In its “Evaluation of Corporate Compliance Programs” the Department of Justice lists various factors it will use to assess “whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligations).”
Among the questions the DOJ will ask pursuant to the CEP are: does a company have a process for tracking various information relevant to compliance; does a company monitor various aspects relevant to compliance; and does a company measure various aspects relevant to compliance.
Several other DOJ policy documents could also be cited which stand for the same propositions and in recent months the DOJ “onboarded” an individual into its Corporate Enforcement, Compliance & Policy Unit (a dedicated group within the Fraud Section) who “brings incredible expertise in the use of data analytics.”
Ironic then that the Government Accountability Office (GAO – a legislative branch agency that provides auditing, evaluative, and investigative services for Congress) recently issued a report in which it found the DOJ deficient in all of the above areas in responding to Congressional inquiries.