Your compliance program:
What the new guidance from the Department of Justice could mean to you
Revised guidance issued by the DOJ aims to sharpen prosecutors’ understanding of what works — and what doesn’t — when evaluating a company’s
compliance program design, effectiveness, and application.
The bar has been raised — there are a number of steps that your organisation can take now.
If you had to explain
your resourcing and
structural choices
today, would you be
able to backup your
rationale? Could
you demonstrate
that your program
has evolved with
the risk?
Compliance program excellence
Third party risk management
Clarifies that risk management of third
parties should be performed
throughout the lifespan of the
relationship, not just during the
onboarding process.
Data-driven, effective compliance program and controls
Highlights that compliance and control personnel should have
continuous direct or indirect access to relevant sources of
operational data and information across functions to allow for
timely and effective monitoring and/or testing of policies, controls,
and transactions. Impediments that limit data access should be
addressed.
Resource empowerment and effectiveness
Mentions the importance of being purposeful about
focusing compliance resources on the highest risk
areas to own as a central compliance function, and how
compliance can support the business who functions as
a first line of defense for most compliance risks.
- Program governance and resources
- Risk assessment
- Policies and procedures
- Compliance controls
- Communication and training
- Enforcement, discipline, and incentives
- Investigations and response
- Monitoring and auditing
Is your compliance program...
Well designed?
Adequately resourced and empowered to function
effectively?
Working in practice?
Elements of a compliance program
Are you proud of
how your program
has evolved?
“
”
Key components to start thinking about now