The Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) was very clear about the need for continuous improvement in any compliance program. It stated quite succinctly, “One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the applicable industry standards. Accordingly, prosecutors should consider whether the company has engaged in meaningful efforts to review its compliance program and ensure that it is not stale.”
This was further specified in the DOJ’s 2019 Guidance which listed three types of continuous improvement, each further refined with multiple attendant questions. It also added a new area of inquiry that every compliance practitioner needs to incorporate into their assessment, improvement and management cycles; culture.
Three key takeaways:
- Your compliance program should be continually evolving.
- Monitoring and auditing are different, yet complimentary tools for continuous improvement.
- Culture assessment and monitoring are also now required as well.