures. A hallmark of effective implementation of a compliance program is the establishment of incentive for compliance and disincentives for non-compliance.
Section III – The organization’s compliance works in practice
Hallmarks summary
Continuous Improvement, Periodic Testing, and Review. A hallmark of an effective compliance program is its capacity to improve and evolve.
Investigation of Misconduct. A hallmark of a compliance program that works effectively is the existence of a well-functioning and appropriately funded mechanism for conducting timely and thorough investigations of any allegations or suspicions of misconduct by the organization, its employees or agents.
Analysis and Remediation of Any Underlying Misconduct. A hallmark of a compliance program that is working effectively in practice is the extent to which an organization is able to conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address root causes.