Skip to content.
Call NAVEX

 

DOJ Update for Corporate Compliance Programs

How is your compliance program affected by the 2020 DOJ Compliance Guidance update? What else do you need to know? 

The U.S. Department of Justice issued new guidance that unequivocally supports the compliance officer’s role. Moving forward, compliance programs will need to be dynamic, data-backed, and adequately resourced and empowered to function. Are you ready?

Fill out the form to learn more!

Set Up a Program Review

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply to the reCAPTCHA services. You can learn more about how NAVEX processes your personal data by reviewing the NAVEX privacy statement.

Thank you for your interest!

We’ll be in touch with you shortly. If you have any immediate questions, please give us a call at 1-866-297-0224.

What is the DOJ looking for?
The game-changing language in the updated guidance means compliance professionals are on notice that the bar has been raised yet again, and you are now required to not only show your work – but prove why your answer is correct.

Informed and Documented

Well-designed programs are informed by risk assessments, program and organizational data, and industry best practices. This informed approach should be documented and referenceable to prove the existence and effectiveness of your program strategy.

Responsive and Continuous

Effective programs are dynamic and responsive to risk changes in their organization’s workforce, market and third parties. Responsive programs require continuous monitoring to track evolving risk and corresponding updates to policies, procedures and controls.

Accessible Data

Responsive and informed programs need access to program and organizational data. Unencumbered, real-time access to essential data allows programs to effectively monitor, test, report, and update policies, procedures and controls as needed.

Resourced and Empowered

Even the most well-designed programs can be ineffective if they do not have support from leadership or the necessary authority and resources to mitigate the risks identified in your company’s risk assessment.

It’s time to do a health check on your compliance program

Enforcement agencies want to know if the effectiveness of your program is limited to a snapshot in time or continuously improving to keep pace with evolving risk. Integrated risk and compliance management software provides ongoing monitoring capabilities, fueled by a steady stream of relevant data. Explore the chart below to understand the DOJ’s expectations on common compliance program gaps and how our solutions can help.

Download: Full 2020 DOJ Tracked Updates

Program Component

DOJ Evaluation Question

Program Action Step

Risk Assessment

Section 1 (A): Does your company have a process for tracking and incorporating lessons from your own issues or from other companies into your own risk assessment process?

Your organization should have processes in place to measure your compliance program effectiveness and should have access to reporting tools that help your company detect problems and analyze trends.

Your organization should also have visibility into industry-level data to evaluate and benchmark your compliance program against your peers – allowing you to identify where your program is succeeding and where your program can be improved.

Policies and Procedures

Section I (B): Are your organization’s policies and procedures published in a searchable format for easy reference?

Your policies and procedures management system should have extensive search capabilities, allowing users to search by title, keyword, full text, or reference number.

Section I (B): Does your organization track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?

 Your system needs to be able to track how many times a policy has been viewed, who has viewed it, what version was viewed, and who has attested to the policy.

Training and Communications

Section 1 (C): What is the interactive nature of your training? Does it provide opportunities to ask questions?

Your training courses should be interactive and provide learners with access to your organization’s policies, as well as information on how to ask questions or make a report. These interactive resources should always be available to learners throughout a training course.

Section 1 (C): Can you accurately measure the impact of your training and how it affects employee behavior or operations?

 Your Learning Management System (LMS) should deploy, track and report on compliance training programs, including metrics that measure progress toward goals. Program administrators should also be able to validate course completions and overall program health through dashboards and audit-ready reporting.

Confidential Reporting Structure and Investigation Process

Section 1 (D): Can your company confirm employee awareness of your hotline?

As part of your organization’s hotline and investigation management system, you should have a selection of awareness materials including posters, brochures and wallet cards.

Section 1 (D): Are you periodically testing the effectiveness of your hotline (e.g. by using a tracking report)?

 To accurately test and measure the effectiveness of your hotline, your organization should have access to reporting tools that help detect problems and analyze trends. Reporting should also include details about the status, volume and resolution of your investigations.

Third-Party Management

Section 1 (E): Are your risk assessments of third parties done throughout the life span of the relationship, or just during the onboarding process?

Your third-party risk management solution should allow you to not only screen, but continuously monitor third parties against adverse media, sanctions lists, politically exposed persons. It should also support real-time reputation alerts when a third party’s status changes and additional due diligence when needed.
Download: Full 2020 DOJ Tracked Updates

DOJ Guidance Assessment

Do you have questions on how the recent changes to the DOJs Evaluation of Corporate Compliance Programs will impact your compliance program? We’re here to help you every step of the way.