Skip to content.
Man in glasses sitting at long desk in front of window

DOJ guidance for corporate compliance programs

Ensuring your compliance program runs smoothly and aligns with relevant laws and regulations is vital to every compliance officer’s success. Simplify compliance with Justice Department expectations with NAVEX One.

Learn more
Woman in green shirt sitting at her desk

New DOJ compliance guidance

The Department of Justice (DOJ) Evaluation of Corporate Compliance Programs (ECCP) is the U.S. Department of Justice’s guidance to federal prosecutors about how to assess the strength and quality of a company’s corporate compliance program. That assessment, in turn, helps determine the size and severity of punishment a company should face in the event of a compliance failure.  

The Justice Department regularly updates those guidelines. The most recent update, released in September 2024, is the fifth revision since the department released its original guidance in 2017.

Woman in black sitting in front of her laptop

Meeting compliance DOJ guidance is no easy task...

Aligning to DOJ compliance expectations can be a challenging task. To start, compliance officers should address the main questions the DOJ instructs prosecutors to ask at the start of their evaluation: 

  • Is the corporation’s compliance program well designed?  
  • Is the program adequately resourced and empowered to function?  
  • Does the program work in practice? 
  • How is the company’s risk profile determined?  
  • Is the program tailored to detect the specific types of misconduct identified, and are resources allocated accordingly?  
  • Is the program reviewed and revised at regular intervals?
See how NAVEX can help

DOJ compliance by the numbers

DOJ enforcement is on the rise, and non-compliance is costly. Whether responding to sanctions violations or combatting fraud, aligning to DOJ requirements and ensuring you stay on the right side of regulations is key to protecting your reputation and bottom line.

Man and woman sitting at table eating lunch

What the DOJ's guidance on evaluating corporate compliance programs covers

The Department of Justice provides guidance in setting corporate compliance and ethical standards. While specific requirements may vary depending on the nature of the business, some requirements include: 

  • Establishing a compliance program. Companies must implement and maintain an effective compliance program tailored to their specific risks and operations. This includes integrating processes for regularly updating policies and procedures to reflect lessons learned from past issues and emerging risks. 
  • Risk assessment. Regular risk assessments should be conducted to identify and mitigate potential compliance risks associated with the company’s operations, industry, violations and geographical locations. The recent DOJ guidance particularly emphasizes adapting these assessments to address new and evolving risks, particularly technology-related ones. 
  • Policies and procedures. Companies should have clear, well-communicated policies and procedures that address relevant compliance risks, such as anti-corruption, anti-bribery, antitrust, data privacy, and other legal requirements. It’s essential to establish a process for updating these policies in response to lessons learned and technological changes. 
  • Training and communication. Employees should receive regular training on compliance policies and procedures, and there should be effective communication channels for reporting potential violations or seeking guidance. Training should be tailored to address specific risks and incorporate mechanisms for confirming that employees know how to access relevant policies. 
  • Third-party due diligence. Companies should conduct due diligence on third parties, such as suppliers, agents, distributors, and business partners, to ensure they adhere to the company’s compliance standards. 
  • Internal reporting. Companies should have a system that allows employees (and other third parties as warranted) to submit allegations of misconduct. The system should operate in languages that employees speak and be accessible in channels employees know how to use. It should also accept anonymous reports. Additionally, there should be a focus on monitoring whistleblowing investigations to ensure fairness and consistency in handling reports.
Two employees sitting at the table talking

Why DOJ compliance on corporate programs matter

Complying with DOJ requirements is critical to your company’s success for numerous reasons. 

  • Legal compliance – Adhering to the principles outlined in the DOJ Evaluation of Corporate Compliance Programs (ECCP) isn’t merely a matter of moral choice – it’s a legal obligation.  
  • Ethical responsibility – Embracing the ECCP demonstrates your organization’s commitment to ethical business practices, integrity, and fairness. It underscores your dedication to conducting business with honesty and transparency. 
  • Reputation management – In today’s interconnected business environment, stakeholders closely scrutinize corporate behavior. Companies can bolster their reputation by implementing compliance programs aligned with the ECCP, fostering stakeholder trust and credibility. 
  • Market access and partnerships – Adhering to the ECCP enhances market expansion and collaboration opportunities. As many jurisdictions and businesses prioritize ethical conduct, compliance with anti-corruption standards becomes fundamental for establishing successful partnerships and accessing new markets. 
  • Risk mitigation – Proactive adherence to the ECCP helps mitigate a range of risks associated with non-compliance, including legal liabilities, disruptions in the supply chain, and reputational harm. By integrating compliance measures into their operations, companies can safeguard against potential threats and preserve their long-term viability.

Additional insights on corporate compliance programs and DOJ Guidance

  • What are corporate compliance programs?

    Corporate compliance programs are formalized systems within organizations designed to identify and prevent violations of laws and regulations and to promote ethical conduct and integrity in business operations. These programs encompass policies, procedures and practices that ensure an organization and its employees comply with legal standards and industry regulations.

  • What are the 7 elements of a compliance program?

    1. Written policies and procedures: Documentation of the organization’s standards and procedures to comply with applicable laws and regulations. 
    2. Compliance officer and compliance committee: Designation of individuals responsible for overseeing the compliance program. 
    3. Training and education: Regular training for employees to understand compliance requirements relevant to their roles. 
    4. Effective communication: Mechanisms to facilitate open communication regarding compliance issues, including anonymous reporting systems. 
    5. Monitoring and auditing: Processes to monitor compliance and perform audits to detect non-compliance. 
    6. Disciplinary guidelines: Clear guidelines for disciplining violations of laws, regulations or organizational policies. 
    7. Response and prevention: Procedures for responding to compliance violations, including corrective action to prevent future violations.

  • What is included in a corporate compliance program?

    A corporate compliance program typically includes: 

    • The appointment of a compliance officer and committee  
    • The establishment of a strategy, a code of conduct, and compliance policies and procedures 
    • Compliance training and education for employees 
    • Effective lines of communication, including whistleblower policies 
    • Regular audits and risk assessments 
    • Disciplinary procedures for non-compliance 
    • Processes for responding to compliance issues and implementing corrective measures
  • What are the pillars of corporate compliance program?

    While the “pillars” of a corporate compliance program can be synonymous with the seven elements mentioned above, they emphasize the foundational aspects critical to the program’s effectiveness: 

    • Leadership and commitment: Strong support from top management 
    • Risk assessment: Identifying and evaluating risks to compliance 
    • Standards and controls: Establishing clear policies and procedures 
    • Training and communication: Educating employees on compliance matters 
    • Oversight and reporting: Monitoring compliance and reporting mechanisms 
    • Discipline and incentives: Enforcing compliance through rewards and penalties 
    • Continuous improvement: Regularly updating and improving compliance practices
  • What does a good compliance program look like?

    There is no standard “look” for a good compliance program. Better to say that a good compliance program is characterized by: 

    • Proactive understanding of the DOJ guidelines with clear ownership and processes 
    • Clear, accessible code of conduct and comprehensive policies and procedures 
    • Strong leadership and commitment from top management 
    • Regular, effective training and communication with all employees 
    • Proactive risk assessment and mitigation strategies 
    • Robust monitoring and auditing systems that show best effort compliance 
    • An environment that encourages reporting of unethical behaviour without fear of retaliation 
    • Swift and appropriate response to detected problems, including corrective action plans 
    • Continuous review and improvement of the compliance program to adapt to new risks and regulations

Find out how NAVEX can help you to stay compliant with DOJ guidance.