Last month, the Department of Justice (DOJ) very quietly released a document, entitled “Evaluation of Corporate Compliance Programs” (Evaluation), on the Fraud Section website. The document is an 11-part list of questions which encapsulates the DOJ’s most current thinking on what constitutes a best practices compliance program. Within the list are some 46 different questions that a Chief Compliance Officer (CCO) or compliance practitioner can use to benchmark a compliance program. In short, it is an incredibly valuable and most significantly useful resource for every compliance practitioner. The document has one clear theme that I will be exploring this month—you must operationalize your compliance program.

The Evaluation, most generally, follows the DOJ and Securities and Exchange Commission’s (SEC) seminal Ten Hallmarks of an Effective Compliance Program, released in the 2012 FCPA Guidance. If there is one over-riding theme in the Evaluation, it is the DOJ’s emphasis on doing compliance as the questions posed are designed to test how far down your compliance program is incorporated into the fabric of your organization. The Evaluation is not simply a restatement of the Ten Hallmarks, as it clearly incorporates the DOJ’s evolution in what constitutes a best practices compliance program, and it certainly builds upon the information put forward in the DOJ’s FCPA Pilot Program regarding effective compliance programs, most particularly found in Prong 3 Remediation. Once again, I detect the hand of DOJ Compliance Counsel Hui Chen in not only helping the DOJ to understand what constitutes an effective compliance program but also providing solid information to the greater compliance community on this score.

Roy Snell, in a piece entitled, “Breaking – Business Attorneys Embrace Compliance Programs? The DOJ Compliance Effectiveness Document” said, “The DOJ document [Evaluation] seems to be having an impact on the business legal community’s perspective on compliance programs. The document covers material what has been discussed for 20 years and is very well written, but the effect it is having on the business legal community is as if they found the Dead Sea Scrolls of compliance. I am sure the business legal community has seen descriptions of a compliance program in the past but my impression is that most of it has not had a comprehensive impact. Their overarching view has been, it seems, that compliance programs are all about the law as opposed to about the law, risk, audit, ethics, education, etc.  It is a subtle but material distinction. I think this may be a small tipping point for the business legal community because this DOJ document is coming from a source they feel they can’t dismiss. This document is coming from a source they pay keen attention to.”

Adam Turteltaub was even more direct in his piece entitled, “It’s About Compliance Processes, Not Legal Practices” where he noted, “Also notable is what is not in the list:  a focus on legal issues.  Instead, the list squarely looks at how the business operates and how the company integrates compliance into its business functions. The word “legal” appears in it once and the word “law” not at all.  By contrast “training” appears eight times, “board” seven, “management” eleven and “process” a whopping twenty-nine times. While compliance with the law, of course, starts with the law, and while a strong partnership with legal is essential to compliance management, and a lawyer could lead compliance, the compliance profession, as this document shows, is clearly not about the practice of law.  It is about building effective systems to prevent, find and fix problems, that are integrated into business processes.” 

Three Key Takeaways

  1. The DOJ Evaluation requires you to operationalize your compliance program.
  2. The DOJ Evaluation makes clear compliance is a business process.
  3. The DOJ Evaluation is significant for what it does not focus on, legal solutions or even legal language.


This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to