Justice Guidelines Can Buoy Compliance Programs

By Anne R. Harris

Photo: iStock

In June 2020, the Department of Justice criminal division updated its “Evaluation of Corporate Compliance Programs” document.

First published in 2017 and revised in April 2019, this document offers guidance for prosecutors dealing with matters involving corporate wrongdoing. But it also has great value for contractors as an outline of many best practices in designing and improving compliance and ethics programs.

In accordance with the department’s “Justice Manual,” one of the factors prosecutors must consider when investigating corporations, determining whether to charge them, and negotiating any agreements, is the “adequacy and effectiveness” of the compliance program in place, both at the time of the offense and when a charging decision is made.

The information in the “evaluation” document helps explain to prosecutors what to look for to judge whether the program under review is adequate and effective. For a government contractor or indeed any company looking to create or improve its compliance and ethics program, this document is a rich source of information and it is enhanced with each round of revisions.

The U.S. Federal Sentencing Guidelines for Organizations and the Federal Acquisition Regulation present standards and requirements for compliance and ethics programs, including: the need for a compliance and ethics officer; a “Code of Conduct” and policies and procedures to set behavioral standards; effective periodic training and communications about those standards; a hotline or some other type of communication mechanism to raise concerns about perceived misconduct confidentially or anonymously; and protection from retaliation for those who raise concerns.

It also requires: internal control systems that include monitoring and auditing: enforcement of standards through disciplinary or corrective action; periodic evaluation of the effectiveness of the program; and periodic assessment of the organization’s risks with a view toward adjusting the program to address changing risks.

The Justice Department’s evaluation document fleshes out those program element bullets with useful insights into how to implement them effectively.

In addition, the program evaluation guidance emphasizes that any organization’s compliance program should be appropriate to the company and its particular situation. This is key. The prosecutors’ guidance states, “we make a reasonable, individualized determination in each case.”

Federal Acquisition Regulation 3.1002 also states that elements of a contractor’s ethics and compliance program should be “suitable to the size of the company and extent of its involvement in government contracting.” For small- and medium-sized contractors, or niche operators, or anyone who may have resisted starting down the path to implement a compliance program out of concern that it would be too expensive and time-consuming, this should be reassuring.

It is not expected that every company will commit the time, staff and resources to put in place a world-class compliance program that covers every possible base. What is most important is that the contractor assess its own situation and implement a program that enables it to answer “yes” to three fundamental questions cited in the guidelines: Is the corporation’s compliance program well-designed?

Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively? And does the corporation’s compliance program work in practice?

Stepping back and remembering the big picture, the primary goals of an effective ethics and compliance program are to prevent and detect misconduct and promote an ethical corporate culture.

To start with, every contractor should conduct an ethics and compliance risk assessment. The results of the risk assessment steer the focus of resources to high-risk areas. For example, if the business is a strictly domestic trucking company, compliance with transportation regulations will be among its top priorities, while Foreign Corrupt Practices Act violation risks may be non-existent.

The evaluation document recommends considering things like whether the company is actually appropriately devoting compliance resources to the high-risk areas, whether the risk assessment is being periodically updated and how, and whether adjustments are being made to policies, practices and internal controls as a result of a shifting risk landscape.

It also asks whether the risk assessment is modified over time to take into account lessons learned from compliance failures — either internal or observed at other organizations in the same industry or region.

That lessons learned consideration is one of several updates to the evaluation document that emphasize looking at how the ethics and compliance program evolves over time. These are valuable enhancements, because it’s never enough to simply put a code of ethics on the shelf and conduct training once a year. Contractors need to employ a continuous improvement approach for the program to remain effective.

The newly revised evaluation document is substantive and comprehensive. It may appear intimidating for some, but it needn’t be.

A contractor only needs to focus on its own particular risk profile and design and implement a program that is appropriate for its size and its needs. The document is a useful tool for contractors to help them understand the standards for these programs, whether the business is just setting up a program, or managing and improving a mature program.

Anne R. Harris is owner and principal of Ethics Works LLC, an ethics and compliance consulting practice with a focus on government contractors. She formerly served as ethics officer for General Dynamics Corp. Contact her at

Topics: Contracting

Comments (0)

Retype the CAPTCHA code from the image
Change the CAPTCHA codeSpeak the CAPTCHA code
Please enter the text displayed in the image.