Evaluating Corporate Compliance Programs Using The DOJ “Filip Factors”

DOJ Guidelines Used to Evaluate Corporate Compliance Programs

The Department of Justice (DOJ) Fraud Section (Fraud Section) guidance entitled “Evaluation of Corporate Compliance Programs” outlines many questions that the DOJ uses when it evaluates the effectiveness of corporate compliance programs. The Principles of Federal Prosecution of Business Organizations contained in the United States Attorney’s Manual describe specific factors, called the “Filip Factors,” for prosecutors to consider when investigating a corporate entity, determining whether to bring charges against a corporate entity, and in negotiating plea or other agreements. These considerations include, “the existence and effectiveness of the corporation’s pre-existing compliance program” and the corporation’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.”

The Fraud Section (Fraud Section) does not use a specific checklist or formula to assess corporate compliance program effectiveness, as the program must be evaluated in the context of a criminal investigation that triggers the application of the Filip Factors. Instead, it makes an individualized evaluation for each case, but uses a common set of questions to help guide that determination process. This DOJ compliance program guidance was thus developed to evaluate compliance programs after a potential criminal violation had been discovered.

Key Questions Used in the DOJ’s Evaluation of Corporate Compliance Programs

The DOJ guidance focuses on testing existing compliance programs and reviewing steps taken when problems are discovered, to demonstrate a pre-existing commitment to compliance. The DOJ guidance presents general questions under eleven topics, providing examples of what an organization can expect the DOJ to ask when it confronts corporate misconduct and evaluates a compliance program. The following outlines 38 key questions that relate most to the healthcare sector.  These questions can be found in the compliance guidance issued by the Department of Health and Human Services Office of Inspector General.

Analysis and Remediation of Underlying Misconduct

1. Did the organization conduct an analysis to see if there was a systematic failure in compliance?
2. Did the company miss prior opportunities to detect the misconduct?
3. Did the company evaluate why those opportunities were missed?
4. What remediation was taken once a problem was discovered?
5. What specific changes did the company make to reduce the risk of a reoccurrence?

Senior and Middle Management

6. Did senior managers, through their words and actions, encourage or discourage the misconduct in question?
7. Did senior leadership take concrete steps to demonstrate commitment?
8. Does the Board of Directors have access to the right expertise to help it perform its oversight function?

Autonomy and Resources

9. Does the compliance function have the resources and stature to perform effectively?
10. Was the compliance function involved in the training and decisions relevant to the misconduct?
11. Does the compliance function have appropriate independence?

Policies and Procedures

12. Did the company have policies and procedures in place that prohibited the misconduct?
13. Did the company assess whether its policies and procedures were effectively implemented?
14. Are key gatekeepers adequately trained?
15. Was the compliance program properly integrated with adequate controls to detect misconduct?

Risk Assessment

16. What methodology has been used to identify, analyze and address the risks the company faced?
17. Does the company collect information and metrics to adequately assess risks?

Training and Communications

18. What training was in place and is it properly tailored for high-risk or control employees?
19. Was the training offered in the right form and language for the target employees?
20. How does the company communicate to employees about any misconduct that occurs?

Confidential Reporting and Investigation

21. Does the company have an effective way of collecting and analyzing allegations of misconduct?
22. Does the company ensure investigations are properly scoped, conducted, and documented?
23. Did the investigation look to the root causes of the misconduct?
24. Were the investigative findings reported higher up in the company?

Incentives and Disciplinary Measures

25. Is there proper manager accountability for misconduct that occurred under their supervision? Is the application of discipline consistent?
26. Is there an incentive program for good compliance and ethical behavior?
27. Can the company point to specific examples of actions taken, (g., promotions or awards denied) as a result of compliance and ethics considerations?

Continuous Improvement, Periodic Testing, and Review

28. What types of audits would have identified the misconduct at issue and were those audits conducted?
29. Did management and the Board of Directors follow up on audit findings and failures?
30. Does the company test its controls?
31. Does the company routinely update its compliance program to ensure risks are addressed?

Third Party Management

32. Does the company’s third party management process adequately analyze risk?
33. Are there appropriate controls with regard to third parties?
34. Does the company adequately respond to third party red-flags?
35. Has the company suspended, terminated, or audited a third party as a result of compliance issues?

Mergers and Acquisitions (M&A)

36. Was the misconduct identified during the due diligence process?
37. How has the compliance function been integrated into the M&A process?

Need Help Evaluating Your Compliance Program’s Effectiveness?

The experts at Strategic Management Services have years of experience evaluating compliance programs and improving their effectiveness. If you would like to speak to someone about the current state of your program, you can contact us online or give us a call at (703) 683-9600.