Kaplan & Walker’s Jeff Kaplan discusses the Department of Justice’s recent updates to its guidelines for evaluating the effectiveness of corporate compliance programs in the context of an investigation.
Editor’s note. Later this month CCI will publish the second and expanded edition of Jeff Kaplan’s popular e-book Compliance & Ethics Risk Assessment: Concepts, Methods and New Directions. Today’s post is excerpted from that volume.
When the original Federal Sentencing Guidelines for Organizations (“the Sentencing Guidelines”) were issued in 1991, there was no mention in them of risk assessment as part of compliance programs. It was not until the Sentencing Guidelines were amended in 2004 that this striking omission was remedied. But even then, risk assessment had not fully “arrived,” as some of the early compliance program requirements in FCPA settlements failed to include a risk assessment component.
Today, of course, risk assessment is front and center in governmental compliance program expectations. This is evident in the Justice Department’s recently published guidance Evaluation of Corporate Compliance Programs (“the Evaluation”).
This post reviews the Evaluation’s discussion of risk assessment. It also offers some practice pointers for meeting those expectations.