The U.S. Department of Justice (DOJ) Criminal Division released an updated guidance document on April 30 titled “The Evaluation of Corporate Compliance Programs.” This document, while intended for federal white-collar prosecutors, can also be a valuable tool for financial services compliance officers and their teams as they evaluate the effectiveness of their firms’ compliance programs and technology solutions.
Three “Fundamental Questions” Guide Prosecutors’ Assessments
In the DOJ’s new guidance document, prosecutors are encouraged to evaluate three fundamental questions in their work:
- Is the corporation’s compliance program well designed?
- Is the program being applied earnestly and in good faith?
- Does the corporation’s compliance program actually work in practice?
These questions are an extension of previous DOJ guidance issued in February 2017. In its newly-released document, the DOJ expands on each of these focus areas, providing helpful sub-topics, additional probing questions, and other resources designed to help prosecutors assess how well, and to what extent, firms have adopted and embraced a culture of compliance.
In fact, the new guidance document makes it clear that a firm’s compliance culture should play a significant role in prosecutors’ evaluation efforts. Rather than looking at a firm’s compliance program using a “check the box” methodology, reviewers are urged to focus instead on the impact of the program. Put another way, it is not enough to look at each individual element of a compliance program in isolation. If a firm has a strong compliance culture, that philosophy should permeate every level of the organization and every part of the compliance program, guiding and driving its effectiveness.
The Role of Technology in Financial Services Firms’ Compliance Programs
The new guidance document urges prosecutors to evaluate “… whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.”
Interestingly, the word “technology” doesn’t appear once in the 18-page document. However, compliance technology – when done correctly – becomes an integral part of the firm’s compliance culture. As such, RegTech solutions can play a major role in a firm’s compliance program’s success.
Let’s look at the three overarching questions in the DOJ guidance document again to see just how important compliance technology actually is:
- Is the corporation’s compliance program well designed? Among other things, a well-designed compliance program is one that is designed to address your organization’s risks. Employees should understand their obligations and the reasoning behind the rules. In addition, both employees and management need to have the resources and wherewithal to meet their obligations. When a firm has an effective RegTech solution in place, it’s easier to create a well-designed program, one that allows users to meet ongoing and periodic requirements any time, from anywhere.
- Is the program being applied earnestly and in good faith? Simply put, if it’s not easy for employees to comply with firm and industry rules, user compliance is less likely. This puts the firm, its stakeholders, and its clients at risk. Adopting regulatory compliance technology can overcome this hurdle, making it simple for employees to comply and for supervisors and compliance to oversee and verify compliance. Exceptions and violations can be flagged quickly and dealt with before they become larger issues.
- Does the corporation’s compliance program actually work in practice? A compliance program may look great on paper, checking off every element required by the regulators. However, that same program isn’t worth much if it does not reflect what is actually happening or if the program is not tailored to meet the firm’s specific risks. When firms implement compliance monitoring solutions, they have an opportunity to customize their systems to meet firm needs, creating workflows, forms, and processes that will not only look good printed in a compliance manual, but are also effective in helping the compliance department prevent, detect, and correct violations.
As you conduct your next self-assessment and review of your firm’s compliance program, look at it through the lens of this new DOJ guidance document. Is your compliance program designed to comply with both the letter and the spirit of the law, and do you have the technological resources you need to make your program as effective as it can be? You can read the full DOJ document, including included checklists and other tools, here.
If your firm still relies on paper-based or manual processes for some or all of its compliance and oversight tasks, it’s time to explore how RegTech can help enhance your compliance program.