Blog Post

2023 Update to DOJ Evaluation of Corporate Compliance Program Guidelines

Richard P. Kusserow | March 2023

Key Points:

  • Old Guidelines removed from the DOJ website
  • Organizations are held responsible for compliance by their leadership
  • Tips for Compliance Officers

In March 2023, the DOJ updated its Evaluation of Corporate Compliance Programs (ECCP) for use by their prosecutors in determining what constitutes an effective compliance program. This is done for the purpose of deciding a course of action and in assigning fines and penalties. This latest update is part of DOJ’s continued development of their evaluation guidelines and it focuses more closely on compensation structures and consequences for management when evaluating compliance programs. The ECCP provides Compliance Officers and their organizations guidance on what to expect upon encounters with the DOJ and replaces the 2020 Guidelines, which are no longer available on the DOJ website.

DOJ prosecutors have wide discretion regarding their prosecutorial decisions in using “compliance-related criteria” for resolving cases, including giving consideration for any reduction in fines and penalties. The section entitled “Incentives and Disciplinary Procedures” in the 2020 Guidelines is now called “Compensation Structures and Consequence Management.”  It is used by prosecutors when considering the imposition of financial penalties for misconduct; and in assessing whether there were positive incentives for providing and developing a compliance program or demonstrating ethical leadership. They are to examine whether companies offer such incentives and to determine if the organization maintained transparent, consistent, and effective processes for addressing misconduct. They also shift the burden of corporate malfeasance away from uninvolved shareholders onto those more directly responsible among leadership and board members.

All this underscores the importance of evaluating and updating the corporate compliance program’s framework, operations, and effectiveness. There is also an entirely new discussion on misconduct that addresses messaging applications.

Tips for Compliance Officers

  1. Update Board and Leadership. Provide briefing on this latest DOJ movement at executive/management and board compliance committee meetings, stressing the importance of their setting a compliance “Tone at the Top.” Make the point that their active involvement in overseeing and supporting the Compliance Program reduces their personal exposure to liability should DOJ encounter violations of law in their organization.
  2. Executive Compensation. Assess management compensation structures to ensure compliance-related metrics are considered. For example, that employees are rewarded for improving compliance programs and demonstrating ethical leadership, as well as penalties for failing to comply.
  3. Independent Compliance Program Effectiveness Evaluation Reviews. It is advisable to have periodic “independent” evaluations of the Compliance Program to document and evidence progress, as well as plans for improvement. The DOJ and OIG place much higher credibility on the results of independent reviews than internally generated information. Independent reviews also have the advantage of questioning executive and board members on their involvement in the compliance program.
  4. Risk Assessments: DOJ prosecutors will evaluate the effectiveness of the compliance program on how the organization addresses compliance high-risk areas. As such, it is important to be able to evidence periodic annual regulatory compliance risk assessments and results from ongoing monitoring and auditing of compliance risk areas, along with what steps the organization has taken to mitigate and reduce risk of exposure,

For answers to compliance FAQs see

Keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog