This prior post went in-depth into the DOJ’s recently released “Evaluation of Corporate Compliance Programs” (ECCP) guidance document. This post continues the analysis by highlighting additional issues in the ECCP that caught my eye
For starters, there is nothing “wrong” with the ECCP per se. In fact, it is a nicely written and organized document. Substantively however, the ECCP uses the word “effective” 49 times, but there is no legal requirement that business organizations have “effective” compliance programs.
If a business organization wants to exceed the statutory standards set forth in the FCPA’s internal controls provisions (“controls sufficient to provide reasonable assurances” that certain objective are met) that is great! However, the legal and policy concern with the ECCP is that in an official U.S. government document the DOJ says it is going to base decisions about prosecutions and form of resolutions, monetary penalties, and compliance obligations in corporate criminal resolutions on specific factors, most of which, are not even found in any law passed by Congress.